Vigil@nce: Asterisk, denial of service via IAX2 or Skinny
June 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use two vulnerabilities of Asterisk, in order to
create a denial of service.
– Severity: 2/4
– Creation date: 30/05/2012
IMPACTED PRODUCTS
– Asterisk Open Source
– Debian Linux
– Fedora
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in Asterisk.
When an established call is placed on hold with no "music-on-hold"
(with mohinterpret=passthrough), an invalid pointer is used in
IAX2, which stops the service. [severity:2/4; AST-2012-007,
BID-53722, CVE-2012-2947]
A remote attacker can close a SCCP/Skinny connection when the
server is in the state "Off hook", in order to dereference a NULL
pointer, which stops the service. [severity:2/4; AST-2012-008,
BID-53723, CVE-2012-2948]
An attacker can therefore use two vulnerabilities of Asterisk, in
order to create a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Asterisk-denial-of-service-via-IAX2-or-Skinny-11660