Signature Detail
Short Name |
VOIP:SIP:ASTERISK-RES-DOS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
VOIP |
Keywords |
Digium Asterisk SIP Invalid Response Code Denial of Service |
Release Date |
2011/07/27 |
Update Number |
1961 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
VOIP: Digium Asterisk SIP Invalid Response Code Denial of Service
This signature detects attempts to exploit a known vulnerability against Digium Asterisk SIP Invalid Response. A successful attack can result in a denial-of-service condition.
Extended Description
Asterisk is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain SIP packets. Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users. Asterisk versions prior to 1.2.18 and 1.4.3 are vulnerable to this issue.
Affected Products
- Asterisk 0.1.11
- Asterisk 0.1.7
- Asterisk 0.1.8
- Asterisk 0.1.9
- Asterisk 0.1.9 -1
- Asterisk 0.2.0
- Asterisk 0.3.0
- Asterisk 0.4.0
- Asterisk 0.7.0 .0
- Asterisk 0.7.1
- Asterisk 0.7.2
- Asterisk 0.9.0 .0
- Asterisk 1.0.0
- Asterisk 1.0.10
- Asterisk 1.0.11
- Asterisk 1.0.12
- Asterisk 1.0.6
- Asterisk 1.0.7
- Asterisk 1.0.8
- Asterisk 1.0.9
- Asterisk 1.2.0 .0-beta1
- Asterisk 1.2.0 .0-beta2
- Asterisk 1.2.10
- Asterisk 1.2.11
- Asterisk 1.2.13
- Asterisk 1.2.14
- Asterisk 1.2.15
- Asterisk 1.2.16
- Asterisk 1.2.17
- Asterisk 1.2.5
- Asterisk 1.2.6
- Asterisk 1.2.7
- Asterisk 1.2.8
- Asterisk 1.2.9
- Asterisk 1.4.1
- Asterisk 1.4.2
- Asterisk 1.4 Beta
- Asterisk Asterisk Appliance Developer Kit 0.4.0
- Asterisk Asterisk Business Edition A
- Asterisk Asterisk Business Edition B.1.3.2
- Asterisk AsteriskNow Beta 5
- Gentoo Linux
- SuSE Linux 10.1
- SuSE openSUSE 10.2
References
- BugTraq: 23093
- CVE: CVE-2007-1594