Digium Asterisk IAX2 Call Number Denial Of Service
Severity: HIGH
CVE Identifier: CVE-2009-2346
Advisory Date: JUL 21, 2015
DESCRIPTION
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1003778
Trend Micro Deep Security DPI Rule Name: 1003778 - Digium Asterisk IAX2 Call Number Denial Of Service
AFFECTED SOFTWARE AND VERSION
- asterisk appliance_s800i 1.3
- asterisk appliance_s800i 1.3.0.2
- asterisk asterisk b.1.3.2
- asterisk asterisk b.1.3.3
- asterisk asterisk b.2.2.0
- asterisk asterisk b.2.2.1
- asterisk asterisk b.2.3.1
- asterisk asterisk b.2.3.2
- asterisk asterisk b.2.3.3
- asterisk asterisk b.2.3.4
- asterisk asterisk b.2.3.5
- asterisk asterisk b.2.3.6
- asterisk asterisk b.2.5.1
- asterisk asterisk b.2.5.3
- asterisk asterisk b.2.5.4
- asterisk asterisk b.2.5.5
- asterisk asterisk b.2.5.6
- asterisk asterisk b.2.5.8
- asterisk asterisk b.2.5.9
- asterisk asterisk c.1.0_beta7
- asterisk asterisk c.1.0_beta8
- asterisk asterisk c.1.10.3
- asterisk asterisk c.1.10.4
- asterisk asterisk c.1.10.5
- asterisk asterisk c.1.6
- asterisk asterisk c.1.6.1
- asterisk asterisk c.1.6.2
- asterisk asterisk c.1.8.1
- asterisk asterisk c.2.1.2.1
- asterisk asterisk c.2.3
- asterisk asterisk c.2.3.3
- asterisk asterisk c.2.4.2
- asterisk asterisk c.3.1.0
- asterisk open_source 1.2.0
- asterisk open_source 1.2.1
- asterisk open_source 1.2.10
- asterisk open_source 1.2.11
- asterisk open_source 1.2.12
- asterisk open_source 1.2.12.1
- asterisk open_source 1.2.13
- asterisk open_source 1.2.14
- asterisk open_source 1.2.15
- asterisk open_source 1.2.16
- asterisk open_source 1.2.17
- asterisk open_source 1.2.18
- asterisk open_source 1.2.19
- asterisk open_source 1.2.2
- asterisk open_source 1.2.20
- asterisk open_source 1.2.21
- asterisk open_source 1.2.21.1
- asterisk open_source 1.2.22
- asterisk open_source 1.2.23
- asterisk open_source 1.2.24
- asterisk open_source 1.2.25
- asterisk open_source 1.2.26
- asterisk open_source 1.2.26.1
- asterisk open_source 1.2.26.2
- asterisk open_source 1.2.27
- asterisk open_source 1.2.28
- asterisk open_source 1.2.29
- asterisk open_source 1.2.3
- asterisk open_source 1.2.30
- asterisk open_source 1.2.30.2
- asterisk open_source 1.2.30.3
- asterisk open_source 1.2.30.4
- asterisk open_source 1.2.31
- asterisk open_source 1.2.32
- asterisk open_source 1.2.33
- asterisk open_source 1.2.34
- asterisk open_source 1.2.4
- asterisk open_source 1.2.5
- asterisk open_source 1.2.6
- asterisk open_source 1.2.7
- asterisk open_source 1.2.7.1
- asterisk open_source 1.2.8
- asterisk open_source 1.2.9
- asterisk open_source 1.2.9.1
- asterisk open_source 1.4.0
- asterisk open_source 1.4.1
- asterisk open_source 1.4.10
- asterisk open_source 1.4.10.1
- asterisk open_source 1.4.11
- asterisk open_source 1.4.12
- asterisk open_source 1.4.12.1
- asterisk open_source 1.4.13
- asterisk open_source 1.4.14
- asterisk open_source 1.4.15
- asterisk open_source 1.4.16
- asterisk open_source 1.4.16.1
- asterisk open_source 1.4.16.2
- asterisk open_source 1.4.17
- asterisk open_source 1.4.18
- asterisk open_source 1.4.18.1
- asterisk open_source 1.4.19
- asterisk open_source 1.4.19.1
- asterisk open_source 1.4.19.2
- asterisk open_source 1.4.2
- asterisk open_source 1.4.20
- asterisk open_source 1.4.21
- asterisk open_source 1.4.21.1
- asterisk open_source 1.4.21.2
- asterisk open_source 1.4.22
- asterisk open_source 1.4.22.1
- asterisk open_source 1.4.22.2
- asterisk open_source 1.4.23
- asterisk open_source 1.4.3
- asterisk open_source 1.4.4
- asterisk open_source 1.4.5
- asterisk open_source 1.4.6
- asterisk open_source 1.4.7
- asterisk open_source 1.4.7.1
- asterisk open_source 1.4.8
- asterisk open_source 1.4.9
- asterisk open_source 1.4beta
- asterisk open_source 1.6.0
- asterisk open_source 1.6.0.1
- asterisk open_source 1.6.0.2
- asterisk open_source 1.6.0.3
- asterisk open_source 1.6.1
- asterisk open_source 1.6.1.0
- asterisk open_source 1.6.1.4
- asterisk open_source 1.6.1.5
- asterisk opensource 1.4.23.2
- asterisk opensource 1.4.24
- asterisk opensource 1.4.24.1
- asterisk opensource 1.4.26
- asterisk opensource 1.4.26.1
Featured Stories
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more
Abusing Argo CD, Helm, and Artifact Hub: An Analysis of Supply Chain Attacks in Cloud-Native ApplicationsWe provide an overview of cloud-native tools and examine how cybercriminals can exploit their vulnerabilities to launch supply chain attacks.Read more