Threat Encyclopedia

Digium.Asterisk.SIP.Invalid.SDP.Media.Descriptions.DoS

description-logoDescription

This indicates an attack attempt to exploit a Denial of Service vulnerability in Asterisk Open Source, Certified Asterisk and Asterisk with Digiumphones.
The vulnerability is due to an error in the SIP channel driver when the vulnerable software handles an invalid SDP sent in a SIP request. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system.

affected-products-logoAffected Products

Digium Asterisk Digiumphones Prior to 10.12.3-digiumphones
Digium Asterisk Open Source Prior to 1.8.23.1
Digium Asterisk Open Source Prior to 10.12.3
Digium Asterisk Open Source Prior to 11.5.1
Digium Certified Asterisk Prior to 1.8.15-cert3
Digium Certified Asterisk Prior to 11.2-cert2

Impact logoImpact

Denial of Service: Remote attackers can crash vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
http://downloads.asterisk.org/pub/security/AST-2013-005.html

CVE References

CVE-2013-5642

Telemetry logoTelemetry