Vulnerability Name:

CVE-2010-0441 (CCN-56076)

Assigned:2010-02-03
Published:2010-02-03
Updated:2018-10-10
Summary:Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2010-0441

Source: CONFIRM
Type: Patch
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff

Source: CONFIRM
Type: Patch
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff

Source: CONFIRM
Type: UNKNOWN
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff

Source: CCN
Type: Asterisk Project Security Advisory - AST-2010-001
T.38 Remote Crash Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://downloads.asterisk.org/pub/security/AST-2010-001.html

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-3724

Source: CCN
Type: SA38395
Asterisk T.38 Negotiation Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
38395

Source: SECUNIA
Type: UNKNOWN
39096

Source: CCN
Type: SECTRACK ID: 1023532
Asterisk T.38 Processing Flaw Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1023532

Source: CCN
Type: OSVDB ID: 62089
Asterisk T.38 SDP Packet FaxMaxDatagram Field Remote DoS

Source: BUGTRAQ
Type: UNKNOWN
20100202 AST-2010-001: T.38 Remote Crash Vulnerability

Source: BID
Type: UNKNOWN
38047

Source: CCN
Type: BID-38047
Asterisk T.38 'FaxMaxDatagram' Remote Denial of Service Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2010-0289

Source: XF
Type: UNKNOWN
asterisk-t38-dos(56076)

Source: CONFIRM
Type: UNKNOWN
https://issues.asterisk.org/view.php?id=16517

Source: CONFIRM
Type: UNKNOWN
https://issues.asterisk.org/view.php?id=16634

Source: CONFIRM
Type: UNKNOWN
https://issues.asterisk.org/view.php?id=16724

Vulnerable Configuration:Configuration 1:
  • cpe:/a:asterisk:asterisk:1.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.16-rc1:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.16-rc2:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.18-rc1:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.18-rc2:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.18-rc3:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.20-rc1:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.0.21-rc1:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.7-rc1:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.7-rc2:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.10-rc1:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.10-rc2:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.10-rc3:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.12-rc1:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.1.13-rc1:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.2.1-rc1:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.10-rc1:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:1.6.10-rc2:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:c.3.1.0:*:business:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:c.3.1.1:*:business:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:c.3.2.2:*:business:*:*:*:*:*
  • OR cpe:/a:asterisk:asterisk:c.3.3.3:*:business:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:digium:asterisk:c.3.0:-:business:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    asterisk asterisk 1.6.0
    asterisk asterisk 1.6.0.1
    asterisk asterisk 1.6.0.2
    asterisk asterisk 1.6.0.3
    asterisk asterisk 1.6.0.5
    asterisk asterisk 1.6.0.6
    asterisk asterisk 1.6.0.7
    asterisk asterisk 1.6.0.8
    asterisk asterisk 1.6.0.9
    asterisk asterisk 1.6.0.10
    asterisk asterisk 1.6.0.12
    asterisk asterisk 1.6.0.13
    asterisk asterisk 1.6.0.14
    asterisk asterisk 1.6.0.15
    asterisk asterisk 1.6.0.16-rc1
    asterisk asterisk 1.6.0.16-rc2
    asterisk asterisk 1.6.0.17
    asterisk asterisk 1.6.0.18
    asterisk asterisk 1.6.0.18-rc1
    asterisk asterisk 1.6.0.18-rc2
    asterisk asterisk 1.6.0.18-rc3
    asterisk asterisk 1.6.0.19
    asterisk asterisk 1.6.0.20
    asterisk asterisk 1.6.0.20-rc1
    asterisk asterisk 1.6.0.21
    asterisk asterisk 1.6.0.21-rc1
    asterisk asterisk 1.6.1.0
    asterisk asterisk 1.6.1.1
    asterisk asterisk 1.6.1.2
    asterisk asterisk 1.6.1.4
    asterisk asterisk 1.6.1.5
    asterisk asterisk 1.6.1.6
    asterisk asterisk 1.6.1.7-rc1
    asterisk asterisk 1.6.1.7-rc2
    asterisk asterisk 1.6.1.8
    asterisk asterisk 1.6.1.9
    asterisk asterisk 1.6.1.10
    asterisk asterisk 1.6.1.10-rc1
    asterisk asterisk 1.6.1.10-rc2
    asterisk asterisk 1.6.1.10-rc3
    asterisk asterisk 1.6.1.11
    asterisk asterisk 1.6.1.12
    asterisk asterisk 1.6.1.12-rc1
    asterisk asterisk 1.6.1.13
    asterisk asterisk 1.6.1.13-rc1
    asterisk asterisk 1.6.2.1
    asterisk asterisk 1.6.2.1-rc1
    asterisk asterisk 1.6.10-rc1
    asterisk asterisk 1.6.10-rc2
    asterisk asterisk c.3.1.0
    asterisk asterisk c.3.1.1
    asterisk asterisk c.3.2.2
    asterisk asterisk c.3.3.3
    digium asterisk c.3.0 -