Remotely exploitable denial of service (crash) has been reported
and corrected in Asterisk. From the upstream advisory (AST-2010-0001):
"An attacker attempting to negotiate T.38 over SIP can remotely crash
Asterisk by modifying the FaxMaxDatagram field of the SDP to contain
either a negative or exceptionally large value. The same crash occurs
when the FaxMaxDatagram field is omitted from the SDP as well."
Credit / Reported by:
issues.asterisk.org users bklang and elsto
This issue affects latest versions of the asterisk package, as shipped
within Fedora release of 11 (asterisk-22.214.171.124-1.fc11) and
https://bugzilla.redhat.com/show_bug.cgi?id=566829 appear to be duplicates.
asterisk-126.96.36.199-1.fc13 has been submitted as an update for Fedora 13.
asterisk-188.8.131.52-1.fc12 has been submitted as an update for Fedora 12.
*** Bug 566829 has been marked as a duplicate of this bug. ***
asterisk-184.108.40.206-1.fc11 has been submitted as an update for Fedora 11.
asterisk-220.127.116.11-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
asterisk-18.104.22.168-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.