The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

security note CVE-2019-13161

Asterisk: denial of service via chan_sip

Synthesis of the vulnerability

An attacker can trigger a fatal error via chan_sip of Asterisk, in order to trigger a denial of service.
Severity of this weakness: 2/4.
Creation date: 12/07/2019.
Références of this bulletin: AST-2019-003, CERTFR-2019-AVI-329, CVE-2019-13161, DLA-2017-1, DLA-2017-2, VIGILANCE-VUL-29754.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via chan_sip of Asterisk, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

This threat announce impacts software or systems such as Asterisk Open Source, Debian.

Our Vigil@nce team determined that the severity of this cybersecurity alert is medium.

The trust level is of type confirmed by the editor, with an origin of intranet client.

An attacker with a expert ability can exploit this security alert.

Solutions for this threat

Asterisk: version 16.4.1.
The version 16.4.1 is fixed:
  https://downloads.asterisk.org/pub/telephony/asterisk/releases

Asterisk: version 15.7.3.
The version 15.7.3 is fixed:
  https://downloads.asterisk.org/pub/telephony/asterisk/releases

Asterisk: version 13.27.1.
The version 13.27.1 is fixed:
  https://downloads.asterisk.org/pub/telephony/asterisk/releases

Debian 8: new asterisk packages.
New packages are available:
  Debian 8: asterisk 1:11.13.1~dfsg-2+deb8u8
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides network vulnerability bulletins. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.