CVE-2011-4598 in Asterisk
Summary
by MITRE
The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 11/28/2021
The vulnerability described in CVE-2011-4598 represents a critical denial of service flaw within the Asterisk open source telephony platform, specifically affecting versions prior to 1.6.2.21 and 1.8.7.2. This issue manifests in the handle_request_info function located within the SIP channel driver implementation at channels/chan_sip.c. The vulnerability becomes exploitable when the automon feature is enabled, which is a monitoring function designed to automatically record incoming and outgoing calls. The flaw stems from inadequate input validation and error handling within the SIP request processing pipeline, creating a scenario where malicious actors can craft specially formatted SIP messages to trigger system instability.
The technical exploitation of this vulnerability occurs through a carefully constructed sequence of SIP requests that manipulate the state of the SIP channel handler. When automon is active, the system attempts to process and log information about incoming SIP requests, but the handle_request_info function fails to properly validate or sanitize the incoming data structures. This leads to a NULL pointer dereference condition where the application attempts to access memory at address zero, resulting in an immediate crash of the Asterisk daemon process. The vulnerability is particularly concerning because it can be triggered remotely without requiring authentication, making it accessible to any attacker who can send SIP packets to the target system.
The operational impact of this vulnerability extends beyond simple service disruption, as it can be leveraged to create persistent denial of service conditions that can severely impact telephony infrastructure. Organizations relying on Asterisk for their communication systems face significant risk when running vulnerable versions, as attackers can repeatedly exploit this flaw to crash the telephony service, potentially disrupting business communications, emergency services, or critical infrastructure that depends on SIP-based voice communications. The vulnerability also demonstrates poor defensive programming practices that could indicate additional weaknesses in the codebase, particularly around input validation and error handling mechanisms that are fundamental to secure software design.
Mitigation strategies for this vulnerability require immediate patching of affected Asterisk installations to versions 1.6.2.21 or 1.8.7.2, which contain the necessary fixes for the NULL pointer dereference issue. System administrators should also consider disabling the automon feature if it is not essential for operations, as this removes the attack vector entirely. Network-level protections such as firewall rules that restrict SIP traffic to trusted sources and intrusion detection systems that monitor for suspicious SIP request patterns can provide additional layers of defense. From a security compliance perspective, this vulnerability aligns with CWE-476 which addresses NULL pointer dereference conditions, and it maps to ATT&CK technique T1499.004 related to network denial of service attacks. Organizations should implement comprehensive vulnerability management processes to identify and remediate similar issues in their telephony infrastructure, as the attack surface for VoIP systems continues to expand with increasing adoption of SIP-based communications across enterprise environments.