Signature Detail
Short Name |
VOIP:SIP:SDP:HDR-BOF |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
VOIP |
Keywords |
Digium Asterisk SIP SDP Header Parsing Stack Buffer Overflow |
Release Date |
2013/11/20 |
Update Number |
2321 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
VOIP: Digium Asterisk SIP SDP Header Parsing Stack Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Digium Asterisk. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.
Extended Description
Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.
Affected Products
- asterisk open_source 11.0.0 (beta1)
- asterisk open_source 11.0.0 (beta2)
- asterisk open_source 11.0.0 (rc1)
- asterisk open_source 11.0.0 (rc2)
- asterisk open_source 11.0.1
- asterisk open_source 11.0.2
- asterisk open_source 11.1.0 (rc1)
- asterisk open_source 11.1.0 (rc3)
- asterisk open_source 11.1.1
- asterisk open_source 11.1.2
- asterisk open_source 11.2.0 (rc1)
- asterisk open_source 11.2.0 (rc2)
- asterisk open_source 11.2.1
References
- CVE: CVE-2013-2685