This host has Asterisk installed and is prone to Denial of Service vulnerability.

Successful exploitation will let the attacker cause Denial of Service in the victim's system. Impact Level: Application

Upgrade to version 1.2.34, 1.4.26.1, 1.6.0.12, 1.6.1.4 or apply the patch http://www.asterisk.org/downloads http://downloads.digium.com/pub/security/AST-2009-005-1.2.diff.txt http://downloads.digium.com/pub/security/AST-2009-005-1.4.diff.txt http://downloads.digium.com/pub/security/AST-2009-005-trunk.diff.txt http://downloads.digium.com/pub/security/AST-2009-005-1.6.0.diff.txt http://downloads.digium.com/pub/security/AST-2009-005-1.6.1.diff.txt http://downloads.digium.com/pub/security/AST-2009-005-1.6.2.diff.txt ***** NOTE: Please ignore the warning if the patch is applied. *****

The flaw is due to an error in SIP channel driver which fails to use maximum width when invoking 'sscanf' style functions. This can be exploited via SIP packets containing large sequences of ASCII decimal characters as demonstrated via vectors related to the CSeq value in a SIP header, large Content-Length value and SDP.

Asterisk version 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4 on Linux.

• http://downloads.asterisk.org/pub/security/AST-2009-005.html
• http://secunia.com/advisories/36227/
• http://www.vupen.com/english/advisories/2009/2229

---

Updated on 2017-03-28