BID:51581

Asterisk SRTP Video Denial Of Service Vulnerability

Info

Asterisk SRTP Video Denial Of Service Vulnerability

Bugtraq ID:	51581
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2012-0885
Remote:	Yes
Local:	No
Published:	Jan 20 2012 12:00AM
Updated:	Feb 27 2012 05:50PM
Credit:	Catalin Sanda
Vulnerable:	Gentoo Linux Asterisk Asterisk 1.8.4 2 Asterisk Asterisk 1.8.4 1 Asterisk Asterisk 1.8.2 4 Asterisk Asterisk 1.8.1 Asterisk Asterisk 1.8 Asterisk Asterisk 10.0 Asterisk Asterisk 1.8.7.2 Asterisk Asterisk 1.8.7.1 Asterisk Asterisk 1.8.4.4 Asterisk Asterisk 1.8.4.3 Asterisk Asterisk 1.8.3.3 Asterisk Asterisk 1.8.3.1 Asterisk Asterisk 1.8.2.1 Asterisk Asterisk 1.8.1.2 Asterisk Asterisk 1.8

Not Vulnerable:	Asterisk Asterisk 10.0.1 Asterisk Asterisk 1.8.8 2

Discussion

Asterisk SRTP Video Denial Of Service Vulnerability

Asterisk is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to cause the server to crash, resulting in a denial-of-service condition.

Asterisk versions prior to 10.0.1 and 1.8.8.2 are affected.

Exploit / POC

Asterisk SRTP Video Denial Of Service Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Asterisk SRTP Video Denial Of Service Vulnerability

Solution:
Updates are available. Please see the references for more information.

References

Asterisk SRTP Video Denial Of Service Vulnerability

References:

Asterisk Homepage (Asterisk)
Asterisk Project Security Advisory - AST-2012-001 (Asterisk)