Asterisk T.38 Negotiation Remote Denial Of Service Vulnerability

Summary
This host is running Asterisk and is prone to Denial of Service vulnerability.
Impact
Successful exploitation could result in denial of serivce condition. Impact Level: Application
Solution
Upgrade to version 1.6.0.22, 1.6.1.14, 1.6.2.2 or apply the patch, http://www.asterisk.org/downloads http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff ***** NOTE: Please ignore the warning if the patch is applied. *****
Insight
The flaw is caused by an error when handling 'T.38 negotiations' over SIP with a negative or overly large value in the 'FaxMaxDatagram' field, or without any 'FaxMaxDatagram' field, which could allows attackers to crash a server.
Affected
Asterisk version 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2
References