Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 VOIP:SIP:DIGIUM-ASTERISK-DOS

Severity

 Medium

Recommended

 Yes

Recommended Action

 Drop

Category

 VOIP

Keywords

 Digium Asterisk SIP Terminated Channel ACK with SDP Denial of Service

Release Date

 2013/10/24

Update Number

 2313

Supported Platforms

 idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

VOIP: Digium Asterisk SIP Terminated Channel ACK with SDP Denial of Service


This signature detects attempts to exploit a known vulnerability against Asterisk Open Source and Certified Asterisk. A successful attack can result in a denial-of-service condition.

Extended Description

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.

Affected Products

  • digium asterisk 11.0.0 (beta1)
  • digium asterisk 11.0.0 (beta2)
  • digium asterisk 11.0.0 (rc1)
  • digium asterisk 11.0.0 (rc2)
  • digium asterisk 11.0.1
  • digium asterisk 11.0.2
  • digium asterisk 11.1.0 (rc1)
  • digium asterisk 11.1.0 (rc3)
  • digium asterisk 11.1.1
  • digium asterisk 11.1.2
  • digium asterisk 11.2.0 (rc1)
  • digium asterisk 11.2.0 (rc2)
  • digium asterisk 11.3.0 (rc1)
  • digium asterisk 11.3.0 (rc2)
  • digium asterisk 11.4.0 (rc1)
  • digium asterisk 11.4.0 (rc2)
  • digium asterisk 11.4.0 (rc3)
  • digium asterisk 11.5.0 (rc1)
  • digium asterisk 11.5.0 (rc2)
  • digium asterisk 11.5.1
  • digium asterisk 1.8.17.0 (rc1)
  • digium asterisk 1.8.17.0 (rc2)
  • digium asterisk 1.8.17.0 (rc3)
  • digium asterisk 1.8.18.0 (rc1)
  • digium asterisk 1.8.18.1
  • digium asterisk 1.8.19.0 (rc1)
  • digium asterisk 1.8.19.0 (rc3)
  • digium asterisk 1.8.19.1
  • digium asterisk 1.8.20.0 (rc1)
  • digium asterisk 1.8.20.0 (rc2)
  • digium asterisk 1.8.21.0 (rc1)
  • digium asterisk 1.8.21.0 (rc2)
  • digium asterisk 1.8.22.0 (rc1)
  • digium asterisk 1.8.22.0 (rc2)
  • digium asterisk 1.8.23.0 (rc1)
  • digium asterisk 1.8.23.0 (rc2)
  • digium certified_asterisk 11.2.0 (cert1)
  • digium certified_asterisk 11.2.0 (rc1)
  • digium certified_asterisk 11.2.0 (rc2)
  • digium certified_asterisk 1.8.15 (cert1)
  • digium certified_asterisk 1.8.15 (cert1-rc1)
  • digium certified_asterisk 1.8.15 (cert1-rc2)
  • digium certified_asterisk 1.8.15 (cert1-rc3)
  • digium certified_asterisk 1.8.15 (cert2)
  • digium certified_asterisk 1.8.15 (rc1)

References

  • BugTraq: 62021
  • CVE: CVE-2013-5641

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out