Two holes in Asterisk telephone system software closed
Two holes have been closed in Asterisk telephone system software; attackers were able to exploit these vulnerabilities to cause a system to crash. The first flaw occurred in the handling of SIP-INVITE packets with specially prepared headers that contained one valid and one invalid IP address in the Session Description Protocol (SDP). As an SIP-INVITE packet is the first to be sent when an SIP connection is set up, a single UDP packet is all it takes to bring down an SIP telephone or an entire system. This flaw has also been remedied in version 1.2.17.
The second type of crash occurs when answers are received from other systems if the SIP response code in the packet is set to 0. This flaw does not affect version 1.2.x. The developers advise users that operate an Asterisk system in a public, untrusted network to upgrade quickly. In addition, the developers have improved support for Shared Line Appearance (SLA).
Just two weeks ago, the developers of Asterisk had to release an update to close a DoS hole when flawed REGISTER packets tripped up the software.
- Asterisk 1.4.2 released, the release notes for Asterisk
- Asterisk SDP DOS vulnerability, security advisory from the Madynes Research Team
- Asterisk segfaults upon receipt of a certain SIP packet (SIP Response code 0), security advisory from Digium