Digium.Asterisk.T.38.Buffer.Overflow
Description
This indicates an attempt to exploit a remote code-execution vulnerability in Asterisk.
The vulnerability is caused by a stack-based buffer overflow in the process_sdp function in chan_sip.c. It allows remote attackers to execute arbitrary code.
Affected Products
Asterisk AsteriskNow Beta 5
Asterisk Asterisk 1.4.2
Asterisk Asterisk 1.4.1
Asterisk Asterisk 1.4 Beta
Asterisk Appliance Developers Kit 0.3
Impact
System compromise: Remote code execution.
Recommended Actions
Apply the patch, available from the following web sites:
Asterisk Asterisk 1.4 Beta
Asterisk Asterisk 1.4.1
Asterisk Asterisk 1.4.2
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-10-22 | 16.948 | Name:Asterisk. T. 38. Buffer. Overflow:Digium. Asterisk. T. 38. Buffer. Overflow |