Asterisk SIP INVITE ACL Security Bypass

Asterisk SIP INVITE ACL Security Bypass
SECUNIA ADVISORY ID: SA37056
VERIFY ADVISORY: http://secunia.com/advisories/37056/
DESCRIPTION: A vulnerability has been reported in Asterisk, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to Asterisk not properly enforcing ACLs when handling SIP INVITES. This can be exploited to e.g. perform calls, although the caller’s network is forbidden via the “deny” and “permit” options in sip.conf.
The vulnerability is reported in all Asterisk Open Source 1.6.1 versions prior to 1.6.1.8.
SOLUTION: Update to version 1.6.1.8 or apply patch.
Asterisk Open Source 1.6.18: http://downloads.asterisk.org/pub/telephony/asterisk/
Patch: http://downloads.asterisk.org/pub/security/AST-2009-007-1.6.1.diff.txt
PROVIDED AND/OR DISCOVERED BY: The vendor credits Thomas Athineou.
ORIGINAL ADVISORY: http://downloads.asterisk.org/pub/security/AST-2009-007.html
———————————————————————-

mobile

Dieser Beitrag wurde am Mittwoch 28. Oktober 2009, 02:40 unter Bugs / Fehlermeldungen verfasst. Sie können alle Antworten auf diesen Beitrag nachverfolgen mit RSS 2.0. Sie können eine Antwort, oder einen Trackback von Ihrer eigenen Seite hinterlassen.

M	D	M	D	F	S	S
« Jul
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

Asterisk SIP INVITE ACL Security Bypass

Kalender

Meta