DoS Vulnerability in Asterisk

Jan 04, 2008

The makers of Asterisk, the Open Source phone system, have removed a bug that allowed denial of service attacks under certain circumstances.

The vulnerability affected the SIP channel driver, more specifically the "BYE with Also" transfer method. A faulty null-pointer dereference could be exploited to crash the application using a carefully crafted BYE message. The attack needed an existing connection.

All 1.4.x versions of Asterisk Open Source, all C.x.x versions of the Business Edition, the pre-release versions of AsteriskNOW, the Asterisk Appliance Developer Kit prior to version 1.4 revision 95946 and the Asterisk Appliance s800i up to version 1.0.3.4 are all affected by the bug.

Updates are available from the website for the Open Source applications. Updates for commercial versions will be provided via standard support channels.

Related content

  • AsteriskNOW 1.5 Based on CentOS

    AsteriskNOW, a Linux distro for telephony setups that includes GPL-licensed Asterisk, is now available in version 1.5.

    more »
  • Skype Plugin for Asterisk

    Digium, makers of Asterisk telephony solutions, and VoIP provider Skype have announced a one-year development period for a Skype plugin to the free telephony service.

    more »
  • Vulnerabilities in OpenSSL

    Three security issues have been identified in the Open Source implementation of the SSL/TLS protocol, OpenSSL. The vulnerabilities allow targeted attacks.

    more »
  • Askerisk

    If you want advanced features without the expense, try a VoIP phone system. We’ll show you how to configure your own Asterisk telephone exchange server.

    more »
  • Vulnerability in GNU "tar"

    Linux distributor Red Hat has discovered a vulnerability in the GNU "tar" program that could allow attackers to overwrite files.

    more »
comments powered by Disqus

Issue 210/2018

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

DevOps

News

Tag Cloud

Administration Community Events Hardware Linux Linux New Media Linux Pro Magazine Mobile Programming Software Ubuntu Web Development Windows free software open source
njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia