Denial of Service Vulnerability in Asterisk IAX2 Protocol
CVE-2009-2346

Currently unrated

Key Information:

Vendor: Asterisk
Status: Opensource; Open Source; Asterisk; Appliance S800i
Vendor: CVE Published:; 8 September 2009

What is CVE-2009-2346?

The IAX2 protocol implementation in various versions of Asterisk is susceptible to a denial of service. Remote attackers can exploit this vulnerability by initiating numerous IAX2 message exchanges, leading to call-number exhaustion. This can disrupt service availability and render the system inoperable. Enhanced mitigation strategies should be implemented to safeguard against such attack vectors.

References

http://securitytracker.com/id?1022819

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/archive/1/506257/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/36593

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Sep 8, 2009
Vulnerability Reserved
Jul 7, 2009