A previously developed patch dealt with a denial of service attack exploitable in the Skinny channel driver that occurred when certain messages are sent after a previously registered station sends an Off Hook message. Unresolved in that patch is an issue in the Asterisk 10 releases, wherein, if a Station Key Pad Button Message is processed after an Off Hook message, the channel driver will inappropriately dereference a Null pointer.
Similar to the problem solved with the previous patch, a remote attacker with a valid SCCP ID can use this vulnerability by closing a connection to the Asterisk server when a station is in the “Off Hook” call state and crash the server.
Now the presence of a device for a line is checked in the appropriate channel callbacks, preventing the crash.
you can download the latest Asterisk packages in the download section, as usual.