Intrusion Prevention

Digium.Asterisk.Skinny.Channel.Null.Pointer.Dereference.DoS

Description

This indicates an attack attempt to exploit a Denial of Service vulnerability in Digium Asterisk.
The vulnerability is due to an input validation error when handling closing of connection while the server is in a certain state. A remote attack may be able to exploit this to cause a denial of service condition on the affected system.

Affected Products

Digium Asterisk Open Source 1.8 prior to 1.8.12.1
Digium Asterisk Open Source 10 prior to 10.4.1

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply patch available from the website.
http://downloads.asterisk.org/pub/security/AST-2012-008.html

CVE References

CVE-2012-2948