Intrusion Prevention

Asterisk.Chan.Skinny.Large.Memcpy.DoS

Description

This indicates an attack attempt against a Denial of Service vulnerability in the Skinny channel driver (chan_skinny) in Asterisk.
The vulnerability is caused by an error when the vulnerable software handles a crafted packet with certain data length value. A remote attack may be able to exploit this to cause a denial of service condition on the affected system via a crafted packet.

Affected Products

Asterisk AsteriskNow Beta 6
Asterisk AsteriskNow Beta 5
Asterisk Asterisk Business Edition B.2.2.0
Asterisk Asterisk Business Edition B.1.3.3
Asterisk Asterisk Business Edition B.1.3.2
Asterisk Asterisk Business Edition A
Asterisk Asterisk Appliance Developer Kit 0.4
Asterisk Asterisk 1.4.7
Asterisk Asterisk 1.4.4
Asterisk Asterisk 1.4.3
Asterisk Asterisk 1.4.2
Asterisk Asterisk 1.4.1
Asterisk Asterisk 1.2.21
Asterisk Asterisk 1.2.19
Asterisk Asterisk 1.2.18
Asterisk Asterisk 1.2.17
Asterisk Asterisk 1.2.16
Asterisk Asterisk 1.2.15
Asterisk Asterisk 1.2.14
Asterisk Asterisk 1.2.13
Asterisk Asterisk 1.2.11
Asterisk Asterisk 1.2.11
Asterisk Asterisk 1.2.10
Asterisk Asterisk 1.2 .0-beta2
Asterisk Asterisk 1.2 .0-beta1
Asterisk Asterisk 1.0.12
Asterisk Asterisk 1.0.11
Asterisk Asterisk 1.0.10
Asterisk Asterisk 1.0.9
Asterisk Asterisk 1.0.8
Asterisk Asterisk 1.0.7
Asterisk Asterisk 1.0.6
Asterisk Asterisk 1.0
Asterisk Asterisk B.2.1
Asterisk Asterisk 1.4 Beta
Asterisk Appliance Developers Kit 0.3

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Upgrade to the latest versions:
http://www.digium.com

CVE References

CVE-2007-3764