CVE		CVE-2009-4055
Status		Candidate
Description		rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.
Severity		Medium
CVSS score		5
CVSS vector		(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Phase		Assigned (23.12.2009)
NVD:		http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4055
References		BID : 37153
		BUGTRAQ : 20091130 AST-2009-010: RTP Remote Crash Vulnerability
		CONFIRM : http://downloads.asterisk.org/pub/security/AST-200...
		CONFIRM : http://downloads.asterisk.org/pub/security/AST-200...
		CONFIRM : http://downloads.asterisk.org/pub/security/AST-200...
		CONFIRM : http://downloads.asterisk.org/pub/security/AST-200...
		CONFIRM : http://downloads.digium.com/pub/security/AST-2009-...
		CONFIRM : https://issues.asterisk.org/view.php?id=16242
		DEBIAN : DSA-1952
		FEDORA : FEDORA-2009-12461
		OSVDB : 60569
		SECTRACK : 1023249
		SECUNIA : 37530
		SECUNIA : 37677
		SECUNIA : 37708
		VUPEN : ADV-2009-3368
		XF : asterisk-rtp-comfortnoise-dos(54471)
SecurityVulns:		Asterisk RTP DoS