Digium Asterisk SIP sscanf Multiple Denial Of Service Vulnerabilities
Schweregrad:: Hoch
CVE Kennungen:: CVE-2009-2726
Hinweisdatum: 15 Februar 2011
Beschreibung
The SIP channel driver in Asterisk Open Source 1.2.x before
1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before
1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before
C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before
1.3.0.3 does not use a maximum width when invoking sscanf style functions, which
allows remote attackers to cause a denial of service (stack memory consumption)
via SIP packets containing large sequences of ASCII decimal characters, as
demonstrated via vectors related to (1) the CSeq value in a SIP header, (2)
large Content-Length value, and (3) SDP.
Trend Micro Lösungen
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1003705
Trend Micro Deep Security DPI Rule Name: 1003705 - Digium Asterisk SIP sscanf Multiple Denial Of Service Vulnerabilities
Betroffene Software und Version:
- asterisk appliance_s800i 1.3.0.2
- asterisk business_edition b.1.3.2
- asterisk business_edition c.2.3
- asterisk business_edition c.3.0
- asterisk open_source 1.2.0
- asterisk open_source 1.2.1
- asterisk open_source 1.2.10
- asterisk open_source 1.2.11
- asterisk open_source 1.2.12
- asterisk open_source 1.2.12.1
- asterisk open_source 1.2.13
- asterisk open_source 1.2.14
- asterisk open_source 1.2.15
- asterisk open_source 1.2.16
- asterisk open_source 1.2.17
- asterisk open_source 1.2.18
- asterisk open_source 1.2.19
- asterisk open_source 1.2.2
- asterisk open_source 1.2.20
- asterisk open_source 1.2.21
- asterisk open_source 1.2.21.1
- asterisk open_source 1.2.22
- asterisk open_source 1.2.23
- asterisk open_source 1.2.24
- asterisk open_source 1.2.25
- asterisk open_source 1.2.26
- asterisk open_source 1.2.26.1
- asterisk open_source 1.2.26.2
- asterisk open_source 1.2.27
- asterisk open_source 1.2.28
- asterisk open_source 1.2.29
- asterisk open_source 1.2.3
- asterisk open_source 1.2.30
- asterisk open_source 1.2.30.2
- asterisk open_source 1.2.30.3
- asterisk open_source 1.2.30.4
- asterisk open_source 1.2.4
- asterisk open_source 1.2.5
- asterisk open_source 1.2.6
- asterisk open_source 1.2.7
- asterisk open_source 1.2.7.1
- asterisk open_source 1.2.8
- asterisk open_source 1.2.9.1
- asterisk open_source 1.4.0
- asterisk open_source 1.4.1
- asterisk open_source 1.4.10.1
- asterisk open_source 1.4.11
- asterisk open_source 1.4.12
- asterisk open_source 1.4.12.1
- asterisk open_source 1.4.13
- asterisk open_source 1.4.14
- asterisk open_source 1.4.15
- asterisk open_source 1.4.16
- asterisk open_source 1.4.16.1
- asterisk open_source 1.4.16.2
- asterisk open_source 1.4.17
- asterisk open_source 1.4.18
- asterisk open_source 1.4.18.1
- asterisk open_source 1.4.19
- asterisk open_source 1.4.19.1
- asterisk open_source 1.4.19.2
- asterisk open_source 1.4.19_rc3
- asterisk open_source 1.4.2
- asterisk open_source 1.4.20
- asterisk open_source 1.4.21
- asterisk open_source 1.4.21.1
- asterisk open_source 1.4.21.2
- asterisk open_source 1.4.22
- asterisk open_source 1.4.22.1
- asterisk open_source 1.4.22.2
- asterisk open_source 1.4.23
- asterisk open_source 1.4.3
- asterisk open_source 1.4.4
- asterisk open_source 1.4.5
- asterisk open_source 1.4.6
- asterisk open_source 1.4.7
- asterisk open_source 1.4.7.1
- asterisk open_source 1.4.8
- asterisk open_source 1.4.9
- asterisk open_source 1.4beta
- asterisk open_source 1.6.0
- asterisk open_source 1.6.0.1
- asterisk open_source 1.6.0.2
- asterisk open_source 1.6.0.3
- asterisk open_source 1.6.1
- asterisk opensource 1.4.22
- asterisk opensource 1.4.23
- asterisk opensource 1.4.23.1