CVE-2008-0095

Asterisk Appliance Developer Kit - Resource Management Error

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0095. PoCs published by greyvoip.

AI-analyzed exploit summary This exploit is a crafted SIP BYE message that triggers a denial-of-service (DoS) condition in Asterisk by causing the application to crash. The vulnerability is exploited by sending a malformed SIP packet with an 'Also' header, which the software fails to handle properly.

Description

The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.

Exploits (1)

exploitdb WORKING POC

by greyvoip · textdosmultiple

https://www.exploit-db.com/exploits/30974

View Code ZIP pw:eip

This exploit is a crafted SIP BYE message that triggers a denial-of-service (DoS) condition in Asterisk by causing the application to crash. The vulnerability is exploited by sending a malformed SIP packet with an 'Also' header, which the software fails to handle properly.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Asterisk (versions affected by CVE-2008-0095)

No auth needed

Prerequisites: Network access to the target Asterisk server · Ability to send SIP messages to the target

MITRE ATT&CK