N/A

The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets.

N/A

N/A

Asterisk-addons OOH323通道驱动 远程拒绝服务漏洞

Asterisk是开放源码的软件PBX，支持各种VoIP协议和设备。 Asterisk Addons所提供的ooh323通道驱动使用TCP连接内部传送命令，报文负载包括处理命令后所要释放的内存地址。如果远程攻击者向监听的TCP套接字发送了任意数据的话，由于命令处理器会试图释放无效的内存，因此可能导致崩溃。监听的TCP套接字绑定在ooh323.conf文件的bindaddr选项所指定的IP地址。

N/A

N/A