Asterisk RTP舒适噪音处理远程拒绝服务漏洞

漏洞起因
边界条件错误

影响系统
Asterisk s800i Appliance 1.3 5
Asterisk s800i Appliance 1.3 3
Asterisk s800i Appliance 1.3 .2
Asterisk s800i Appliance 1.3
Asterisk Asterisk Business Edition C.3.2 2
Asterisk Asterisk Business Edition C.3.1.0
Asterisk Asterisk Business Edition C.3.1 1
Asterisk Asterisk Business Edition C.2.4.3
Asterisk Asterisk Business Edition C.2.4.2
Asterisk Asterisk Business Edition C.2.4 5
Asterisk Asterisk Business Edition C.2.3.3
Asterisk Asterisk Business Edition C.2.3 .2
Asterisk Asterisk Business Edition C.2.3
Asterisk Asterisk Business Edition C.2.1.2.1
Asterisk Asterisk Business Edition C.1.8.1
Asterisk Asterisk Business Edition C.1.6.2
Asterisk Asterisk Business Edition C.1.6.1
Asterisk Asterisk Business Edition C.1.6
Asterisk Asterisk Business Edition C.1.10.5
Asterisk Asterisk Business Edition C.1.10.4
Asterisk Asterisk Business Edition C.1.10.3
Asterisk Asterisk Business Edition C.1.0-beta8
Asterisk Asterisk Business Edition C.1.0-beta7
Asterisk Asterisk Business Edition C
Asterisk Asterisk Business Edition B.2.5.9
Asterisk Asterisk Business Edition B.2.5.8
Asterisk Asterisk Business Edition B.2.5.7
Asterisk Asterisk Business Edition B.2.5.6
Asterisk Asterisk Business Edition B.2.5.5
Asterisk Asterisk Business Edition B.2.5.4
Asterisk Asterisk Business Edition B.2.5.3
Asterisk Asterisk Business Edition B.2.5.2
Asterisk Asterisk Business Edition B.2.5.10
Asterisk Asterisk Business Edition B.2.5.1
Asterisk Asterisk Business Edition B.2.5 12
Asterisk Asterisk Business Edition B.2.3.6
Asterisk Asterisk Business Edition B.2.3.5
Asterisk Asterisk Business Edition B.2.3.4
Asterisk Asterisk Business Edition B.2.3.3
Asterisk Asterisk Business Edition B.2.3.2
Asterisk Asterisk Business Edition B.2.3.1
Asterisk Asterisk Business Edition B.2.2.1
Asterisk Asterisk Business Edition B.2.2.1
Asterisk Asterisk Business Edition B.2.2.0
Asterisk Asterisk Business Edition B.2.2.0
Asterisk Asterisk Business Edition B.1.3.3
Asterisk Asterisk Business Edition B.1.3.2
Asterisk Asterisk Business Edition B
Asterisk Asterisk 1.6.1 9
Asterisk Asterisk 1.6.1 6
Asterisk Asterisk 1.6.1 5
Asterisk Asterisk 1.6.1 0-rc2
Asterisk Asterisk 1.6.1 0-rc1
Asterisk Asterisk 1.6.1
Asterisk Asterisk 1.6 beta6
Asterisk Asterisk 1.6 6
Asterisk Asterisk 1.6 3
Asterisk Asterisk 1.6 19
Asterisk Asterisk 1.6 15
Asterisk Asterisk 1.6 14
Asterisk Asterisk 1.6 .8
Asterisk Asterisk 1.6 .17
Asterisk Asterisk 1.4.26 2
Asterisk Asterisk 1.4.26 1
Asterisk Asterisk 1.4.26 .3
Asterisk Asterisk 1.4.26
Asterisk Asterisk 1.4.24 .1
Asterisk Asterisk 1.4.24
Asterisk Asterisk 1.4.23 .2
Asterisk Asterisk 1.4.23 .1
Asterisk Asterisk 1.4.23
Asterisk Asterisk 1.4.22 1
Asterisk Asterisk 1.4.22
Asterisk Asterisk 1.4.21 2
Asterisk Asterisk 1.4.21 2
Asterisk Asterisk 1.4.19 rc3
Asterisk Asterisk 1.4.19 .1
Asterisk Asterisk 1.4.19
Asterisk Asterisk 1.4.18 1
Asterisk Asterisk 1.4.18
Asterisk Asterisk 1.4.17
Asterisk Asterisk 1.4.16
Asterisk Asterisk 1.4.15
Asterisk Asterisk 1.4.14
Asterisk Asterisk 1.4.13
Asterisk Asterisk 1.4.12
Asterisk Asterisk 1.4.11
Asterisk Asterisk 1.4.10
Asterisk Asterisk 1.4.9
Asterisk Asterisk 1.4.8
Asterisk Asterisk 1.4.7
Asterisk Asterisk 1.4.6
Asterisk Asterisk 1.4.5
Asterisk Asterisk 1.4.4
Asterisk Asterisk 1.4.3
Asterisk Asterisk 1.4.2
Asterisk Asterisk 1.4.1
Asterisk Asterisk 1.2.35
Asterisk Asterisk 1.2.34
Asterisk Asterisk 1.2.33
Asterisk Asterisk 1.2.32
Asterisk Asterisk 1.2.31
Asterisk Asterisk 1.2.30 4
Asterisk Asterisk 1.2.30 3
Asterisk Asterisk 1.2.30
Asterisk Asterisk 1.2.29
Asterisk Asterisk 1.2.28
Asterisk Asterisk 1.2.27
Asterisk Asterisk 1.2.27
Asterisk Asterisk 1.2.26
Asterisk Asterisk 1.2.25
Asterisk Asterisk 1.2.24
Asterisk Asterisk 1.2.23
Asterisk Asterisk 1.2.22
Asterisk Asterisk 1.2.21
Asterisk Asterisk 1.2.19
Asterisk Asterisk 1.2.18
Asterisk Asterisk 1.2.17
Asterisk Asterisk 1.2.16
Asterisk Asterisk 1.2.15
Asterisk Asterisk 1.2.14
Asterisk Asterisk 1.2.13
Asterisk Asterisk 1.2.11
Asterisk Asterisk 1.2.11
Asterisk Asterisk 1.2.10
Asterisk Asterisk 1.2.9
Asterisk Asterisk 1.2.8
Asterisk Asterisk 1.2.7
Asterisk Asterisk 1.2.6
Asterisk Asterisk 1.2.5
Asterisk Asterisk 1.2 .0-beta2
Asterisk Asterisk 1.2 .0-beta1
Asterisk Asterisk 1.6.1.8
Asterisk Asterisk 1.6.1.7
Asterisk Asterisk 1.6
Asterisk Asterisk 1.4 revision 95946
Asterisk Asterisk 1.4 Beta

不受影响系统
Asterisk s800i Appliance 1.3 6
Asterisk Asterisk Business Edition C.3.2 3
Asterisk Asterisk Business Edition C.2.4 6
Asterisk Asterisk Business Edition B.2.5 13
Asterisk Asterisk 1.6.1 11
Asterisk Asterisk 1.4.27 1
Asterisk Asterisk 1.2.37

危害
远程攻击者可以利用漏洞使应用程序崩溃。

攻击所需条件
攻击者必须访问Asterisk。

漏洞信息
Asterisk是一款开放源码的软件PBX，支持各种VoIP协议和设备。
如果攻击者发送的合法RTP舒适噪音负载包含数据长度为24字节或更多，可导致Asterisk处理时崩溃，造成拒绝服务攻击。

测试方法

厂商解决方案
用户可联系供应商获得Asterisk AST-2009-010-1.2.diff补丁程序：
http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt

漏洞提供者
amorsen

← Apache Tomcat 404错误页跨站脚本漏洞

Haihaisoft Universal Player ‘URL’属性ActiveX控件缓冲区溢出漏洞 →

ZeroBox Vulnerability Database

坚持！我们将做的更好！

Asterisk RTP舒适噪音处理远程拒绝服务漏洞

0 条评论。

发表评论