Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
VOIP:SIP:ASTERISK-RTCP-RCE |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
VOIP |
Keywords |
Digium Asterisk Compound RTCP Out-Of-Bounds Write |
Release Date |
2018/01/18 |
Update Number |
3027 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
VOIP: Digium Asterisk Compound RTCP Out-Of-Bounds Write
This signature detects attempts to exploit a known out-of-bounds vulnerability in Digium Asterisk. A remote, authenticated attacker can exploit this vulnerability by sending a specially crafted RTCP packet to the target server. Successful exploitation could cause denial-of-service conditions or, in the worst case, arbitrary code execution in the security context of Asterisk.
Extended Description
A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.
Affected Products
- Digium asterisk 13.0.0
- Digium asterisk 13.0.1
- Digium asterisk 13.0.2
- Digium asterisk 13.1.0
- Digium asterisk 13.10.0
- Digium asterisk 13.1.1
- Digium asterisk 13.11.0
- Digium asterisk 13.11.1
- Digium asterisk 13.11.2
- Digium asterisk 13.12
- Digium asterisk 13.12.0
- Digium asterisk 13.12.1
- Digium asterisk 13.12.2
- Digium asterisk 13.13
- Digium asterisk 13.13.0
- Digium asterisk 13.13.1
- Digium asterisk 13.14.0
- Digium asterisk 13.14.1
- Digium asterisk 13.15.0
- Digium asterisk 13.15.1
- Digium asterisk 13.16.0
- Digium asterisk 13.17.0
- Digium asterisk 13.17.1
- Digium asterisk 13.17.2
- Digium asterisk 13.18.0
- Digium asterisk 13.18.1
- Digium asterisk 13.18.2
- Digium asterisk 13.18.3
- Digium asterisk 13.2.0
- Digium asterisk 13.2.1
- Digium asterisk 13.3.0
- Digium asterisk 13.3.1
- Digium asterisk 13.3.2
- Digium asterisk 13.4.0
- Digium asterisk 13.5.0
- Digium asterisk 13.6.0
- Digium asterisk 13.7.0
- Digium asterisk 13.7.1
- Digium asterisk 13.7.2
- Digium asterisk 13.8.0
- Digium asterisk 13.8.1
- Digium asterisk 13.8.2
- Digium asterisk 13.9.0
- Digium asterisk 13.9.1
- Digium asterisk 14.0.0
- Digium asterisk 14.01
- Digium asterisk 14.0.1
- Digium asterisk 14.02
- Digium asterisk 14.0.2
- Digium asterisk 14.1
- Digium asterisk 14.1.0
- Digium asterisk 14.1.1
- Digium asterisk 14.1.2
- Digium asterisk 14.2
- Digium asterisk 14.2.0
- Digium asterisk 14.2.1
- Digium asterisk 14.3.0
- Digium asterisk 14.3.1
- Digium asterisk 14.4.0
- Digium asterisk 14.4.1
- Digium asterisk 14.5.0
- Digium asterisk 14.6.0
- Digium asterisk 14.6.1
- Digium asterisk 14.6.2
- Digium asterisk 14.7.0
- Digium asterisk 14.7.1
- Digium asterisk 14.7.2
- Digium asterisk 14.7.3
- Digium asterisk 15.0.0
- Digium asterisk 15.1.0
- Digium asterisk 15.1.1
- Digium asterisk 15.1.2
- Digium asterisk 15.1.3
- Digium certified_asterisk 13.13
References
- BugTraq: 102201
- CVE: CVE-2017-17664