Summary
This host has Asterisk installed and is prone to Denial of Service vulnerability.
Impact
Successful exploitation will let the attacker cause Denial of Service in the victim's system.
Impact Level: Application
Solution
Upgrade to version 1.2.34, 1.4.26.1, 1.6.0.12, 1.6.1.4 or apply the patch http://www.asterisk.org/downloads
http://downloads.digium.com/pub/security/AST-2009-005-1.2.diff.txt http://downloads.digium.com/pub/security/AST-2009-005-1.4.diff.txt http://downloads.digium.com/pub/security/AST-2009-005-trunk.diff.txt http://downloads.digium.com/pub/security/AST-2009-005-1.6.0.diff.txt http://downloads.digium.com/pub/security/AST-2009-005-1.6.1.diff.txt http://downloads.digium.com/pub/security/AST-2009-005-1.6.2.diff.txt
*****
NOTE: Please ignore the warning if the patch is applied.
*****
Insight
The flaw is due to an error in SIP channel driver which fails to use maximum width when invoking 'sscanf' style functions. This can be exploited via SIP packets containing large sequences of ASCII decimal characters as demonstrated via vectors related to the CSeq value in a SIP header, large Content-Length value and SDP.
Affected
Asterisk version 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4 on Linux.
References
Severity
Classification
-
CVE CVE-2009-2726 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities