A denial of service flaw was found in the way Asterisk processed malformed Contact headers in SIP calls. A remote attacker could use this flaw to cause asterisk server crash via specially-crafted Contact header sent in a reply upon initialization of a SIP call. References: [1] http://packetstormsecurity.org/files/view/101966/AST-2011-007.txt [2] http://seclists.org/fulldisclosure/2011/Jun/39 Upstream patch (against v1.8.x branch): [3] http://downloads.asterisk.org/pub/security/AST-2011-007-1.8.diff
This issue affects the version of the asterisk package, as shipped with Fedora release of 15 and as present within EPEL-6 repository. Please schedule and update. -- This issue did NOT affect the versions of the asterisk package (v1.6.2.17.2 based), as shipped with Fedora release of 13 and 14. Confirmation from Jonathan Rose of Asterisk upstream follows: " This is correct. Only 1.8 is affected and this is due to a major overhaul in the sip channel driver to handle URI parsing in a more generic fashion. I've tested crash causing exploits against 1.6 and 1.4 and neither were prone to the malformed URI attack."
Created asterisk tracking bugs for this issue Affects: fedora-15 [bug 710443] Affects: epel-6 [bug 710444]