CVE-2009-2346

Related Files

Gentoo Linux Security Advisory 201006-20

Posted Jun 4, 2010

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201006-20 - Multiple vulnerabilities in Asterisk might allow remote attackers to cause a Denial of Service condition, or conduct other attacks. Versions less than 1.2.37 are affected.

tags | advisory, remote, denial of service, vulnerability

systems | linux, gentoo

advisories | CVE-2008-7220, CVE-2009-2346, CVE-2009-2726, CVE-2009-3727, CVE-2009-4055

SHA-256 | c4933913b3f7de08c2c9cdd1eaa67457d52f479496c2830a647cc345b7604953

Download | Favorite | View

Asterisk Project Security Advisory - AST-2009-006

Posted Sep 4, 2009

Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - The IAX2 protocol uses a call number to associate messages with the call that they belong to. However, the protocol defines the call number field in messages as a fixed size 15 bit field. So, if all call numbers are in use, no additional sessions can be handled. A call number gets created at the start of an IAX2 message exchange. So, an attacker can send a large number of messages and consume the call number space. The attack is also possible using spoofed source IP addresses as no handshake is required before a call number is assigned.

tags | advisory, spoof, protocol

advisories | CVE-2009-2346

SHA-256 | b9b863efb0b85644076d3c974b98ce74f39e463464e8e6c41b443200a78dd088

Download | Favorite | View