asterisk

• Author: voroskoi
• Vulnerable: 1.4.8-1terminus1
• Unaffected: 1.4.11-1terminus1

Three vulnerabilities has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).

1. The vulnerability is caused due to the IAX2 Channel Driver improperly processing “NEW” packets. This can be exploited to allocate resources that are never freed by sending multiple “NEW” packets for valid extensions to the server. Successful exploitation results in a DoS, but requires that the IAX2 Channel Driver is configured to allow unauthenticated calls.
2. The vulnerability is caused due to the Skinny channel driver (chan_skinny) improperly processing packets. This can be exploited to crash the application by sending a “CAPABILITIES_RES_MESSAGE” packet with the capabilities count greater than the total number of items in the “capabilities_res_message” array.
3. The vulnerability is caused due to the SIP Dialog History of SIP channel driver (chan_sip) recording all history items (88 bytes per item) in memory. This can be exploited to cause a DoS due to memory exhaustion by causing a high amount of logged items.

• Bug Tracker URL: http://bugs.frugalware.org/task/2328

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4103
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4280
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4455