In association with heise online

05 March 2007, 18:57

Asterisk telephony software may crash

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of the Asterisk Open Source telephony software have released versions 1.2.16 and 1.4.1, which close a hole that could be used to cause the service to crash. Attackers could exploit the bug to take down the software.

All they need to do is send a specially prepared REGISTER packet to SIP port 5060. The service then needs to be rebooted. A program that demonstrates the problem has already been published. If the service runs on embedded systems, the device may need to be rebooted. The developers recommend installing the new version as quickly as possible. In addition, the Shared Line Appearance (SLA) has been completely revised in version 1.4.1.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit