5

CVE-2010-0441

Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AsteriskAsterisk Version1.6.0
AsteriskAsterisk Version1.6.0.1
AsteriskAsterisk Version1.6.0.2
AsteriskAsterisk Version1.6.0.3
AsteriskAsterisk Version1.6.0.5
AsteriskAsterisk Version1.6.0.6
AsteriskAsterisk Version1.6.0.7
AsteriskAsterisk Version1.6.0.8
AsteriskAsterisk Version1.6.0.9
AsteriskAsterisk Version1.6.0.10
AsteriskAsterisk Version1.6.0.12
AsteriskAsterisk Version1.6.0.13
AsteriskAsterisk Version1.6.0.14
AsteriskAsterisk Version1.6.0.15
AsteriskAsterisk Version1.6.0.16-rc1
AsteriskAsterisk Version1.6.0.16-rc2
AsteriskAsterisk Version1.6.0.17
AsteriskAsterisk Version1.6.0.18
AsteriskAsterisk Version1.6.0.18-rc1
AsteriskAsterisk Version1.6.0.18-rc2
AsteriskAsterisk Version1.6.0.18-rc3
AsteriskAsterisk Version1.6.0.19
AsteriskAsterisk Version1.6.0.20
AsteriskAsterisk Version1.6.0.20-rc1
AsteriskAsterisk Version1.6.0.21
AsteriskAsterisk Version1.6.0.21-rc1
AsteriskAsterisk Version1.6.1.0
AsteriskAsterisk Version1.6.1.1
AsteriskAsterisk Version1.6.1.2
AsteriskAsterisk Version1.6.1.4
AsteriskAsterisk Version1.6.1.5
AsteriskAsterisk Version1.6.1.6
AsteriskAsterisk Version1.6.1.7-rc1
AsteriskAsterisk Version1.6.1.7-rc2
AsteriskAsterisk Version1.6.1.8
AsteriskAsterisk Version1.6.1.9
AsteriskAsterisk Version1.6.1.10
AsteriskAsterisk Version1.6.1.10-rc1
AsteriskAsterisk Version1.6.1.10-rc2
AsteriskAsterisk Version1.6.1.10-rc3
AsteriskAsterisk Version1.6.1.11
AsteriskAsterisk Version1.6.1.12
AsteriskAsterisk Version1.6.1.12-rc1
AsteriskAsterisk Version1.6.1.13
AsteriskAsterisk Version1.6.1.13-rc1
AsteriskAsterisk Version1.6.2.1
AsteriskAsterisk Version1.6.2.1-rc1
AsteriskAsterisk Version1.6.10-rc1
AsteriskAsterisk Version1.6.10-rc2
AsteriskAsterisk Versionc.3.1.0 Editionbusiness
AsteriskAsterisk Versionc.3.1.1 Editionbusiness
AsteriskAsterisk Versionc.3.2.2 Editionbusiness
AsteriskAsterisk Versionc.3.3.3 Editionbusiness
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.38% 0.872
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff
Patch
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff
Patch
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff
http://downloads.asterisk.org/pub/security/AST-2010-001.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
http://secunia.com/advisories/38395
Vendor Advisory
http://secunia.com/advisories/39096
http://securitytracker.com/id?1023532
http://www.securityfocus.com/archive/1/509327/100/0/threaded
http://www.securityfocus.com/bid/38047
http://www.vupen.com/english/advisories/2010/0289
Vendor Advisory
https://issues.asterisk.org/view.php?id=16517
https://issues.asterisk.org/view.php?id=16634
https://issues.asterisk.org/view.php?id=16724