Candidate: CVE-2009-2726
PublicDate: 2009-08-12 10:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726
 http://downloads.asterisk.org/pub/security/AST-2009-005.html
Description:
 The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x
 before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4;
 Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before
 C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before
 1.3.0.3 does not use a maximum width when invoking sscanf style functions,
 which allows remote attackers to cause a denial of service (stack memory
 consumption) via SIP packets containing large sequences of ASCII decimal
 characters, as demonstrated via vectors related to (1) the CSeq value in a
 SIP header, (2) large Content-Length value, and (3) SDP.
Ubuntu-Description:
Notes:
 jdstrand> per the AST, this changes all the scanf functions. Upstream
  says: "Note that while this potential vulnerability has existed in Asterisk
  for a very long time, it is only potentially exploitable in 1.6.1 and above,
  since those versions are the first that have allowed SIP packets to exceed
  1500 bytes total, which does not permit strings that are large enough to
  crash Asterisk." Deferring for now.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_asterisk:
 upstream: http://downloads.digium.com/pub/security/AST-2009-005-1.4.diff.txt
upstream_asterisk: released (1:1.6.2.0~dfsg~beta4-0ubuntu2)
dapper_asterisk: deferred
hardy_asterisk: ignored (reached end-of-life)
intrepid_asterisk: deferred
jaunty_asterisk: deferred
karmic_asterisk: not-affected (1.6.2)
lucid_asterisk: not-affected (1.6.2)
maverick_asterisk: not-affected (1.6.2)
natty_asterisk: not-affected (1.6.2)
devel_asterisk: not-affected (1.6.2)