CVE-2009-2726

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.2.x through 1.2.33 Asterisk Open Source versions 1.4.x through 1.4.26 Asterisk Open Source versions 1.6.0.x through 1.6.0.11 Asterisk Open Source versions 1.6.1.x through 1.6.1.3 Asterisk Business Edition A.x.x Asterisk Business Edition B.x.x through B.2.5.8 Asterisk Business Edition C.2.x through C.2.4.0 Asterisk Business Edition C.3.x through C.3.0 Asterisk Appliance s800i versions 1.2.x through 1.2.x before 1.3.0.3

Description The issue allows remote attackers to cause a denial of service via SIP packets containing large sequences of ASCII decimal characters. This can be achieved through vectors related to the CSeq value in a SIP header, large Content-Length value, and SDP.

Recommendations For Asterisk Open Source versions 1.2.x through 1.2.33, update to version 1.2.34 or later. For Asterisk Open Source versions 1.4.x through 1.4.26, update to version 1.4.26.1 or later. For Asterisk Open Source versions 1.6.0.x through 1.6.0.11, update to version 1.6.0.12 or later. For Asterisk Open Source versions 1.6.1.x through 1.6.1.3, update to version 1.6.1.4 or later. For Asterisk Business Edition A.x.x, B.x.x through B.2.5.8, C.2.x through C.2.4.0, and C.3.x through C.3.0, update to the respective fixed versions B.2.5.9, C.2.4.1, and C.3.1. For Asterisk Appliance s800i versions 1.2.x through 1.2.x before 1.3.0.3, update to version 1.3.0.3 or later.