Signature Detail
Short Name |
APP:DIGIUM-IAX2-POKE-DOS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Digium Asterisk IAX2 POKE Request Denial of Service |
Release Date |
2011/07/25 |
Update Number |
1960 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: Digium Asterisk IAX2 POKE Request Denial of Service
This signature detects attempts to exploit a known vulnerability against Digium Asterisk. A successful attack can result in a denial-of-service condition.
Extended Description
Asterisk is prone to a remote denial-of-service vulnerability because it fails to handle multiple 'POKE' requests in quick succession. Attackers can exploit this issue by sending a persistent stream of 'POKE' requests that will consume processor resources and deny service to legitimate users. NOTE: By default, 'POKE' requests are not logged by Asterisk.
Affected Products
- Asterisk 0.1.11
- Asterisk 0.1.7
- Asterisk 0.1.8
- Asterisk 0.1.9
- Asterisk 0.1.9 -1
- Asterisk 0.2.0
- Asterisk 0.3.0
- Asterisk 0.4.0
- Asterisk 0.4.1
- Asterisk 0.7.0 .0
- Asterisk 0.7.1
- Asterisk 0.7.2
- Asterisk 0.9.0 .0
- Asterisk 1.0.0
- Asterisk 1.0.10
- Asterisk 1.0.11
- Asterisk 1.0.12
- Asterisk 1.0.3.4
- Asterisk 1.0.6
- Asterisk 1.0.7
- Asterisk 1.0.8
- Asterisk 1.0.9
- Asterisk 1.2.0 .0-beta1
- Asterisk 1.2.0 .0-beta2
- Asterisk 1.2.10
- Asterisk 1.2.11
- Asterisk 1.2.13
- Asterisk 1.2.14
- Asterisk 1.2.15
- Asterisk 1.2.16
- Asterisk 1.2.17
- Asterisk 1.2.18
- Asterisk 1.2.19
- Asterisk 1.2.21
- Asterisk 1.2.22
- Asterisk 1.2.23
- Asterisk 1.2.24
- Asterisk 1.2.25
- Asterisk 1.2.26
- Asterisk 1.2.27
- Asterisk 1.2.28
- Asterisk 1.2.29
- Asterisk 1.2.5
- Asterisk 1.2.6
- Asterisk 1.2.7
- Asterisk 1.2.8
- Asterisk 1.2.9
- Asterisk 1.4.1
- Asterisk 1.4.10
- Asterisk 1.4.11
- Asterisk 1.4.12
- Asterisk 1.4.13
- Asterisk 1.4.14
- Asterisk 1.4.15
- Asterisk 1.4.16
- Asterisk 1.4.17
- Asterisk 1.4.18
- Asterisk 1.4.18.1
- Asterisk 1.4.19
- Asterisk 1.4.19.1
- Asterisk 1.4.19-Rc3
- Asterisk 1.4.2
- Asterisk 1.4.3
- Asterisk 1.4.4
- Asterisk 1.4.5
- Asterisk 1.4.6
- Asterisk 1.4.7
- Asterisk 1.4.8
- Asterisk 1.4.9
- Asterisk 1.4 Beta
- Asterisk 1.4 Revision 95946
- Asterisk 1.6
- Asterisk 1.6.0 Beta6
- Asterisk B.2.1
- Asterisk B.2.2.0
- Asterisk B.2.3.6
- Asterisk C.1.0
- Asterisk C.1.0-beta8
- Asterisk
- Asterisk Asterisk Business Edition A
- Asterisk Asterisk Business Edition B
- Asterisk Asterisk Business Edition B.1.3.2
- Asterisk Asterisk Business Edition B.1.3.3
- Asterisk Asterisk Business Edition B.2.2.0
- Asterisk Asterisk Business Edition B.2.2.1
- Asterisk Asterisk Business Edition B.2.3.1
- Asterisk Asterisk Business Edition B.2.3.2
- Asterisk Asterisk Business Edition B.2.3.3
- Asterisk Asterisk Business Edition B.2.3.4
- Asterisk Asterisk Business Edition B.2.3.6
- Asterisk Asterisk Business Edition B.2.5.1
- Asterisk Asterisk Business Edition B.2.5.2
- Asterisk Asterisk Business Edition B.2.5.3
- Asterisk Asterisk Business Edition C
- Asterisk Asterisk Business Edition C.1.0-beta7
- Asterisk Asterisk Business Edition C.1.0-beta8
- Asterisk Asterisk Business Edition C.1.6
- Asterisk Asterisk Business Edition C.1.6.1
- Asterisk Asterisk Business Edition C.1.6.2
- Asterisk Asterisk Business Edition C.1.8.1
- Gentoo Linux
References
- BugTraq: 30321
- CVE: CVE-2008-3263