CVE-2009-2726

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-2726
The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.

7.8 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References
Link Resource
http://downloads.digium.com/pub/security/AST-2009-005.html Product
http://labs.mudynamics.com/advisories/MU-200908-01.txt Broken Link
http://secunia.com/advisories/36227 Broken Link Vendor Advisory
http://www.securityfocus.com/archive/1/505669/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/36015 Broken Link Exploit Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1022705 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/2229 Broken Link Vendor Advisory
http://downloads.digium.com/pub/security/AST-2009-005.html Product
http://labs.mudynamics.com/advisories/MU-200908-01.txt Broken Link
http://secunia.com/advisories/36227 Broken Link Vendor Advisory
http://www.securityfocus.com/archive/1/505669/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/36015 Broken Link Exploit Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1022705 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/2229 Broken Link Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:digium:asterisk:*:*:business:*:*:*:*:*
cpe:2.3:a:digium:asterisk:*:*:business:*:*:*:*:*
cpe:2.3:a:digium:asterisk:*:*:business:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:digium:s800i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digium:s800i:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
History

21 Nov 2024, 01:05

Type Values Removed Values Added
References () http://downloads.digium.com/pub/security/AST-2009-005.html - Product () http://downloads.digium.com/pub/security/AST-2009-005.html - Product
References () http://labs.mudynamics.com/advisories/MU-200908-01.txt - Broken Link () http://labs.mudynamics.com/advisories/MU-200908-01.txt - Broken Link
References () http://secunia.com/advisories/36227 - Broken Link, Vendor Advisory () http://secunia.com/advisories/36227 - Broken Link, Vendor Advisory
References () http://www.securityfocus.com/archive/1/505669/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/505669/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/36015 - Broken Link, Exploit, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/36015 - Broken Link, Exploit, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1022705 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1022705 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2009/2229 - Broken Link, Vendor Advisory () http://www.vupen.com/english/advisories/2009/2229 - Broken Link, Vendor Advisory

15 Feb 2024, 21:05

Type Values Removed Values Added
CPE cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.16.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.16:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.19:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.24:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.0:rc5:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.12:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.0.3:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.22:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.19:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.19.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.29:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.21.1:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.19_rc3:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.27:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.0:beta9:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.5:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.22.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.0:beta7.1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.19:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.28:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.0:beta5:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.23:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.30.3:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.0:rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.10:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.20:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.23:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.25:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.26:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.21:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.8:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.15:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.16:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.21.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.18:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.22.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:opensource:1.4.23:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.22:rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.30:*:*:*:*:*:*:*
cpe:2.3:h:asterisk:appliance_s800i:1.3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.3:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:business_edition:b.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:business_edition:c.2.3:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.20:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.19:rc2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.20:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.6:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.20:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.0:beta3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.19:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.0:beta8:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.4:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.23:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.13:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.0:rc6:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.18.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.23:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.20:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.9.1:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.0:beta7:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.0:beta1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.30.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.0:beta4:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:opensource:1.4.22:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:business_edition:c.3.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.14:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.21:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.18:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.12.1:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.16.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.19:rc4:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.21:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.30.4:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.19.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.21:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.0:beta3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.17:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.23:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.7:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.21.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4beta:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.7.1:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.20:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.10.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.19:rc-2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.17:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:opensource:1.4.23.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.21.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.12.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.22:rc3:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.2:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.22:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.11:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.6.0:beta4:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:open_source:1.2.9.1:*:*:*:*:*:*:*		 cpe:2.3:o:digium:s800i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:digium:s800i:-:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:*:*:business:*:*:*:*:*
CWE CWE-399 CWE-770
First Time Digium s800i
Digium asterisk
Digium
Digium s800i Firmware
References (BID) http://www.securityfocus.com/bid/36015 - Exploit (BID) http://www.securityfocus.com/bid/36015 - Broken Link, Exploit, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/36227 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/36227 - Broken Link, Vendor Advisory
References (VUPEN) http://www.vupen.com/english/advisories/2009/2229 - Vendor Advisory (VUPEN) http://www.vupen.com/english/advisories/2009/2229 - Broken Link, Vendor Advisory
References (BUGTRAQ) http://www.securityfocus.com/archive/1/505669/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/505669/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (SECTRACK) http://www.securitytracker.com/id?1022705 - (SECTRACK) http://www.securitytracker.com/id?1022705 - Broken Link, Third Party Advisory, VDB Entry
References (MISC) http://labs.mudynamics.com/advisories/MU-200908-01.txt - (MISC) http://labs.mudynamics.com/advisories/MU-200908-01.txt - Broken Link
References (CONFIRM) http://downloads.digium.com/pub/security/AST-2009-005.html - (CONFIRM) http://downloads.digium.com/pub/security/AST-2009-005.html - Product
Information

Published : 2009-08-12 10:30

Updated : 2024-11-21 01:05

NVD link : CVE-2009-2726

Mitre link : CVE-2009-2726

CVE.ORG link : CVE-2009-2726

JSON object : View

Products Affected

digium

  • s800i_firmware
  • asterisk
  • s800i
CWE
CWE-770

Allocation of Resources Without Limits or Throttling


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024