var-200909-0357
Vulnerability from variot
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263. The problem is CVE-2008-3263 Related toBy a third party IAX2 Service operation disruption by starting message exchange ( Call number exhaustion ) There is a possibility of being put into a state. Asterisk is prone to a remote denial-of-service vulnerability because it fails to properly handle an excessive amount of call numbers. Successful exploits can cause the application to stop accepting connections, resulting in denial-of-service conditions for legitimate users.
The vulnerabilities are caused due to NULL-pointer dereference errors in the "sip_uri_params_cmp()" and "sip_uri_headers_cmp()" functions. This can be exploited to crash the application via a SIP message lacking certain headers.
Successful exploitation requires that the SIP channel driver is configured with the "pedantic" option enabled.
PROVIDED AND/OR DISCOVERED BY: The vendor credits bugs.digium.com user klaus3000. Asterisk Project Security Advisory - AST-2009-006
+------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | IAX2 Call Number Resource Exhaustion | |--------------------+---------------------------------------------------| | Nature of Advisory | Denial of Service | |--------------------+---------------------------------------------------| | Susceptibility | Remote unauthenticated sessions | |--------------------+---------------------------------------------------| | Severity | Major | |--------------------+---------------------------------------------------| | Exploits Known | Yes - Published by Blake Cornell < blake AT | | | remoteorigin DOT com > on voip0day.com | |--------------------+---------------------------------------------------| | Reported On | June 22, 2008 | |--------------------+---------------------------------------------------| | Reported By | Noam Rathaus < noamr AT beyondsecurity DOT com >, | | | with his SSD program, also by Blake Cornell | |--------------------+---------------------------------------------------| | Posted On | September 3, 2009 | |--------------------+---------------------------------------------------| | Last Updated On | September 3, 2009 | |--------------------+---------------------------------------------------| | Advisory Contact | Russell Bryant < russell AT digium DOT com > | |--------------------+---------------------------------------------------| | CVE Name | CVE-2009-2346 | +------------------------------------------------------------------------+
+------------------------------------------------------------------------+ | Description | The IAX2 protocol uses a call number to associate | | | messages with the call that they belong to. However, the | | | protocol defines the call number field in messages as a | | | fixed size 15 bit field. So, if all call numbers are in | | | use, no additional sessions can be handled. | | | | | | A call number gets created at the start of an IAX2 | | | message exchange. So, an attacker can send a large | | | number of messages and consume the call number space. | | | The attack is also possible using spoofed source IP | | | addresses as no handshake is required before a call | | | number is assigned. | +------------------------------------------------------------------------+
+------------------------------------------------------------------------+ | Resolution | Upgrade to a version of Asterisk listed in this document | | | as containing the IAX2 protocol security enhancements. In | | | addition to upgrading, administrators should consult the | | | users guide section of the IAX2 Security document | | | (IAX2-security.pdf), as well as the sample configuration | | | file for chan_iax2 that have been distributed with those | | | releases for assistance with new options that have been | | | provided. | +------------------------------------------------------------------------+
+------------------------------------------------------------------------+ | Discussion | A lot of time was spent trying to come up with a way to | | | resolve this issue in a way that was completely backwards | | | compatible. However, the final resolution ended up | | | requiring a modification to the IAX2 protocol. This | | | modification is referred to as call token validation. | | | Call token validation is used as a handshake before call | | | numbers are assigned to IAX2 connections. | | | | | | Call token validation by itself does not resolve the | | | issue. However, it does allow an IAX2 server to validate | | | that the source of the messages has not been spoofed. In | | | addition to call token validation, Asterisk now also has | | | the ability to limit the amount of call numbers assigned | | | to a given remote IP address. | | | | | | The combination of call token validation and call number | | | allocation limits is used to mitigate this denial of | | | service issue. | | | | | | An alternative approach to securing IAX2 would be to use | | | a security layer on top of IAX2, such as DTLS [RFC4347] | | | or IPsec [RFC4301]. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-20
http://security.gentoo.org/
Severity: Normal Title: Asterisk: Multiple vulnerabilities Date: June 04, 2010 Bugs: #281107, #283624, #284892, #295270 ID: 201006-20
Synopsis
Multiple vulnerabilities in Asterisk might allow remote attackers to cause a Denial of Service condition, or conduct other attacks.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/asterisk < 1.2.37 >= 1.2.37
Description
Multiple vulnerabilities have been reported in Asterisk:
-
Nick Baggott reported that Asterisk does not properly process overly long ASCII strings in various packets (CVE-2009-2726).
-
Noam Rathaus and Blake Cornell reported a flaw in the IAX2 protocol implementation (CVE-2009-2346).
-
amorsen reported an input processing error in the RTP protocol implementation (CVE-2009-4055).
-
Patrik Karlsson reported an information disclosure flaw related to the REGISTER message (CVE-2009-3727).
-
A vulnerability was found in the bundled Prototype JavaScript library, related to AJAX calls (CVE-2008-7220).
Impact
A remote attacker could exploit these vulnerabilities by sending a specially crafted package, possibly causing a Denial of Service condition, or resulting in information disclosure.
Workaround
There is no known workaround at this time.
Resolution
All Asterisk users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.37"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since January 5, 2010. It is likely that your system is already no longer affected by this issue.
References
[ 1 ] CVE-2009-2726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726 [ 2 ] CVE-2009-2346 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346 [ 3 ] CVE-2009-4055 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4055 [ 4 ] CVE-2009-3727 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3727 [ 5 ] CVE-2008-7220 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201006-20.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: Asterisk IAX2 Call Number Exhaustion Denial of Service
SECUNIA ADVISORY ID: SA36593
VERIFY ADVISORY: http://secunia.com/advisories/36593/
DESCRIPTION: A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).
S800i (Asterisk Appliance): Update to version 1.3.0.3.
PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Noam Rathaus * Blake Cornell
ORIGINAL ADVISORY: http://downloads.asterisk.org/pub/security/AST-2009-006.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
The vulnerabilities are caused due to "sscanf()" being invoked without specifying a maximum width e.g. when processing SIP messages. This can be exploited to exhaust stack memory in the SIP stack network thread via overly long numeric strings in various fields of a message.
NOTE: According to the vendor this is only potentially exploitable in 1.6.1 and above
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200909-0357",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "open source",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.2.34"
},
{
"model": "opensource",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.4.24.1"
},
{
"model": "opensource",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.4.26"
},
{
"model": "opensource",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.4.24"
},
{
"model": "appliance s800i",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.3.0.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.2.32"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.2.33"
},
{
"model": "appliance s800i",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.2.31"
},
{
"model": "opensource",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "1.4.23.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.22"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.9"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.10"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.12"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.23"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.30.4"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "1.6.1.4"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.21.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.6.0.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.12.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.23"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.19.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.9"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.0_beta7"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.2.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.14"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.13"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.26.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4beta"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.5.9"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.26.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.17"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.2.1.2.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.5.5"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.16"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.3.1.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.8"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.5.4"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.6"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.14"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.5.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "sangoma",
"version": "1.6.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.3.6"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.5.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.6.0.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.21"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.6.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.10.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.7"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.19"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.16.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.6.0.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.19"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.7.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.2.4.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.17"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.5"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.7"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.21.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.3.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.27"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.18"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.13"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.21"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.6.1.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.1.3.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.21.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.3.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.16"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.30"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.22.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.8.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.11"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.5.8"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.12"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.18"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.19.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.0_beta8"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.10.4"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.2.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.30.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.9.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.15"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.3.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.7.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.2.3.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.6.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.3"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.10.5"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.6"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.20"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.4"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.11"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.5.6"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.6.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.8"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.28"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.6.1.5"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.1.3.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.30.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.22.2"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.6"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.12.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.25"
},
{
"model": "opensource",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.26.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.10"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.15"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.26"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.3.5"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.5"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.4"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.16.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.18.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.2.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "b.2.3.4"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "c.1.10.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.22"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.4.20"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.24"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.2.29"
},
{
"model": "appliance s800i",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "1.3.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "business edition of b.2.5.10"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "b.x.x"
},
{
"model": "asterisk open source",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "1.4.x"
},
{
"model": "asterisk open source",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "1.6.0.x"
},
{
"model": "asterisk open source",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "1.6.0.15"
},
{
"model": "asterisk open source",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "1.2.x"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "c.2.4.3"
},
{
"model": "asterisk open source",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "1.4.26.2"
},
{
"model": "asterisk open source",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "1.2.35"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "c.2.4.3"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "c.3.1.1"
},
{
"model": "asterisk open source",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "1.6.1.x"
},
{
"model": "appliance s800i",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "1.3.0.3"
},
{
"model": "asterisk open source",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "1.6.1.6"
},
{
"model": "asterisk",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "c.3.x"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "s800i appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.3.2"
},
{
"model": "s800i appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.3"
},
{
"model": "business edition c.3.1.0",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.2.4.2",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.2.3.3",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.2.3",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": ".2"
},
{
"model": "business edition c.2.3",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.2.1.2.1",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.8.1",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.6.2",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.6.1",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.6",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.10.5",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.10.4",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.10.3",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.0-beta8",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition c.1.0-beta7",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.9",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.8",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.6",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.5",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.4",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.3",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.2",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.1",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.3.6",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.3.5",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.3.4",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.3.3",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.3.2",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.3.1",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.2.1",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.2.0",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.1.3.3",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.1.3.2",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "0-rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.1"
},
{
"model": "0-rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.1.5"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.1"
},
{
"model": "beta6",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.66"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.8"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.26"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.24.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.24"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.23.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.23.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.23"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.22"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.19.1"
},
{
"model": "-rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.19"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.19"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.18"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.17"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.16"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.15"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.14"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.13"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.12"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.11"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.10"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.9"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.8"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.7"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.6"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.5"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.4"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.3"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.34"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.33"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.32"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.31"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.30"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.29"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.28"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.27"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.26"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.25"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.24"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.23"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.22"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.21"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.19"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.18"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.17"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.16"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.15"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.14"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.13"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.11"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.10"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.9"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.8"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.7"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.6"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.5"
},
{
"model": ".0-beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2"
},
{
"model": ".0-beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.0.3"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.0.14"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.26.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.22.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.21.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.18.1"
},
{
"model": "revision",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.495946"
},
{
"model": "beta",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.30.4"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.30.3"
},
{
"model": "s800i appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.3.0.3"
},
{
"model": "business edition c.3.1",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "1"
},
{
"model": "business edition c.2.4.3",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "business edition b.2.5.10",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "asterisk",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.1.6"
},
{
"model": "asterisk",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.2.35"
},
{
"model": "asterisk",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.6.0.15"
},
{
"model": "asterisk",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.4.26.2"
}
],
"sources": [
{
"db": "BID",
"id": "36275"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-091"
},
{
"db": "NVD",
"id": "CVE-2009-2346"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:digium:appliance_s800i",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:digium:asterisk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:digium:open_source",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Russell Bryant russell@digium.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200909-091"
}
],
"trust": 0.6
},
"cve": "CVE-2009-2346",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-2346",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-2346",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-2346",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200909-091",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2009-2346",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-2346"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-091"
},
{
"db": "NVD",
"id": "CVE-2009-2346"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263. The problem is CVE-2008-3263 Related toBy a third party IAX2 Service operation disruption by starting message exchange ( Call number exhaustion ) There is a possibility of being put into a state. Asterisk is prone to a remote denial-of-service vulnerability because it fails to properly handle an excessive amount of call numbers. \nSuccessful exploits can cause the application to stop accepting connections, resulting in denial-of-service conditions for legitimate users. \n\nThe vulnerabilities are caused due to NULL-pointer dereference errors\nin the \"sip_uri_params_cmp()\" and \"sip_uri_headers_cmp()\" functions. \nThis can be exploited to crash the application via a SIP message\nlacking certain headers. \n\nSuccessful exploitation requires that the SIP channel driver is\nconfigured with the \"pedantic\" option enabled. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits bugs.digium.com user klaus3000. Asterisk Project Security Advisory - AST-2009-006\n\n +------------------------------------------------------------------------+\n | Product | Asterisk |\n |--------------------+---------------------------------------------------|\n | Summary | IAX2 Call Number Resource Exhaustion |\n |--------------------+---------------------------------------------------|\n | Nature of Advisory | Denial of Service |\n |--------------------+---------------------------------------------------|\n | Susceptibility | Remote unauthenticated sessions |\n |--------------------+---------------------------------------------------|\n | Severity | Major |\n |--------------------+---------------------------------------------------|\n | Exploits Known | Yes - Published by Blake Cornell \u003c blake AT |\n | | remoteorigin DOT com \u003e on voip0day.com |\n |--------------------+---------------------------------------------------|\n | Reported On | June 22, 2008 |\n |--------------------+---------------------------------------------------|\n | Reported By | Noam Rathaus \u003c noamr AT beyondsecurity DOT com \u003e, |\n | | with his SSD program, also by Blake Cornell |\n |--------------------+---------------------------------------------------|\n | Posted On | September 3, 2009 |\n |--------------------+---------------------------------------------------|\n | Last Updated On | September 3, 2009 |\n |--------------------+---------------------------------------------------|\n | Advisory Contact | Russell Bryant \u003c russell AT digium DOT com \u003e |\n |--------------------+---------------------------------------------------|\n | CVE Name | CVE-2009-2346 |\n +------------------------------------------------------------------------+\n\n +------------------------------------------------------------------------+\n | Description | The IAX2 protocol uses a call number to associate |\n | | messages with the call that they belong to. However, the |\n | | protocol defines the call number field in messages as a |\n | | fixed size 15 bit field. So, if all call numbers are in |\n | | use, no additional sessions can be handled. |\n | | |\n | | A call number gets created at the start of an IAX2 |\n | | message exchange. So, an attacker can send a large |\n | | number of messages and consume the call number space. |\n | | The attack is also possible using spoofed source IP |\n | | addresses as no handshake is required before a call |\n | | number is assigned. |\n +------------------------------------------------------------------------+\n\n +------------------------------------------------------------------------+\n | Resolution | Upgrade to a version of Asterisk listed in this document |\n | | as containing the IAX2 protocol security enhancements. In |\n | | addition to upgrading, administrators should consult the |\n | | users guide section of the IAX2 Security document |\n | | (IAX2-security.pdf), as well as the sample configuration |\n | | file for chan_iax2 that have been distributed with those |\n | | releases for assistance with new options that have been |\n | | provided. |\n +------------------------------------------------------------------------+\n\n +------------------------------------------------------------------------+\n | Discussion | A lot of time was spent trying to come up with a way to |\n | | resolve this issue in a way that was completely backwards |\n | | compatible. However, the final resolution ended up |\n | | requiring a modification to the IAX2 protocol. This |\n | | modification is referred to as call token validation. |\n | | Call token validation is used as a handshake before call |\n | | numbers are assigned to IAX2 connections. |\n | | |\n | | Call token validation by itself does not resolve the |\n | | issue. However, it does allow an IAX2 server to validate |\n | | that the source of the messages has not been spoofed. In |\n | | addition to call token validation, Asterisk now also has |\n | | the ability to limit the amount of call numbers assigned |\n | | to a given remote IP address. |\n | | |\n | | The combination of call token validation and call number |\n | | allocation limits is used to mitigate this denial of |\n | | service issue. |\n | | |\n | | An alternative approach to securing IAX2 would be to use |\n | | a security layer on top of IAX2, such as DTLS [RFC4347] |\n | | or IPsec [RFC4301]. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. This fixes some\nvulnerabilities, which can be exploited by malicious people to cause\na DoS (Denial of Service). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201006-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Asterisk: Multiple vulnerabilities\n Date: June 04, 2010\n Bugs: #281107, #283624, #284892, #295270\n ID: 201006-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in Asterisk might allow remote attackers to\ncause a Denial of Service condition, or conduct other attacks. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/asterisk \u003c 1.2.37 \u003e= 1.2.37\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in Asterisk:\n\n* Nick Baggott reported that Asterisk does not properly process\n overly long ASCII strings in various packets (CVE-2009-2726). \n\n* Noam Rathaus and Blake Cornell reported a flaw in the IAX2 protocol\n implementation (CVE-2009-2346). \n\n* amorsen reported an input processing error in the RTP protocol\n implementation (CVE-2009-4055). \n\n* Patrik Karlsson reported an information disclosure flaw related to\n the REGISTER message (CVE-2009-3727). \n\n* A vulnerability was found in the bundled Prototype JavaScript\n library, related to AJAX calls (CVE-2008-7220). \n\nImpact\n======\n\nA remote attacker could exploit these vulnerabilities by sending a\nspecially crafted package, possibly causing a Denial of Service\ncondition, or resulting in information disclosure. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Asterisk users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/asterisk-1.2.37\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since January 5, 2010. It is likely that your system is\nalready no longer affected by this issue. \n\nReferences\n==========\n\n [ 1 ] CVE-2009-2726\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726\n [ 2 ] CVE-2009-2346\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346\n [ 3 ] CVE-2009-4055\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4055\n [ 4 ] CVE-2009-3727\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3727\n [ 5 ] CVE-2008-7220\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201006-20.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2010 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nAsterisk IAX2 Call Number Exhaustion Denial of Service\n\nSECUNIA ADVISORY ID:\nSA36593\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/36593/\n\nDESCRIPTION:\nA vulnerability has been reported in Asterisk, which can be exploited\nby malicious people to cause a DoS (Denial of Service). \n\nS800i (Asterisk Appliance):\nUpdate to version 1.3.0.3. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n* Noam Rathaus\n* Blake Cornell\n\nORIGINAL ADVISORY:\nhttp://downloads.asterisk.org/pub/security/AST-2009-006.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nThe vulnerabilities are caused due to \"sscanf()\" being invoked\nwithout specifying a maximum width e.g. when processing SIP messages. \nThis can be exploited to exhaust stack memory in the SIP stack network\nthread via overly long numeric strings in various fields of a\nmessage. \n\nNOTE: According to the vendor this is only potentially exploitable in\n1.6.1 and above",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2346"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"db": "BID",
"id": "36275"
},
{
"db": "VULMON",
"id": "CVE-2009-2346"
},
{
"db": "PACKETSTORM",
"id": "75661"
},
{
"db": "PACKETSTORM",
"id": "80978"
},
{
"db": "PACKETSTORM",
"id": "81677"
},
{
"db": "PACKETSTORM",
"id": "90288"
},
{
"db": "PACKETSTORM",
"id": "81003"
},
{
"db": "PACKETSTORM",
"id": "80408"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2346",
"trust": 3.0
},
{
"db": "BID",
"id": "36275",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "36593",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1022819",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003591",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20090903 AST-2009-006: IAX2 CALL NUMBER RESOURCE EXHAUSTION",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200909-091",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2009-2346",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "34229",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "75661",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80978",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "36889",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81677",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "90288",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81003",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "36227",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80408",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-2346"
},
{
"db": "BID",
"id": "36275"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"db": "PACKETSTORM",
"id": "75661"
},
{
"db": "PACKETSTORM",
"id": "80978"
},
{
"db": "PACKETSTORM",
"id": "81677"
},
{
"db": "PACKETSTORM",
"id": "90288"
},
{
"db": "PACKETSTORM",
"id": "81003"
},
{
"db": "PACKETSTORM",
"id": "80408"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-091"
},
{
"db": "NVD",
"id": "CVE-2009-2346"
}
]
},
"id": "VAR-200909-0357",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19659443
},
"last_update_date": "2024-11-23T21:05:16.396000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AST-2009-006",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/AST-2009-006.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"db": "NVD",
"id": "CVE-2009-2346"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2009-006.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/36275"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/36593"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1022819"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/506257/100/0/threaded"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2346"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2346"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/506257/100/0/threaded"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.4,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.4,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.3,
"url": "http://www.asterisk.org/"
},
{
"trust": 0.3,
"url": "/archive/1/506257"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/34229/"
},
{
"trust": 0.2,
"url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.2.diff.txt"
},
{
"trust": 0.2,
"url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.4.diff.txt"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2346"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/36227/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/36593/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-002.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/try_vi/"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/view.php?id=12912"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-006.html"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.6.0.diff.txt|1.6.0"
},
{
"trust": 0.1,
"url": "http://www.beyondsecurity.com/ssd.html"
},
{
"trust": 0.1,
"url": "http://www.rfc-editor.org/authors/rfc5456.txt"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.6.1.diff.txt|1.6.1"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-006.pdf"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/36889/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-september/msg00783.html"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4055"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3727"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201006-20.xml"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4055"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-7220"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7220"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2726"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2726"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.6.0.diff.txt"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2009-006-1.6.1.diff.txt"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-005-1.4.diff.txt"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-005-1.6.0.diff.txt"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-005-1.6.2.diff.txt"
},
{
"trust": 0.1,
"url": "http://labs.mudynamics.com/advisories/mu-200908-01.txt"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2009-005.html"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-005-1.6.1.diff.txt"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-005-1.2.diff.txt"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2009-005-trunk.diff.txt"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-2346"
},
{
"db": "BID",
"id": "36275"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"db": "PACKETSTORM",
"id": "75661"
},
{
"db": "PACKETSTORM",
"id": "80978"
},
{
"db": "PACKETSTORM",
"id": "81677"
},
{
"db": "PACKETSTORM",
"id": "90288"
},
{
"db": "PACKETSTORM",
"id": "81003"
},
{
"db": "PACKETSTORM",
"id": "80408"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-091"
},
{
"db": "NVD",
"id": "CVE-2009-2346"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2009-2346"
},
{
"db": "BID",
"id": "36275"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"db": "PACKETSTORM",
"id": "75661"
},
{
"db": "PACKETSTORM",
"id": "80978"
},
{
"db": "PACKETSTORM",
"id": "81677"
},
{
"db": "PACKETSTORM",
"id": "90288"
},
{
"db": "PACKETSTORM",
"id": "81003"
},
{
"db": "PACKETSTORM",
"id": "80408"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-091"
},
{
"db": "NVD",
"id": "CVE-2009-2346"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2009-2346"
},
{
"date": "2009-09-03T00:00:00",
"db": "BID",
"id": "36275"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"date": "2009-03-11T08:30:33",
"db": "PACKETSTORM",
"id": "75661"
},
{
"date": "2009-09-04T01:28:46",
"db": "PACKETSTORM",
"id": "80978"
},
{
"date": "2009-09-28T05:54:05",
"db": "PACKETSTORM",
"id": "81677"
},
{
"date": "2010-06-04T05:34:39",
"db": "PACKETSTORM",
"id": "90288"
},
{
"date": "2009-09-04T15:24:50",
"db": "PACKETSTORM",
"id": "81003"
},
{
"date": "2009-08-17T09:58:53",
"db": "PACKETSTORM",
"id": "80408"
},
{
"date": "2009-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200909-091"
},
{
"date": "2009-09-08T18:30:00.203000",
"db": "NVD",
"id": "CVE-2009-2346"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULMON",
"id": "CVE-2009-2346"
},
{
"date": "2015-04-13T22:21:00",
"db": "BID",
"id": "36275"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-003591"
},
{
"date": "2009-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200909-091"
},
{
"date": "2024-11-21T01:04:39.463000",
"db": "NVD",
"id": "CVE-2009-2346"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "90288"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-091"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asterisk Open Source of IAX2 Service disruption in protocol implementation (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-003591"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200909-091"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.