Intrusion Prevention

SDP.Invalid.RTP.Payload.Type.Number.Memory.Corruption

Description

This indicates an attempt to exploit a memory corruption vulnerability in Digium Asterisk.
The vulnerability is caused by insufficient validation of user-supplied data in the Session Description Protocol (SDP) payload.

Affected Products

Asterisk s800i Appliance 1.1 0
Asterisk AsteriskNow 1.0
Asterisk Asterisk Business Edition C.1.0-beta8
Asterisk Asterisk Business Edition C.1.0-beta7
Asterisk Asterisk Appliance Developer Kit 1.4
Asterisk Asterisk 1.4.17
Asterisk Asterisk 1.4.16
Asterisk Asterisk 1.4.15
Asterisk Asterisk 1.4.14
Asterisk Asterisk 1.4.13
Asterisk Asterisk 1.4.12
Asterisk Asterisk 1.4.11
Asterisk Asterisk 1.4.10
Asterisk Asterisk 1.4.9
Asterisk Asterisk 1.4.8
Asterisk Asterisk 1.4.7
Asterisk Asterisk 1.4.6
Asterisk Asterisk 1.4.5
Asterisk Asterisk 1.4.4
Asterisk Asterisk 1.4.3
Asterisk Asterisk 1.4.2
Asterisk Asterisk 1.4.1
Asterisk Asterisk 1.4 revision 95946
Asterisk Asterisk 1.4 Beta

Impact

System Compromise
Denial of Service

Recommended Actions

Apply the latest update from the vendor:
http://downloads.digium.com/pub/security/AST-2008-002.html

CVE References

CVE-2008-1289