ASTERWEB Blog

13Feb/100

Sicurezza: AST-2010-001 – T.38 Remote Crash Vulnerability

logoasterisk
Description:
An attacker attempting to negotiate T.38 over SIP can remotely crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain either a negative or exceptionally large value. The same crash occurs when the FaxMaxDatagram field is omitted from the SDP as well.

Resolution:
Upgrade to one of the versions of Asterisk listed in the “Corrected In” section, or apply a patch specified in the “Patches” section.



Sono affette tutte le versione 1.6.x. Le versioni 1.6.0.22, 1.6.1.14 e 1.6.2.2 sono già corrette.

PATCH:
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff (v1.6.0)
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff (v1.6.1)
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff (v1.6.2)

Questo il link per scaricare il documento in pdf: AST-2010-001

Commenti (0) Trackback (0)

Ancora nessun commento.


Leave a comment

Ancora nessun trackback.