Signature Detail

VOIP: Asterisk Skinny Channel Driver Remote Denial of Service

This signature detects attempts to exploit a known vulnerability against Asterisk Skinny Channel Driver. A successful attack can result in a denial-of-service condition.

Extended Description

Asterisk is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain specially crafted packets. Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users. These versions are vulnerable: Asterisk Open Source prior to 1.4.10 AsteriskNOW pre-release prior to beta7 Asterisk Appliance Developer Kit prior to 0.7.0 Asterisk s800i (Asterisk Appliance) prior to 1.0.3

Affected Products

• Asterisk 1.4.1
• Asterisk 1.4.2
• Asterisk 1.4.3
• Asterisk 1.4.4
• Asterisk 1.4.7
• Asterisk 1.4.8
• Asterisk 1.4.9
• Asterisk 1.4 Beta
• Asterisk Asterisk Appliance Developer Kit 0.2.0
• Asterisk Asterisk Appliance Developer Kit 0.3.0
• Asterisk Asterisk Appliance Developer Kit 0.4.0
• Asterisk Asterisk Appliance Developer Kit 0.5.0
• Asterisk Asterisk Appliance Developer Kit 0.6.0
• Asterisk AsteriskNow Beta 5
• Asterisk AsteriskNow Beta 6
• Asterisk s800i Appliance 1.0.0
• Asterisk s800i Appliance 1.0.1
• Asterisk s800i Appliance 1.0.2

References

• BugTraq: 25228
• BugTraq: 24950
• CVE: CVE-2007-4280
• CVE: CVE-2007-3764