SDP.Invalid.RTP.Payload.Type.Number.Memory.Corruption
Description
This indicates an attempt to exploit a memory corruption vulnerability in Digium Asterisk.
The vulnerability is caused by insufficient validation of user-supplied data in the Session Description Protocol (SDP) payload.
Affected Products
Asterisk s800i Appliance 1.1 0
Asterisk AsteriskNow 1.0
Asterisk Asterisk Business Edition C.1.0-beta8
Asterisk Asterisk Business Edition C.1.0-beta7
Asterisk Asterisk Appliance Developer Kit 1.4
Asterisk Asterisk 1.4.17
Asterisk Asterisk 1.4.16
Asterisk Asterisk 1.4.15
Asterisk Asterisk 1.4.14
Asterisk Asterisk 1.4.13
Asterisk Asterisk 1.4.12
Asterisk Asterisk 1.4.11
Asterisk Asterisk 1.4.10
Asterisk Asterisk 1.4.9
Asterisk Asterisk 1.4.8
Asterisk Asterisk 1.4.7
Asterisk Asterisk 1.4.6
Asterisk Asterisk 1.4.5
Asterisk Asterisk 1.4.4
Asterisk Asterisk 1.4.3
Asterisk Asterisk 1.4.2
Asterisk Asterisk 1.4.1
Asterisk Asterisk 1.4 revision 95946
Asterisk Asterisk 1.4 Beta
Impact
System Compromise
Denial of Service
Recommended Actions
Apply the latest update from the vendor:
http://downloads.digium.com/pub/security/AST-2008-002.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |