Asterisk res_pjsip_pubsub Denial of Service

January 2, 2015

Asterisk is a software implementation of a telephone private branch exchange (PBX). It allows attached telephones to make calls to one another, and to connect to other telephone services, such as the public switched telephone network (PSTN) and Voice over Internet Protocol (VoIP) services. Asterisk supports a wide range of Voice over IP protocols, including the Session Initiation Protocol (SIP), the Media Gateway Control Protocol (MGCP), and H.323.

The Session Initiation Protocol (SIP) is a signaling communications protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol (IP) networks. The protocol defines the messages that are sent between endpoints, which govern establishment, termination and other essential elements of a call. SIP can be used for creating, modifying and terminating sessions consisting of one or several media streams. It is a text-based protocol with syntax similar to that of HTTP. A typical SIP request has the following format:

  

A denial of service vulnerability exists in Asterisk's res_pjsip_pubsub module. The vulnerability is due to improper handling of a crafted header in a SIP SUBSCRIBE request. A remote authenticated users can cause a denial of service (crash) of the target Asterisk server by exploiting this vulnerability.

Dell SonicWALL Threat team as researched this vulnerability and released the following IPS signature to protect their customers:

  • 6152 Asterisk Open Source res_pjsip_pubsub DoS

This vulnerability is referred as CVE-2014-6609.