DoS Vulnerability in Asterisk

Jan 04, 2008

The makers of Asterisk, the Open Source phone system, have removed a bug that allowed denial of service attacks under certain circumstances.

The vulnerability affected the SIP channel driver, more specifically the "BYE with Also" transfer method. A faulty null-pointer dereference could be exploited to crash the application using a carefully crafted BYE message. The attack needed an existing connection.

All 1.4.x versions of Asterisk Open Source, all C.x.x versions of the Business Edition, the pre-release versions of AsteriskNOW, the Asterisk Appliance Developer Kit prior to version 1.4 revision 95946 and the Asterisk Appliance s800i up to version 1.0.3.4 are all affected by the bug.

Updates are available from the website for the Open Source applications. Updates for commercial versions will be provided via standard support channels.

Related content

  • AsteriskNOW 1.5 Based on CentOS

    AsteriskNOW, a Linux distro for telephony setups that includes GPL-licensed Asterisk, is now available in version 1.5.

    more »
  • Skype Plugin for Asterisk

    Digium, makers of Asterisk telephony solutions, and VoIP provider Skype have announced a one-year development period for a Skype plugin to the free telephony service.

    more »
  • Vulnerabilities in OpenSSL

    Three security issues have been identified in the Open Source implementation of the SSL/TLS protocol, OpenSSL. The vulnerabilities allow targeted attacks.

    more »
  • Askerisk

    If you want advanced features without the expense, try a VoIP phone system. We’ll show you how to configure your own Asterisk telephone exchange server.

    more »
  • Samba Shuts Down Vulnerability in AD Interface

    The latest version of Samba, 3.0.26, removes a moderately critical vulnerability that only occurs in combination with Microsoft's Active Directory Service.

    more »
comments powered by Disqus

Issue 163/2014

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

Tag Cloud

Administration Community Desktop Events Hardware Kernel Linux Mobile Programming Red Hat Software Ubuntu Web Development Windows free software

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia