CVE-2010-0441

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2010-0441 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by bklang, elsto.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2010-0441

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Asterisk Open Source 1.6.x - All versions
* Asterisk Business Edition C.3 - All versions

Immune Systems:
* Asterisk Open Source - 1.6.0.22
* Asterisk Open Source - 1.6.1.14
* Asterisk Open Source - 1.6.2.2
* Asterisk Business Edition - C.3.3.2

An attacker attempting to negotiate T.38 over SIP can remotely crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain either a negative or exceptionally large value. The same crash occurs when the FaxMaxDatagram field is omitted from the SDP as well.

Patch Availability:
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff |v1.6.0|
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff |v1.6.1|
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff |v1.6.2|

CVE Information:
CVE-2010-0441

Disclosure Timeline:
12/03/09 - Reported On
02/02/10 - Initial Release

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus