Site Network: | | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

Asterisk - Remote hacker automatic control

Version: 1.4.2 and prior.
Technical Details:

Multiple Remote unauthenticated stack overflows in Asterisk chan_sip.c, specifically two closely related stack based buffer overflows exist in the SIP/SDP handler.

These vulnerabilities can be triggered with a number of different SIP messages affecting calls received by Asterisk, or in response to calls made by Asterisk.


Asterisk is vulnerable to two related issues affecting handling of SIP/SDP network traffic. These issues can lead to an attacker taking control of a vulnerable server / system that is running Asterisk.

Asterisk developers have released an update to address this issue.


Update to the latest versions of Asterisk or AsteriskNOW as appropriate.



NGS Software (nisr <at>


NGS Software (nisr <at>

External Tracking Data:

Social bookmark this page