vendor:
Asterisk
by:
Unknown
7.5
CVSS
HIGH
Segmentation Fault
Unknown
CWE
Product Name: Asterisk
Affected Version From: Unknown
Affected Version To: 1.2.15 and 1.4.0
Patch Exists: YES
Related CWE: Unknown
CPE: Unknown
Platforms Tested:
Unknown
Asterisk SIP Killer
This exploit causes Asterisk to segfault by sending a specially crafted REGISTER request. The bug that this exploit targets has been patched in release 1.2.16 and 1.4.1. The exploit sends a REGISTER request with specific headers and causes a segmentation fault in the register_verify function in chan_sip.c.
Mitigation:
Apply the patch provided in release 1.2.16 or 1.4.1 to fix the vulnerability.