Signature Detail
Short Name |
VOIP:SIP:ASTERISK-SDP-MEDIA-DOS |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
VOIP |
Keywords |
Digium Asterisk SIP Invalid SDP Media Descriptions Denial of Service |
Release Date |
2013/10/24 |
Update Number |
2314 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
VOIP: Digium Asterisk SIP Invalid SDP Media Descriptions Denial of Service
This signature detects attempts to exploit a known vulnerability against Digium Asterisk. A successful attack can result in a denial-of-service condition.
Extended Description
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.
Affected Products
- digium asterisk 10.10.0 (rc1)
- digium asterisk 10.10.0 (rc2)
- digium asterisk 10.11.0 (rc1)
- digium asterisk 10.11.0 (rc2)
- digium asterisk 10.11.0 (rc3)
- digium asterisk 10.12.0 (rc1)
- digium asterisk 10.12.0 (rc2)
- digium asterisk 10.12.1
- digium asterisk 10.12.2
- digium asterisk 11.0.0 (beta1)
- digium asterisk 11.0.0 (beta2)
- digium asterisk 11.0.0 (rc1)
- digium asterisk 11.0.0 (rc2)
- digium asterisk 11.0.1
- digium asterisk 11.0.2
- digium asterisk 11.1.0 (rc1)
- digium asterisk 11.1.0 (rc3)
- digium asterisk 11.1.1
- digium asterisk 11.1.2
- digium asterisk 11.2.0 (rc1)
- digium asterisk 11.2.0 (rc2)
- digium asterisk 11.3.0 (rc1)
- digium asterisk 11.3.0 (rc2)
- digium asterisk 11.4.0 (rc1)
- digium asterisk 11.4.0 (rc2)
- digium asterisk 11.4.0 (rc3)
- digium asterisk 11.5.0 (rc1)
- digium asterisk 11.5.0 (rc2)
- digium asterisk 11.5.1
- digium asterisk 1.8.17.0 (rc1)
- digium asterisk 1.8.17.0 (rc2)
- digium asterisk 1.8.17.0 (rc3)
- digium asterisk 1.8.18.0 (rc1)
- digium asterisk 1.8.18.1
- digium asterisk 1.8.19.0 (rc1)
- digium asterisk 1.8.19.0 (rc3)
- digium asterisk 1.8.19.1
- digium asterisk 1.8.20.0 (rc1)
- digium asterisk 1.8.20.0 (rc2)
- digium asterisk 1.8.21.0 (rc1)
- digium asterisk 1.8.21.0 (rc2)
- digium asterisk 1.8.22.0 (rc1)
- digium asterisk 1.8.22.0 (rc2)
- digium asterisk 1.8.23.0 (rc1)
- digium asterisk 1.8.23.0 (rc2)
- digium asterisk_digiumphones 10.0.0 (rc1)
- digium asterisk_digiumphones 10.0.0 (rc2)
- digium asterisk_digiumphones 10.11.0 (rc1)
- digium asterisk_digiumphones 10.11.0 (rc2)
- digium asterisk_digiumphones 10.11.0 (rc3)
- digium asterisk_digiumphones 10.12.0 (rc1)
- digium asterisk_digiumphones 10.12.0 (rc2)
- digium asterisk_digiumphones 10.12.1
- digium asterisk_digiumphones 10.12.2
- digium certified_asterisk 11.2.0 (cert1)
- digium certified_asterisk 11.2.0 (rc1)
- digium certified_asterisk 11.2.0 (rc2)
- digium certified_asterisk 1.8.15 (cert1)
- digium certified_asterisk 1.8.15 (cert1-rc1)
- digium certified_asterisk 1.8.15 (cert1-rc2)
- digium certified_asterisk 1.8.15 (cert1-rc3)
- digium certified_asterisk 1.8.15 (cert2)
- digium certified_asterisk 1.8.15 (rc1)
References
- BugTraq: 62022
- CVE: CVE-2013-5642