Actu
Vigil@nce: Asterisk, denial of service in pedantic mode
March 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
When Asterisk is configured in pedantic mode, an authenticated
attacker can stop it.
Gravity: 1/4
Consequences: denial of service of service
Provenance: user account
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: low (1/3)
Creation date: 11/03/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
When Asterisk is configured in pedantic mode, additional checks
are done on messages.
One of these checks is to compare response headers and query
headers. However, if a header is missing, Asterisk dereferences a
NULL pointer.
When Asterisk is configured in pedantic mode, an authenticated
attacker can thus stop it.
CHARACTERISTICS
Identifiers: AST-2009-002, BID-34070, VIGILANCE-VUL-8528
http://vigilance.fr/vulnerability/Asterisk-denial-of-service-in-pedantic-mode-8528
