DoS Vulnerability in Asterisk

Jan 04, 2008

Jan Rähm

The makers of Asterisk, the Open Source phone system, have removed a bug that allowed denial of service attacks under certain circumstances.

The vulnerability affected the SIP channel driver, more specifically the "BYE with Also" transfer method. A faulty null-pointer dereference could be exploited to crash the application using a carefully crafted BYE message. The attack needed an existing connection.

All 1.4.x versions of Asterisk Open Source, all C.x.x versions of the Business Edition, the pre-release versions of AsteriskNOW, the Asterisk Appliance Developer Kit prior to version 1.4 revision 95946 and the Asterisk Appliance s800i up to version 1.0.3.4 are all affected by the bug.

Updates are available from the website for the Open Source applications. Updates for commercial versions will be provided via standard support channels.

News

Trojan Turns Raspberry Pi into a Cryptocurrency Mining Device

Two trojans in the wild are targeting Linux machines.
Fedora 26 Beta Comes with New Features

The workstation comes with the latest Gnome desktop environment and support for many application build systems.
Raspberry Pi Foundation Merges with CoderDojo Foundation

The two foundations join forces to expand their efforts to reach young people.
Samba Security Hole Patched but Risk is Bigger

Millions of devices that use Samba Server are vulnerable to attacks.
Red Hat Announces OpenShift.io

Red Hat takes its IDE online.
Microsoft Bakes Linux into Windows Server

Microsoft is slowly becoming a Linux vendor.
Fearless Coyote, Linux Kernel 4.11 is Out

The new kernel makes swap implementation more scalable, which will help cloud providers.
Docker Appoints Steve Singh CEO

The new CEO comes from a very strong SaaS background.
Docker Announces Linux Kit and Moby Project

Both projects help organizations build their own containerized systems.
Ubuntu Returns to Gnome as Its Mobile Plans Shatter

Mark Shuttleworth has resumed the position of CEO of Canonical.