DoS Vulnerability in Asterisk

Jan 04, 2008

The makers of Asterisk, the Open Source phone system, have removed a bug that allowed denial of service attacks under certain circumstances.

The vulnerability affected the SIP channel driver, more specifically the "BYE with Also" transfer method. A faulty null-pointer dereference could be exploited to crash the application using a carefully crafted BYE message. The attack needed an existing connection.

All 1.4.x versions of Asterisk Open Source, all C.x.x versions of the Business Edition, the pre-release versions of AsteriskNOW, the Asterisk Appliance Developer Kit prior to version 1.4 revision 95946 and the Asterisk Appliance s800i up to version 1.0.3.4 are all affected by the bug.

Updates are available from the website for the Open Source applications. Updates for commercial versions will be provided via standard support channels.

Related content

  • AsteriskNOW 1.5 Based on CentOS

    AsteriskNOW, a Linux distro for telephony setups that includes GPL-licensed Asterisk, is now available in version 1.5.

    more »
  • Skype Plugin for Asterisk

    Digium, makers of Asterisk telephony solutions, and VoIP provider Skype have announced a one-year development period for a Skype plugin to the free telephony service.

    more »
  • Askerisk

    If you want advanced features without the expense, try a VoIP phone system. We’ll show you how to configure your own Asterisk telephone exchange server.

    more »
  • Asterisk

    An old computer is all you need to build your own do-it-yourself personal phone server.

    more »
  • Free Software Projects

    Free software covers such a diverse range of utilities, applications, and projects, that it can be hard to find the perfect tool. We pick the best of the bunch. This month we examine Bluefish, Bidwatcher, KWappen, Capi4BSD, and current events at the Debian project.

    more »
comments powered by Disqus

Issue 161/2014

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

Tag Cloud

Administration Community Desktop Events Hardware Kernel Linux Mobile Programming Red Hat Software Ubuntu Web Development Windows free software

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia