Another DoS Vulnerability in Asterisk

blog.sdamm.de

Monday, March 19. 2007

Another DoS Vulnerability in Asterisk

Only about two weeks after the last huge DoS vulnerability in Asterisk, I just stumbled across this bug on the Gentoo bugtracker:

Impact:

  • A remote individual can remotely crash and perform a Denial of Service(DoS) attack in all the services provided by the software by sending one crafted SIP INVITE message. This is conceptually similar to the "ping of death".

Affected Versions:

  • Asterisk 1.2.14, 1.2.15, 1.2.16
  • Asterisk 1.4.1
  • probably previous versions also

Right now I can't find anything on Securityfocus yet, but I'm pretty sure it will be there tomorrow morning. An immediate update is highly recommended.

Update[20/02/07]: Today I had some time to play around with the patch suggested in the patch. The patch mentioned in comment#1 did not work. So I dug into it a little deeper and found the correct patch. I posted working patches on the Gentoo bug. The svn version of asterisk is already patched, new releases 1.2.17 and 1.4.2 are already available for download, but there is no announcement at the moment.

Posted by Sebastian Damm at 22:05 | Comments (0) | Trackbacks (0)
Defined tags for this entry: , , , , ,
Related entries by tags:
Gibt es noch intelligentes Leben bei ProSieben?
Sparen mit der Bahn
Von der Musikindustrie verführt
HowTo resize a RAID1 partition
Alltag bei einem Netzbetreiber

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
You can use [geshi lang=lang_name [,ln={y|n}]][/lang] tags to embed source code snippets
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

BBCode format allowed
 
 
neu
new neu

Quicksearch

Tags

Weiterlesen

Archives

May 2013
April 2013
March 2013
Recent...
Older...

Blog abonnieren

Blog Administration

Open login screen

Sonstiges
Deprecated: Assigning the return value of new by reference is deprecated in /var/www/blog.sdamm.de/htdocs/include/plugin_api.inc.php on line 560 Deprecated: Assigning the return value of new by reference is deprecated in /var/www/blog.sdamm.de/htdocs/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php on line 464 Deprecated: Assigning the return value of new by reference is deprecated in /var/www/blog.sdamm.de/htdocs/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php on line 489 Deprecated: Assigning the return value of new by reference is deprecated in /var/www/blog.sdamm.de/htdocs/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php on line 533 Deprecated: Assigning the return value of new by reference is deprecated in /var/www/blog.sdamm.de/htdocs/plugins/serendipity_event_spamblock/serendipity_event_spamblock.php on line 870 Deprecated: Assigning the return value of new by reference is deprecated in /var/www/blog.sdamm.de/htdocs/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php on line 388 Deprecated: Assigning the return value of new by reference is deprecated in /var/www/blog.sdamm.de/htdocs/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php on line 432 Deprecated: Assigning the return value of new by reference is deprecated in /var/www/blog.sdamm.de/htdocs/bundled-libs/HTTP/Request.php on line 240 Deprecated: Assigning the return value of new by reference is deprecated in /var/www/blog.sdamm.de/htdocs/bundled-libs/HTTP/Request.php on line 337 Deprecated: Assigning the return value of new by reference is deprecated in /var/www/blog.sdamm.de/htdocs/bundled-libs/HTTP/Request.php on line 630 Deprecated: Assigning the return value of new by reference is deprecated in /var/www/blog.sdamm.de/htdocs/bundled-libs/HTTP/Request.php on line 653 Deprecated: Assigning the return value of new by reference is deprecated in /var/www/blog.sdamm.de/htdocs/plugins/serendipity_event_backendrss/serendipity_event_backendrss.php on line 160 Deprecated: Assigning the return value of new by reference is deprecated in /var/www/blog.sdamm.de/htdocs/plugins/serendipity_plugin_remoterss/serendipity_plugin_remoterss.php on line 51 Deprecated: Assigning the return value of new by reference is deprecated in /var/www/blog.sdamm.de/htdocs/plugins/serendipity_plugin_remoterss/serendipity_plugin_remoterss.php on line 410 Deprecated: Assigning the return value of new by reference is deprecated in /var/www/blog.sdamm.de/htdocs/plugins/serendipity_plugin_remoterss/serendipity_plugin_remoterss.php on line 476