1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA32956

Asterisk IAX2 User Authentication Denial of Service

Report ID: SA32956
Source: Secunia
Date of Discovery: 11.12.2008
Criticality: Low
Affects:
Asterisk 1.x
Asterisk Business Edition 2.x
Compromise From: From local network
Compromise Type: DoS

Summary

A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).

Detailed Description

A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the IAX2 implementation when handling realtime IAX2 users. This can be exploited to crash the Asterisk server by e.g. trying to authenticate as unknown user or as user using hostname matching.

The vulnerability is reported in Asterisk Open Source 1.2.26 through 1.2.30.3 and Asterisk Business Edition B.2.3.5 through B.2.5.5.

Solution

Asterisk Open Source:
Update to version 1.2.30.4.

Asterisk Business Edition:
Update to version B.2.5.6.