Rule Category

PROTOCOL-VOIP -- Snort has detected traffic that may indicate the presence of the VOIP protocol or vulnerabilities in the VOIP protocol on the network.

Alert Message

PROTOCOL-VOIP Digium Asterisk multiple malformed Accept headers denial of service attempt

Rule Explanation

When processing a SUBSCRIBE request the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Accept headers were present the code would write outside of its memory and cause a crash.

What To Look For

This event is generated when an attempt to exploit CVE-2018-7284 is detected.

Known Usage

Public information/Proof of Concept available

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

Additional Links

Rule Vulnerability

Denial of Service

Denial of Service attacks aim to make a server or program unresponsive for users. These attacks may be volume-based, to overwhelm the system, or they may use certain logical flaws in the software to cut the service off from the users. The attack may come from one or multiple sources. These attacks do not usually lead to a remote code execution. Volume based attacks are best handled using a firewall application.

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2018-7284
Loading description

MITRE ATT&CK Framework

Tactic: Impact

Technique: Network Denial of Service

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org