Release date: 2011-12-08
Updated on: 2011-12-09
Affected Systems:
Asterisk 1.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 50989
Asterisk is a free and open-source software that enables the Telephone User Switch (PBX) function.
Asterisk has a security vulnerability in implementation. Attackers can exploit this vulnerability to cause invalid memory locations for server reference and DOS.
When the "automon" feature in features. conf is enabled, the SIP request sequence may be sent, resulting in Null Pointer Reference and crash.
<* Source: Terry Wilson
Link: http://seclists.org/fulldisclosure/2011/Dec/255
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Asterisk
--------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://downloads.asterisk.org/pub/security/