This host is running Asterisk and is prone to Denial of Service vulnerability.

Successful exploitation could result in denial of serivce condition. Impact Level: Application

Upgrade to version 1.6.0.22, 1.6.1.14, 1.6.2.2 or apply the patch, http://www.asterisk.org/downloads http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff ***** NOTE: Please ignore the warning if the patch is applied. *****

The flaw is caused by an error when handling 'T.38 negotiations' over SIP with a negative or overly large value in the 'FaxMaxDatagram' field, or without any 'FaxMaxDatagram' field, which could allows attackers to crash a server.

Asterisk version 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2

• http://downloads.asterisk.org/pub/security/AST-2010-001.html
• http://secunia.com/advisories/38395
• http://securitytracker.com/alerts/2010/Feb/1023532.html
• http://www.vupen.com/english/advisories/2010/0289

---

Updated on 2015-03-25