Test ID:	1.3.6.1.4.1.25623.1.0.900834
Category:	Denial of Service
Title:	Asterisk SIP Channel Driver DoS Vulnerability (AST-2009-005)
Summary:	Asterisk is prone to a denial of service (DoS) vulnerability.
Description:	Summary: Asterisk is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is due to an error in SIP channel driver which fails to use maximum width when invoking 'sscanf' style functions. This can be exploited via SIP packets containing large sequences of ASCII decimal characters as demonstrated via vectors related to the CSeq value in a SIP header, large Content-Length value and SDP. Vulnerability Impact: Successful exploitation will let the attacker cause denial of service in the victim's system. Affected Software/OS: Asterisk version 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4 on Linux. Solution: Update to version 1.2.34, 1.4.26.1, 1.6.0.12, 1.6.1.4 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2726 BugTraq ID: 36015 http://www.securityfocus.com/bid/36015 Bugtraq: 20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver (Google Search) http://www.securityfocus.com/archive/1/505669/100/0/threaded http://labs.mudynamics.com/advisories/MU-200908-01.txt http://www.securitytracker.com/id?1022705 http://secunia.com/advisories/36227 http://www.vupen.com/english/advisories/2009/2229
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.