Summary
This host has Asterisk installed and is prone to Denial of Service vulnerability.
Impact
Successful exploitation will let the attacker cause to Denial of Service.
Impact Level: Application
Solution
Upgrade to version 1.2.35, 1.4.26.2, 1.6.0.15, 1.6.1.6 or apply the patch http://www.asterisk.org/downloads
http://downloads.asterisk.org/pub/security/AST-2009-006-1.2.diff.txt http://downloads.asterisk.org/pub/security/AST-2009-006-1.4.diff.txt http://downloads.asterisk.org/pub/security/AST-2009-006-1.6.0.diff.txt http://downloads.asterisk.org/pub/security/AST-2009-006-1.6.1.diff.txt
*****
NOTE: Please ignore the warning if the patch is applied.
*****
Insight
An error in the 'IAX2' protocol implementation while processing call-number which can be exploited by initiating many IAX2 message exchanges.
Affected
Asterisk version 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6 on Linux.
References
Severity
Classification
-
CVE CVE-2009-2346 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- 7T Interactive Graphical SCADA System 'dc.exe' Command Injection Vulnerability
- Adobe Reader '.ETD File' Denial of Service Vulnerability (Mac OS X)
- Apache APR-Utils XML Parser Denial of Service Vulnerability
- Apple QuickTime Multiple Denial Of Service Vulnerabilities (Win)
- AzeoTech DAQFactory Denial of Service Vulnerability