Asterisk IAX2 Call Number Consumption Flaw Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1022819
|
|
SecurityTracker URL: http://securitytracker.com/id?1022819
|
|
CVE Reference: CVE-2009-2346
(Links to External Site)
|
Date: Sep 4 2009
|
Impact: Denial of service via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): 1.2 prior to 1.2.35, 1.4 prior to 1.4.26.2, 1.6.0 prior to 1.6.0.15, 1.6.1 prior to 1.6.1.6
|
Description: A vulnerability was reported in Asterisk. A remote user can cause denial of service conditions.
A remote user can consume all available IAX2 call numbers to prevent additional calls from being accepted.
The vendor was notified on June 22, 2008.
Noam Rathaus and Blake Cornell separately reported this vulnerability.
|
Impact: A remote user can prevent the target system from accepting calls.
|
Solution: The vendor issued a fix (1.2.35, 1.4.26.2, 1.6.0.15, 1.6.1.6).
The vendor's advisory is available at:
http://downloads.asterisk.org/pub/security/AST-2009-006.html
|
Vendor URL: downloads.asterisk.org/pub/security/AST-2009-006.html (Links to External Site)
|
Cause: Resource error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 3 Sep 2009 21:05:37 -0400
Subject: Asterisk
|
http://downloads.asterisk.org/pub/security/AST-2009-006.html
CVE-2009-2346
|
|
