DoS Vulnerability in Asterisk

Jan 04, 2008

Jan Rähm

The makers of Asterisk, the Open Source phone system, have removed a bug that allowed denial of service attacks under certain circumstances.

The vulnerability affected the SIP channel driver, more specifically the "BYE with Also" transfer method. A faulty null-pointer dereference could be exploited to crash the application using a carefully crafted BYE message. The attack needed an existing connection.

All 1.4.x versions of Asterisk Open Source, all C.x.x versions of the Business Edition, the pre-release versions of AsteriskNOW, the Asterisk Appliance Developer Kit prior to version 1.4 revision 95946 and the Asterisk Appliance s800i up to version 1.0.3.4 are all affected by the bug.

Updates are available from the website for the Open Source applications. Updates for commercial versions will be provided via standard support channels.

Related content

AsteriskNOW 1.5 Based on CentOS

AsteriskNOW, a Linux distro for telephony setups that includes GPL-licensed Asterisk, is now available in version 1.5.

more »
Skype Plugin for Asterisk

Digium, makers of Asterisk telephony solutions, and VoIP provider Skype have announced a one-year development period for a Skype plugin to the free telephony service.

more »
Vulnerabilities in OpenSSL

Three security issues have been identified in the Open Source implementation of the SSL/TLS protocol, OpenSSL. The vulnerabilities allow targeted attacks.

more »
Askerisk

If you want advanced features without the expense, try a VoIP phone system. We’ll show you how to configure your own Asterisk telephone exchange server.

more »
Vulnerability in GNU "tar"

Linux distributor Red Hat has discovered a vulnerability in the GNU "tar" program that could allow attackers to overwrite files.

more »

comments powered by Disqus

Issue 30: Getting Started with Linux/Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99

(incl. VAT)

DevOps

Reinvent your network with DevOps tools and techniques:

Opportunities and Risks: Containers for DevOps
Automated Builds Using CentOS 7 and Kickstart
Elasticsearch, Logstash, and Kibana – The ELK stack
Are you ready for DevOps? Try your luck with the beta version of Linux Professional Institute's new DevOps exam.

News

Linux Comes to Windows

Run multiple Linux distributions in Windows 10.
Docker Embraces Kubernetes

Docker , Kubernetes , orchestration

Docker is now offering Kubernetes as an orchestration platform.
Kubernetes 1.8 Announced

The new release comes with two new features for better security.
Final Ubuntu Desktop 17.10 Beta Arrives

Community , Desktop

Ubuntu completes the cycle of life and goes back to letter A and Gnome.
Linus Torvalds Invites Attackers to Join the Kernel Community

He wants attackers to join the community instead of attacking the code.
Oracle Donating Java EE to the Eclipse Foundation

Oracle is recommending a new name for the Java Enterprise Edition platform.
Reddit Closing Doors to Open Source

The peanut gallery of the Internet is closing its open source repository.
Largest Open Source Summit to Date Around the Corner

LinuxCon is now Open Source Summit.
Gnome is Celebrating it’s 20th Birthday

Gnome

More than 33 releases since the first release of Gnome.
SQL Server Comes to RHEL; OpenShift Comes to Azure

Microsoft and Red Hat expand their partnership.