|
Brought to you by:
Suppliers of:
|
|
|
| |
| By flooding an Asterisk server with IAX2 'POKE' requests, an attacker may eat up all call numbers associated with the IAX2 protocol on an Asterisk server and prevent other IAX2 calls from getting through. Due to the nature of the protocol, IAX2 POKE calls will expect an ACK packet in response to the PONG packet sent in response to the POKE. While waiting for this ACK packet, this dialog consumes an IAX2 call number, as the ACK packet must contain the same call number as was allocated and sent in the PONG. |
| |
Credit:
The information has been provided by Jeremy McNamara.
The original article can be found at: http://downloads.digium.com/pub/security/AST-2008-010.html
|
| |
Vulnerable Systems:
* Asterisk Open Source version 1.0.x
* Asterisk Open Source versions prior to 1.2.30
* Asterisk Open Source versions prior to 1.4.21.2
* Asterisk Business Edition version A.x.x
* Asterisk Business Edition versions prior to B.2.5.4
* Asterisk Business Edition versions prior to C.1.10.3
* AsteriskNOW pre-release
* Asterisk Appliance Developer Kit version 0.x.x
* s800i (Asterisk Appliance) versions prior to 1.2.0.1
Immune Systems:
* Asterisk Open Source version 1.2.30
* Asterisk Open Source version 1.4.21.2
* Asterisk Business Edition version B.2.5.4
* Asterisk Business Edition version C.1.10.3
* Asterisk Business Edition version C.2.0.3
* s800i (Asterisk Appliance) version 1.2.0.1
Resolution:
The implementation has been changed to no longer allocate an IAX2 call number for POKE requests. Instead, call number 1 has been reserved for all responses to POKE requests, and ACK packets referencing call number 1 will be silently dropped.
CVE Information:
CVE-2008-3263
|
|
|
|
|
