Candidate: CVE-2010-0441
PublicDate: 2010-02-04 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0441
 http://downloads.asterisk.org/pub/security/AST-2010-001.html
Description:
 Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and
 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows
 remote attackers to cause a denial of service (daemon crash) via an SIP
 T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2)
 modified to contain a negative number, or (3) modified to contain a large
 number.
Ubuntu-Description:
Notes:
Bugs:
 https://issues.asterisk.org/view.php?id=16724
 https://issues.asterisk.org/view.php?id=16634
 https://issues.asterisk.org/view.php?id=16517
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_asterisk:
 upstream: http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff
 upstream: http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff
 upstream: http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff
upstream_asterisk: released (1.6.0.22,1.6.1.14,1.6.2.2)
dapper_asterisk: ignored (reached end-of-life)
hardy_asterisk: not-affected
intrepid_asterisk: needs-triage (reached end-of-life)
jaunty_asterisk: ignored (reached end-of-life)
karmic_asterisk: ignored (reached end-of-life)
lucid_asterisk: not-affected (1:1.6.2.5-0ubuntu1.3)
maverick_asterisk: not-affected (1:1.6.2.7-1ubuntu1.1)
natty_asterisk: not-affected (1:1.6.2.9-2ubuntu2)
devel_asterisk: not-affected (1:1.8.3.3-1ubuntu1)