Asterisk telephony software may crash
The developers of the Asterisk Open Source telephony software have released versions 1.2.16 and 1.4.1, which close a hole that could be used to cause the service to crash. Attackers could exploit the bug to take down the software.
All they need to do is send a specially prepared REGISTER packet to SIP port 5060. The service then needs to be rebooted. A program that demonstrates the problem has already been published. If the service runs on embedded systems, the device may need to be rebooted. The developers recommend installing the new version as quickly as possible. In addition, the Shared Line Appearance (SLA) has been completely revised in version 1.4.1.
- Asterisk 1.4.1 Released, report by the Asterisk developers
- Asterisk 1.2.16 Released, report by the Asterisk developers