Denial of Service Vulnerability in Asterisk Open Source and Business Edition
CVE-2010-0441

Currently unrated

Key Information:

Vendor: Asterisk
Status: Asterisk
Vendor: CVE Published:; 4 February 2010

What is CVE-2010-0441?

A vulnerability exists in specific versions of Asterisk Open Source and Business Edition that could be exploited by remote attackers. Through a manipulated SIP T.38 negotiation, an attacker can trigger a faulty response in the SDP FaxMaxDatagram field, which may be left missing, set to a negative value, or assigned an excessive number. This exploitation can lead to a crash of the Asterisk daemon, resulting in a denial of service.

References

http://downloads.asterisk.org/pub/security/AST-2010-001-1...

x_refsource_CONFIRM

https://issues.asterisk.org/view.php?id=16517

x_refsource_CONFIRM

https://issues.asterisk.org/view.php?id=16634

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 4, 2010
Vulnerability Reserved
Jan 27, 2010