This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Asterisk First view 2009-09-08
Product Opensource Last view 2009-09-08
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:asterisk:opensource:1.4.26:*:*:*:*:*:*:* 1
cpe:2.3:a:asterisk:opensource:1.4.24:*:*:*:*:*:*:* 1
cpe:2.3:a:asterisk:opensource:1.4.24.1:*:*:*:*:*:*:* 1
cpe:2.3:a:asterisk:opensource:1.4.23.2:*:*:*:*:*:*:* 1
cpe:2.3:a:asterisk:opensource:1.4.26.1:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
7.8 2009-09-08 CVE-2009-2346

The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

id Description
57762 Asterisk IAX2 Call Number Resource Exhaustion Remote DoS

OpenVAS Exploits

id Description
2011-03-09 Name : Gentoo Security Advisory GLSA 201006-20 (asterisk)
File : nvt/glsa_201006_20.nasl
2009-09-28 Name : Fedora Core 10 FEDORA-2009-9374 (asterisk)
File : nvt/fcore_2009_9374.nasl
2009-09-28 Name : Fedora Core 11 FEDORA-2009-9405 (asterisk)
File : nvt/fcore_2009_9405.nasl
2009-09-18 Name : Asterisk IAX2 Call Number Exhaustion DOS Vulnerability (Linux)
File : nvt/secpod_asterisk_iax2_call_number_dos_vuln.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Digium Asterisk IAX2 call number denial of service
RuleID : 21608 - Type : PROTOCOL-VOIP - Revision : 4

Nessus® Vulnerability Scanner

id Description
2010-06-04 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201006-20.nasl - Type: ACT_GATHER_INFO
2009-09-28 Name: The remote Fedora host is missing a security update.
File: fedora_2009-9374.nasl - Type: ACT_GATHER_INFO
2009-09-28 Name: The remote Fedora host is missing a security update.
File: fedora_2009-9405.nasl - Type: ACT_GATHER_INFO
2009-09-08 Name: The remote VoIP service is susceptible to a denial of service attack.
File: asterisk_iax2_call_number_dos.nasl - Type: ACT_GATHER_INFO