Condorlab

Asterisk – Bug in chan_sip allows to generate a DoS in Asterisk products


Advisory IDRSN-SIP-1555


Vulnerability Information

 

A vulnerability in chan_sip allows to trigger a denial of service in Asterisk Open Source 11.X, 13.X and Certified Asterisk 11.6,13.8.


Release Date

2017-04-17 00:00:00

 

Asterisk is an open source framework for the creation of communications applications. Asterisk turns a normal computer into a communications server. Asterisk works with IP PBX systems, VoIP gateways, call centers, conference servers and other customized solutions.


Technical Information

 

This vulnerability identified with the CVE-2016-7551 allows under a custom sequence of SIP requests or manipulating the function of marking in chain_sip to exhaust the resources in a port due to the fact that it does not correctly release old memory fields generating a DoS.

 


Solutions

 

The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team Condor-Labs.com is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit www.redshiftnetworks.com


External Resources

 

Asterisk Project Security Advisory

http://downloads.asterisk.org/pub/security/AST-2016-007.html

Common Vulnerabilities and Exposures (CVE)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551