| Release Date | Dec 15, 2009 |
| Severity | High |
| Impact | Denial of Service |
| Description | This indicates an attack attempt against a resource-exhaustion-based denial-of-service vulnerability in Digium's Asterisk.
The vulnerability is caused by a design weakness when the vulnerable software handles a large number of messages. It allows a remote attacker to cause a denial-of-service condition. |
| Affected Products | Asterisk Asterisk Business Edition C.3.1.0 and previous versions
Asterisk Asterisk 1.6.1 5 and previous versions |
| Recommended Actions | Upgrade to the latest versions:
http://www.asterisk.org/ |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2346
|
| Reference/s | http://www.securityfocus.com/bid/36275 (BugTraq)
http://secunia.com/advisories/36593
|