CVE-2009-2346

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.2.x through 1.2.34 Asterisk Open Source versions 1.4.x through 1.4.26.1 Asterisk Open Source versions 1.6.0.x through 1.6.0.14 Asterisk Open Source versions 1.6.1.x through 1.6.1.5 Asterisk Business Edition versions B.x.x through B.2.5.9 Asterisk Business Edition versions C.2.x through C.2.4.2 Asterisk Business Edition versions C.3.x through C.3.0.0 s800i versions 1.3.x through 1.2.9.2 is not mentioned, but s800i version 1.3.0.2 is mentioned as vulnerable, so s800i versions 1.3.x through 1.3.0.2

Description The IAX2 protocol implementation in Asterisk allows remote attackers to cause a denial of service by initiating many IAX2 message exchanges.

Recommendations For Asterisk Open Source versions 1.2.x through 1.2.34, update to version 1.2.35 or later. For Asterisk Open Source versions 1.4.x through 1.4.26.1, update to version 1.4.26.2 or later. For Asterisk Open Source versions 1.6.0.x through 1.6.0.14, update to version 1.6.0.15 or later. For Asterisk Open Source versions 1.6.1.x through 1.6.1.5, update to version 1.6.1.6 or later. For Asterisk Business Edition versions B.x.x through B.2.5.9, update to version B.2.5.10 or later. For Asterisk Business Edition versions C.2.x through C.2.4.2, update to version C.2.4.3 or later. For Asterisk Business Edition versions C.3.x through C.3.0.0, update to version C.3.1.1 or later. For s800i versions 1.3.x through 1.3.0.2, update to version 1.3.0.3 or later.