SIP.BYE.Message.Also.Transfer.Method.DoS
Description
This indicates an attack attempt against a denial-of-service vulnerability in the SIP channel driver in Asterisk.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted BYE message with an Also (Also transfer) header. It allows a remote attacker to trigger a NULL pointer dereference and cause a denial of service.
Affected Products
Asterisk Open Source versions prior to 1.4.17
Asterisk Business Edition versions prior to C.1.0-beta8
AsteriskNOW versions prior to beta7
Asterisk Appliance Developer Kit
Asterisk Appliance s800i versions prior to 1.0.3.4
Impact
Denial of service
Recommended Actions
Upgrade to the latest versions:
http://www.digium.com/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |