ID de Prueba:	1.3.6.1.4.1.25623.1.0.9999991
Categoría:	Denial of Service
Título:	Asterisk PBX NULL Pointer Dereference Overflow
Resumen:	Asterisk PBX is prone to a remote buffer overflow vulnerability.
Descripción:	Summary: Asterisk PBX is prone to a remote buffer overflow vulnerability. Vulnerability Insight: The application suffers from a null pointer dereference overflow in the SIP service. Vulnerability Impact: When sending a malformed SIP packet with no URI and version in the request an attacker can trigger a Denial of Service and shutdown the application resulting in a loss of availability. Solution: Upgrade to Asterisk PBX release 1.4.1 or 1.2.16. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1306 BugTraq ID: 22838 http://www.securityfocus.com/bid/22838 CERT/CC vulnerability note: VU#228032 http://www.kb.cert.org/vuls/id/228032 Debian Security Information: DSA-1358 (Google Search) http://www.debian.org/security/2007/dsa-1358 http://security.gentoo.org/glsa/glsa-200703-14.xml http://labs.musecurity.com/advisories/MU-200703-01.txt http://www.osvdb.org/33888 http://www.securitytracker.com/id?1017723 http://secunia.com/advisories/24380 http://secunia.com/advisories/24578 http://secunia.com/advisories/25582 SuSE Security Announcement: SUSE-SA:2007:034 (Google Search) http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://www.vupen.com/english/advisories/2007/0830 XForce ISS Database: asterisk-sip-channeldriver-dos(32830) https://exchange.xforce.ibmcloud.com/vulnerabilities/32830
Copyright	Copyright (C) 2008 Ferdy Riphagen

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.