Summary
This host is running Asterisk and is prone to Denial of Service vulnerability.
Impact
Successful exploitation could result in denial of serivce condition.
Impact Level: Application
Solution
Upgrade to version 1.6.0.22, 1.6.1.14, 1.6.2.2 or apply the patch, http://www.asterisk.org/downloads
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff
*****
NOTE: Please ignore the warning if the patch is applied.
*****
Insight
The flaw is caused by an error when handling 'T.38 negotiations' over SIP with a negative or overly large value in the 'FaxMaxDatagram' field, or without any 'FaxMaxDatagram' field, which could allows attackers to crash a server.
Affected
Asterisk version 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2
References
Severity
Classification
-
CVE CVE-2010-0441 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apple Safari Denial of Service Vulnerability (Win) - Apr09
- Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Win
- Apple Safari 'WebKit.dll' Stack Consumption Vulnerability
- Firefly MediaServer HTTP Header Multiple DoS Vulnerabilities
- Apple Safari Nested 'object' Tag Remote Denial Of Service vulnerability