CVE-2010-0441

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.6.0.x through 1.6.0.21 Asterisk Open Source versions 1.6.1.x through 1.6.1.13 Asterisk Open Source versions 1.6.2.x through 1.6.2.1 Asterisk Business Edition C.3 versions prior to C.3.3.2

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This can be achieved via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is either missing, modified to contain a negative number, or modified to contain a large number.

Recommendations For Asterisk Open Source versions 1.6.0.x through 1.6.0.21, update to version 1.6.0.22 or later. For Asterisk Open Source versions 1.6.1.x through 1.6.1.13, update to version 1.6.1.14 or later. For Asterisk Open Source versions 1.6.2.x through 1.6.2.1, update to version 1.6.2.2 or later. For Asterisk Business Edition C.3 versions prior to C.3.3.2, update to version C.3.3.2 or later.