This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Asterisk | First view | 2009-08-12 |
| Product | Opensource | Last view | 2009-08-12 |
| Version | 1.4.23 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:asterisk:opensource | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2009-08-12 | CVE-2009-2726 | The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-399 | Resource Management Errors |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-2 | Inducing Account Lockout |
| CAPEC-82 | Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi... |
| CAPEC-99 | XML Parser Attack |
| CAPEC-119 | Resource Depletion |
| CAPEC-121 | Locate and Exploit Test APIs |
| CAPEC-125 | Resource Depletion through Flooding |
| CAPEC-130 | Resource Depletion through Allocation |
| CAPEC-147 | XML Ping of Death |
| CAPEC-197 | XEE (XML Entity Expansion) |
| CAPEC-227 | Denial of Service through Resource Depletion |
| CAPEC-228 | Resource Depletion through DTD Injection in a SOAP Message |
| CAPEC-229 | XML Attribute Blowup |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 56991 | Asterisk Multiple Function Maximum Width Handling Remote DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-20 (asterisk) File : nvt/glsa_201006_20.nasl |
| 2009-09-28 | Name : Fedora Core 10 FEDORA-2009-9374 (asterisk) File : nvt/fcore_2009_9374.nasl |
| 2009-09-02 | Name : Asterisk SIP Channel Driver Denial Of Service Vulnerability (Linux) File : nvt/secpod_asterisk_sip_channel_driver_dos_vuln.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | CSeq buffer overflow attempt RuleID : 16351 - Type : PROTOCOL-VOIP - Revision : 11 |
| 2014-01-10 | Digium Asterisk SIP sscanf denial of service attempt RuleID : 16212 - Type : DOS - Revision : 2 |
| 2014-01-10 | Digium Asterisk SIP sscanf denial of service attempt RuleID : 16211 - Type : DOS - Revision : 2 |
| 2014-01-10 | Digium Asterisk SIP sscanf denial of service attempt RuleID : 16210 - Type : DOS - Revision : 2 |
| 2014-01-10 | CSeq buffer overflow attempt RuleID : 11971 - Type : PROTOCOL-VOIP - Revision : 8 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2010-06-04 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201006-20.nasl - Type: ACT_GATHER_INFO |
| 2009-09-28 | Name: The remote Fedora host is missing a security update. File: fedora_2009-9374.nasl - Type: ACT_GATHER_INFO |
