[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-4055Date: (C)2009-12-02   (M)2024-02-22


rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1023249
http://www.securityfocus.com/archive/1/508147/100/0/threaded
BID-37153
SECUNIA-37530
SECUNIA-37677
SECUNIA-37708
OSVDB-60569
ADV-2009-3368
DSA-1952
FEDORA-2009-12461
asterisk-rtp-comfortnoise-dos(54471)
http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt
http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt
http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt
http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt
http://downloads.digium.com/pub/security/AST-2009-010.html
https://issues.asterisk.org/view.php?id=16242

CPE    216
cpe:/a:digium:asterisk:1.6.0:rc4
cpe:/a:digium:asterisk:1.2.31.1
cpe:/a:digium:asterisk:1.6.0:rc5
cpe:/a:digium:asterisk:1.6.0:rc6
...
OVAL    7
oval:org.secpod.oval:def:600392
oval:org.secpod.oval:def:102142
oval:org.secpod.oval:def:100071
oval:org.secpod.oval:def:100965
...

© SecPod Technologies