Bug#435521: Asterisk SIP DOS Vulnerability
Massimiliano Toce
massimiliano.toce at gmail.com
Wed Aug 1 10:40:01 UTC 2007
Package: asterisk
Version: 1:1.2.13~dfsg-2
Severity: critical
Tags: security
Asterisk crashes when handles a REGISTER message with no URI and no
SIP-Version. See http://labs.musecurity.com/advisories/MU-200703-01.txt for
more details.
We found it using S.T.R.E.S.S.: a software for security testing
(http://lart.det.unifi.it/Members/rosi/stress
). We are using Debian GNU/Linux 4.0, kernel 2.6.18-4-686.
regards,
Massimiliano Toce, Leonardo Maccari, Matteo Rosi
--
Studente presso l'Università degli Studi di Firenze
Recapiti:
tel: 3285831606
e-mail: massimiliano.toce at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20070801/f22519ae/attachment.htm
More information about the Pkg-voip-maintainers
mailing list