Digium Asterisk SIP sscanf Multiple Denial Of Service Vulnerabilities
危険度: 高
CVE識別番号: CVE-2009-2726
情報公開日: 2 15, 2011
概要
The SIP channel driver in Asterisk Open Source 1.2.x before
1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before
1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before
C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before
1.3.0.3 does not use a maximum width when invoking sscanf style functions, which
allows remote attackers to cause a denial of service (stack memory consumption)
via SIP packets containing large sequences of ASCII decimal characters, as
demonstrated via vectors related to (1) the CSeq value in a SIP header, (2)
large Content-Length value, and (3) SDP.
トレンドマイクロの対策
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
対応方法
Trend Micro Deep Security DPI Rule Number: 1003705
Trend Micro Deep Security DPI Rule Name: 1003705 - Digium Asterisk SIP sscanf Multiple Denial Of Service Vulnerabilities
影響を受けるソフトウェア
- asterisk appliance_s800i 1.3.0.2
- asterisk business_edition b.1.3.2
- asterisk business_edition c.2.3
- asterisk business_edition c.3.0
- asterisk open_source 1.2.0
- asterisk open_source 1.2.1
- asterisk open_source 1.2.10
- asterisk open_source 1.2.11
- asterisk open_source 1.2.12
- asterisk open_source 1.2.12.1
- asterisk open_source 1.2.13
- asterisk open_source 1.2.14
- asterisk open_source 1.2.15
- asterisk open_source 1.2.16
- asterisk open_source 1.2.17
- asterisk open_source 1.2.18
- asterisk open_source 1.2.19
- asterisk open_source 1.2.2
- asterisk open_source 1.2.20
- asterisk open_source 1.2.21
- asterisk open_source 1.2.21.1
- asterisk open_source 1.2.22
- asterisk open_source 1.2.23
- asterisk open_source 1.2.24
- asterisk open_source 1.2.25
- asterisk open_source 1.2.26
- asterisk open_source 1.2.26.1
- asterisk open_source 1.2.26.2
- asterisk open_source 1.2.27
- asterisk open_source 1.2.28
- asterisk open_source 1.2.29
- asterisk open_source 1.2.3
- asterisk open_source 1.2.30
- asterisk open_source 1.2.30.2
- asterisk open_source 1.2.30.3
- asterisk open_source 1.2.30.4
- asterisk open_source 1.2.4
- asterisk open_source 1.2.5
- asterisk open_source 1.2.6
- asterisk open_source 1.2.7
- asterisk open_source 1.2.7.1
- asterisk open_source 1.2.8
- asterisk open_source 1.2.9.1
- asterisk open_source 1.4.0
- asterisk open_source 1.4.1
- asterisk open_source 1.4.10.1
- asterisk open_source 1.4.11
- asterisk open_source 1.4.12
- asterisk open_source 1.4.12.1
- asterisk open_source 1.4.13
- asterisk open_source 1.4.14
- asterisk open_source 1.4.15
- asterisk open_source 1.4.16
- asterisk open_source 1.4.16.1
- asterisk open_source 1.4.16.2
- asterisk open_source 1.4.17
- asterisk open_source 1.4.18
- asterisk open_source 1.4.18.1
- asterisk open_source 1.4.19
- asterisk open_source 1.4.19.1
- asterisk open_source 1.4.19.2
- asterisk open_source 1.4.19_rc3
- asterisk open_source 1.4.2
- asterisk open_source 1.4.20
- asterisk open_source 1.4.21
- asterisk open_source 1.4.21.1
- asterisk open_source 1.4.21.2
- asterisk open_source 1.4.22
- asterisk open_source 1.4.22.1
- asterisk open_source 1.4.22.2
- asterisk open_source 1.4.23
- asterisk open_source 1.4.3
- asterisk open_source 1.4.4
- asterisk open_source 1.4.5
- asterisk open_source 1.4.6
- asterisk open_source 1.4.7
- asterisk open_source 1.4.7.1
- asterisk open_source 1.4.8
- asterisk open_source 1.4.9
- asterisk open_source 1.4beta
- asterisk open_source 1.6.0
- asterisk open_source 1.6.0.1
- asterisk open_source 1.6.0.2
- asterisk open_source 1.6.0.3
- asterisk open_source 1.6.1
- asterisk opensource 1.4.22
- asterisk opensource 1.4.23
- asterisk opensource 1.4.23.1