Think you have a false positive on this rule?

Sid 1-24270

Message

PROTOCOL-VOIP Digium Asterisk RTP comfort noise denial of service attempt

Summary

rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.

Impact

CVSS base score 5.0 CVSS impact score 2.9 CVSS exploitability score 10.0 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE

CVE-2009-4055:

CVSS base score 5.0

CVSS impact score 2.9

CVSS exploitability score 10.0

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Detailed information

CVE-2009-4055: rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.

Affected systems

  • digium asterisk 1.2.0
  • digium asterisk 1.2.1
  • digium asterisk 1.2.2
  • digium asterisk 1.2.3
  • digium asterisk 1.2.10
  • digium asterisk 1.2.11
  • digium asterisk 1.2.12
  • digium asterisk 1.2.12.1
  • digium asterisk 1.2.13
  • digium asterisk 1.2.14
  • digium asterisk 1.2.15
  • digium asterisk 1.2.16
  • digium asterisk 1.2.17
  • digium asterisk 1.2.18
  • digium asterisk 1.2.19
  • digium asterisk 1.2.20
  • digium asterisk 1.2.21
  • digium asterisk 1.2.21.1
  • digium asterisk 1.2.22
  • digium asterisk 1.2.23
  • digium asterisk 1.2.24
  • digium asterisk 1.2.25
  • digium asterisk 1.2.26
  • digium asterisk 1.2.26.1
  • digium asterisk 1.2.26.2
  • digium asterisk 1.2.27
  • digium asterisk 1.2.28
  • digium asterisk 1.2.28.1
  • digium asterisk 1.2.29
  • digium asterisk 1.2.30
  • digium asterisk 1.2.30.1
  • digium asterisk 1.2.30.2
  • digium asterisk 1.2.30.3
  • digium asterisk 1.2.30.4
  • digium asterisk 1.2.31
  • digium asterisk 1.2.31.1
  • digium asterisk 1.2.32
  • digium asterisk 1.2.33
  • digium asterisk 1.2.34
  • digium asterisk 1.2.35
  • digium asterisk 1.2.36
  • digium asterisk 1.4.0
  • digium asterisk 1.4.1
  • digium asterisk 1.4.2
  • digium asterisk 1.4.3
  • digium asterisk 1.4.4
  • digium asterisk 1.4.5
  • digium asterisk 1.4.6
  • digium asterisk 1.4.7
  • digium asterisk 1.4.7.1
  • digium asterisk 1.4.8
  • digium asterisk 1.4.9
  • digium asterisk 1.4.10
  • digium asterisk 1.4.10.1
  • digium asterisk 1.4.11
  • digium asterisk 1.4.12
  • digium asterisk 1.4.12.1
  • digium asterisk 1.4.13
  • digium asterisk 1.4.14
  • digium asterisk 1.4.15
  • digium asterisk 1.4.16
  • digium asterisk 1.4.16.1
  • digium asterisk 1.4.16.2
  • digium asterisk 1.4.17
  • digium asterisk 1.4.18
  • digium asterisk 1.4.19
  • digium asterisk 1.4.19.1
  • digium asterisk 1.4.19.2
  • digium asterisk 1.4.20
  • digium asterisk 1.4.20.1
  • digium asterisk 1.4.21
  • digium asterisk 1.4.21.1
  • digium asterisk 1.4.21.2
  • digium asterisk 1.4.22
  • digium asterisk 1.4.22.1
  • digium asterisk 1.4.22.2
  • digium asterisk 1.4.23
  • digium asterisk 1.4.23.1
  • digium asterisk 1.4.23.2
  • digium asterisk 1.4.24
  • digium asterisk 1.4.24.1
  • digium asterisk 1.4.25
  • digium asterisk 1.4.25.1
  • digium asterisk 1.4.26
  • digium asterisk 1.4.26.1
  • digium asterisk 1.4.26.2
  • digium asterisk 1.4.27
  • digium asterisk 1.6.0
  • digium asterisk 1.6.0.1
  • digium asterisk 1.6.0.2
  • digium asterisk 1.6.0.3
  • digium asterisk 1.6.0.4
  • digium asterisk 1.6.0.5
  • digium asterisk 1.6.0.6
  • digium asterisk 1.6.0.7
  • digium asterisk 1.6.0.8
  • digium asterisk 1.6.0.9
  • digium asterisk 1.6.0.10
  • digium asterisk 1.6.0.11
  • digium asterisk 1.6.0.14
  • digium asterisk 1.6.0.15
  • digium asterisk 1.6.0.16
  • digium asterisk 1.6.0.18
  • digium asterisk 1.6.1.0
  • digium asterisk 1.6.1.1
  • digium asterisk 1.6.1.2
  • digium asterisk 1.6.1.3
  • digium asterisk 1.6.1.4
  • digium asterisk 1.6.1.5
  • digium asterisk 1.6.1.6
  • digium asterisk 1.6.1.7
  • digium asterisk 1.6.1.8
  • digium asterisk 1.6.1.10
  • digium asterisk b
  • digium asterisk b.1.3.2
  • digium asterisk b.1.3.3
  • digium asterisk b.2.2.0
  • digium asterisk b.2.2.1
  • digium asterisk b.2.3.1
  • digium asterisk b.2.3.2
  • digium asterisk b.2.3.3
  • digium asterisk b.2.3.4
  • digium asterisk b.2.3.5
  • digium asterisk b.2.3.6
  • digium asterisk b.2.5.0
  • digium asterisk b.2.5.1
  • digium asterisk b.2.5.2
  • digium asterisk b.2.5.3
  • digium asterisk c
  • digium asterisk c.2.3
  • digium asterisk c.3.0
  • digium s800i 1.3.0
  • digium s800i 1.3.0.2
  • digium s800i 1.3.0.3
  • digium s800i 1.3.0.4

Ease of attack

CVE-2009-4055:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References