Intrusion Prevention

SIP.BYE.Message.Also.Transfer.Method.DoS

Description

This indicates an attack attempt against a denial-of-service vulnerability in the SIP channel driver in Asterisk.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted BYE message with an Also (Also transfer) header. It allows a remote attacker to trigger a NULL pointer dereference and cause a denial of service.

Affected Products

Asterisk Open Source versions prior to 1.4.17
Asterisk Business Edition versions prior to C.1.0-beta8
AsteriskNOW versions prior to beta7
Asterisk Appliance Developer Kit
Asterisk Appliance s800i versions prior to 1.0.3.4

Impact

Denial of service

Recommended Actions

Upgrade to the latest versions:
http://www.digium.com/

CVE References

CVE-2008-0095