正文

Asterisk T.38 FaxMaxDatagram字段远程拒绝服务漏洞

admin
admin V管理员 /0 评论 /9 阅读
0105
此篇文章发布距今已超过1278天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Asterisk T.38 FaxMaxDatagram字段远程拒绝服务漏洞

  • CNNVD编号:CNNVD-201002-031
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2010-0441
  • 漏洞类型: 输入验证
  • 发布时间: 2010-02-04
  • 威胁类型: 远程
  • 更新时间: 2010-02-05
  • 厂        商: asterisk
  • 漏洞来源: David Vossel※ dvos...

漏洞简介

Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。

在通过SIP协商T.38时,攻击者可以将SDP的FaxMaxDatagram字段修改为负数或很大的值或完全忽略该值导致Asterisk崩溃。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Asterisk Asterisk 1.6

Asterisk AST-2010-001-1.6.0.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff

Asterisk Asterisk 1.6.1.8

Asterisk AST-2010-001-1.6.1.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff

Asterisk Asterisk 1.6.1.7

Asterisk AST-2010-001-1.6.1.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff

Asterisk Asterisk 1.6 3

Asterisk AST-2010-001-1.6.0.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff

Asterisk Asterisk 1.6 .8

Asterisk AST-2010-001-1.6.0.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff

Asterisk Asterisk 1.6 15

Asterisk AST-2010-001-1.6.0.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff

Asterisk Asterisk 1.6 14

Asterisk AST-2010-001-1.6.0.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff

Asterisk Asterisk 1.6 19

Asterisk AST-2010-001-1.6.0.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff

Asterisk Asterisk 1.6 beta6

Asterisk AST-2010-001-1.6.0.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff

Asterisk Asterisk 1.6 6

Asterisk AST-2010-001-1.6.0.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff

Asterisk Asterisk 1.6 .17

Asterisk AST-2010-001-1.6.0.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff

Asterisk Asterisk 1.6.1 6

Asterisk AST-2010-001-1.6.1.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff

Asterisk Asterisk 1.6.1 11

Asterisk AST-2010-001-1.6.1.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff

Asterisk Asterisk 1.6.1 0-rc2

Asterisk AST-2010-001-1.6.1.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff

Asterisk Asterisk 1.6.1 0-rc1

Asterisk AST-2010-001-1.6.1.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff

Asterisk Asterisk 1.6.1

Asterisk AST-2010-001-1.6.1.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff

Asterisk Asterisk 1.6.1 5

Asterisk AST-2010-001-1.6.1.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff

Asterisk Asterisk 1.6.1 9

Asterisk AST-2010-001-1.6.1.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff

Asterisk Asterisk 1.6.2

Asterisk AST-2010-001-1.6.2.diff

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff

参考网址

来源: downloads.asterisk.org

链接:http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff

来源: downloads.asterisk.org

链接:http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff

来源: issues.asterisk.org

链接:https://issues.asterisk.org/view.php?id=16724

来源: issues.asterisk.org

链接:https://issues.asterisk.org/view.php?id=16634

来源: issues.asterisk.org

链接:https://issues.asterisk.org/view.php?id=16517

来源: VUPEN

名称: ADV-2010-0289

链接:http://www.vupen.com/english/advisories/2010/0289

来源: BID

名称: 38047

链接:http://www.securityfocus.com/bid/38047

来源: BUGTRAQ

名称: 20100202 AST-2010-001: T.38 Remote Crash Vulnerability

链接:http://www.securityfocus.com/archive/1/archive/1/509327/100/0/threaded

来源: SECTRACK

名称: 1023532

链接:http://securitytracker.com/id?1023532

来源: SECUNIA

名称: 38395

链接:http://secunia.com/advisories/38395

来源: downloads.asterisk.org

链接:http://downloads.asterisk.org/pub/security/AST-2010-001.html

来源: downloads.asterisk.org

链接:http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff

来源:NSFOCUS 名称:14454 链接:http://www.nsfocus.net/vulndb/14454

受影响实体

  • Asterisk Asterisk:1.6.0.15  
    <!--
    2000-1-1
    -->
  • Asterisk Asterisk:C.3.3.3:Business  
    <!--
    2000-1-1
    -->
  • Asterisk Asterisk:C.3.2.2:Business  
    <!--
    2000-1-1
    -->
  • Asterisk Asterisk:C.3.1.0:Business  
    <!--
    2000-1-1
    -->
  • Asterisk Asterisk:C.3.1.1:Business  
    <!--
    2000-1-1
    -->

补丁

  • AST-2010-001-1.6.0
    <!--
    -->
  • AST-2010-001-1.6.2
    <!--
    -->
  • AST-2010-001-1.6.1
    <!--
    -->