Denial of Service : Asterisk SIP Channel Driver DoS Vulnerability (AST-2009-005)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900834

Categoría: Denial of Service

Título: Asterisk SIP Channel Driver DoS Vulnerability (AST-2009-005)

Resumen: Asterisk is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
Asterisk is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
The flaw is due to an error in SIP channel driver which fails to
use maximum width when invoking 'sscanf' style functions. This can be exploited via SIP packets
containing large sequences of ASCII decimal characters as demonstrated via vectors related to the
CSeq value in a SIP header, large Content-Length value and SDP.

Vulnerability Impact:
Successful exploitation will let the attacker cause denial of
service in the victim's system.

Affected Software/OS:
Asterisk version 1.2.x before 1.2.34, 1.4.x before 1.4.26.1,
1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4 on Linux.

Solution:
Update to version 1.2.34, 1.4.26.1, 1.6.0.12, 1.6.1.4 or later.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2726
BugTraq ID: 36015
http://www.securityfocus.com/bid/36015
Bugtraq: 20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver (Google Search)
http://www.securityfocus.com/archive/1/505669/100/0/threaded
http://labs.mudynamics.com/advisories/MU-200908-01.txt
http://www.securitytracker.com/id?1022705
http://secunia.com/advisories/36227
http://www.vupen.com/english/advisories/2009/2229

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900834
Categoría:	Denial of Service
Título:	Asterisk SIP Channel Driver DoS Vulnerability (AST-2009-005)
Resumen:	Asterisk is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: Asterisk is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is due to an error in SIP channel driver which fails to use maximum width when invoking 'sscanf' style functions. This can be exploited via SIP packets containing large sequences of ASCII decimal characters as demonstrated via vectors related to the CSeq value in a SIP header, large Content-Length value and SDP. Vulnerability Impact: Successful exploitation will let the attacker cause denial of service in the victim's system. Affected Software/OS: Asterisk version 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4 on Linux. Solution: Update to version 1.2.34, 1.4.26.1, 1.6.0.12, 1.6.1.4 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2726 BugTraq ID: 36015 http://www.securityfocus.com/bid/36015 Bugtraq: 20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver (Google Search) http://www.securityfocus.com/archive/1/505669/100/0/threaded http://labs.mudynamics.com/advisories/MU-200908-01.txt http://www.securitytracker.com/id?1022705 http://secunia.com/advisories/36227 http://www.vupen.com/english/advisories/2009/2229
Copyright	Copyright (C) 2009 Greenbone AG