Rule

--
Sid
21608

--
Summary:
This event is generated when an attempt is made to exploit a known vulnerability in asterisk.

--
Impact:
Denial of Service.   

--
Detailed Information:
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.

--
Affected Systems:
asterisk asterisk B.1.3.2
asterisk asterisk B.1.3.2
asterisk asterisk B.1.3.3
asterisk asterisk B.1.3.3
asterisk asterisk B.2.2.0
asterisk asterisk B.2.2.0
asterisk asterisk B.2.2.1
asterisk asterisk B.2.2.1
asterisk asterisk B.2.3.1
asterisk asterisk B.2.3.1
asterisk asterisk B.2.3.2
asterisk asterisk B.2.3.2
asterisk asterisk B.2.3.3
asterisk asterisk B.2.3.3
asterisk asterisk B.2.3.4
asterisk asterisk B.2.3.4
asterisk asterisk B.2.3.5
asterisk asterisk B.2.3.5
asterisk asterisk B.2.3.6
asterisk asterisk B.2.3.6
asterisk asterisk B.2.5.1
asterisk asterisk B.2.5.1
asterisk asterisk B.2.5.3
asterisk asterisk B.2.5.3
asterisk asterisk B.2.5.4
asterisk asterisk B.2.5.4
asterisk asterisk B.2.5.5
asterisk asterisk B.2.5.5
asterisk asterisk B.2.5.6
asterisk asterisk B.2.5.6
asterisk asterisk B.2.5.8
asterisk asterisk B.2.5.8
asterisk asterisk B.2.5.9
asterisk asterisk B.2.5.9
asterisk asterisk C.1.0 beta7
asterisk asterisk C.1.0 beta7
asterisk asterisk C.1.0 beta8
asterisk asterisk C.1.0 beta8
asterisk asterisk C.1.10.3
asterisk asterisk C.1.10.3
asterisk asterisk C.1.10.4
asterisk asterisk C.1.10.4
asterisk asterisk C.1.10.5
asterisk asterisk C.1.10.5
asterisk asterisk C.1.6
asterisk asterisk C.1.6
asterisk asterisk C.1.6.1
asterisk asterisk C.1.6.1
asterisk asterisk C.1.6.2
asterisk asterisk C.1.6.2
asterisk asterisk C.1.8.1
asterisk asterisk C.1.8.1
asterisk asterisk C.2.1.2.1
asterisk asterisk C.2.1.2.1
asterisk asterisk C.2.3
asterisk asterisk C.2.3
asterisk asterisk C.2.3.3
asterisk asterisk C.2.3.3
asterisk asterisk C.2.4.2
asterisk asterisk C.2.4.2
asterisk asterisk C.3.1.0
asterisk asterisk C.3.1.0

--
Attack Scenarios:


--
Ease of Attack:
Medium.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

--
Contributors:
Sourcefire Vulnerability Research Team
This document was generated from data supplied by the National Vulnerability Database. A product of the National Institute of Standards and Technology.
For more information see http://nvd.nist.gov/

--
Additional References:

NIST CVE-2009-2346:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2346
  
--
