Vulnerabilites related to asterisk - asterisk_business_edition
cve-2008-0095
Vulnerability from cvelistv5
Published
2008-01-08 02:00
Modified
2024-08-07 07:32
Severity ?
EPSS score ?
Summary
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T07:32:23.897Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "27110", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/27110", }, { name: "FEDORA-2008-0199", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html", }, { name: "ADV-2008-0019", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0019", }, { name: "20080102 AST-2008-001: Crash from transfer using BYE with Also header", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/485727/100/0/threaded", }, { name: "asterisk-bye-also-dos(39361)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361", }, { name: "3520", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/3520", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://bugs.digium.com/view.php?id=11637", }, { name: "28312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28312", }, { name: "1019152", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1019152", }, { name: "FEDORA-2008-0198", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://downloads.digium.com/pub/security/AST-2008-001.html", }, { name: "28299", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28299", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-01-02T00:00:00", descriptions: [ { lang: "en", value: "The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "27110", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/27110", }, { name: "FEDORA-2008-0199", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html", }, { name: "ADV-2008-0019", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0019", }, { name: "20080102 AST-2008-001: Crash from transfer using BYE with Also header", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/485727/100/0/threaded", }, { name: "asterisk-bye-also-dos(39361)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361", }, { name: "3520", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/3520", }, { tags: [ "x_refsource_MISC", ], url: "http://bugs.digium.com/view.php?id=11637", }, { name: "28312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28312", }, { name: "1019152", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1019152", }, { name: "FEDORA-2008-0198", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://downloads.digium.com/pub/security/AST-2008-001.html", }, { name: "28299", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28299", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-0095", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "27110", refsource: "BID", url: "http://www.securityfocus.com/bid/27110", }, { name: "FEDORA-2008-0199", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html", }, { name: "ADV-2008-0019", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/0019", }, { name: "20080102 AST-2008-001: Crash from transfer using BYE with Also header", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/485727/100/0/threaded", }, { name: "asterisk-bye-also-dos(39361)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361", }, { name: "3520", refsource: "SREASON", url: "http://securityreason.com/securityalert/3520", }, { name: "http://bugs.digium.com/view.php?id=11637", refsource: "MISC", url: "http://bugs.digium.com/view.php?id=11637", }, { name: "28312", refsource: "SECUNIA", url: "http://secunia.com/advisories/28312", }, { name: "1019152", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1019152", }, { name: "FEDORA-2008-0198", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html", }, { name: "http://downloads.digium.com/pub/security/AST-2008-001.html", refsource: "CONFIRM", url: "http://downloads.digium.com/pub/security/AST-2008-001.html", }, { name: "28299", refsource: "SECUNIA", url: "http://secunia.com/advisories/28299", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-0095", datePublished: "2008-01-08T02:00:00", dateReserved: "2008-01-07T00:00:00", dateUpdated: "2024-08-07T07:32:23.897Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1390
Vulnerability from cvelistv5
Published
2008-03-24 17:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/3764 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/28316 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/489819/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41304 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/29449 | third-party-advisory, x_refsource_SECUNIA | |
| http://downloads.digium.com/pub/security/AST-2008-005.html | x_refsource_CONFIRM | |
| https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securitytracker.com/id?1019679 | vdb-entry, x_refsource_SECTRACK | |
| https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/29470 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:17:34.588Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "3764", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/3764", }, { name: "28316", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/28316", }, { name: "20080318 AST-2008-005: HTTP Manager ID is predictable", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/489819/100/0/threaded", }, { name: "asterisk-httpmanagerid-weak-security(41304)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304", }, { name: "29449", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29449", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://downloads.digium.com/pub/security/AST-2008-005.html", }, { name: "FEDORA-2008-2554", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", }, { name: "1019679", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1019679", }, { name: "FEDORA-2008-2620", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", }, { name: "29470", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29470", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-03-18T00:00:00", descriptions: [ { lang: "en", value: "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "3764", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/3764", }, { name: "28316", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/28316", }, { name: "20080318 AST-2008-005: HTTP Manager ID is predictable", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/489819/100/0/threaded", }, { name: "asterisk-httpmanagerid-weak-security(41304)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304", }, { name: "29449", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29449", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://downloads.digium.com/pub/security/AST-2008-005.html", }, { name: "FEDORA-2008-2554", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", }, { name: "1019679", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1019679", }, { name: "FEDORA-2008-2620", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", }, { name: "29470", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29470", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-1390", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "3764", refsource: "SREASON", url: "http://securityreason.com/securityalert/3764", }, { name: "28316", refsource: "BID", url: "http://www.securityfocus.com/bid/28316", }, { name: "20080318 AST-2008-005: HTTP Manager ID is predictable", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/489819/100/0/threaded", }, { name: "asterisk-httpmanagerid-weak-security(41304)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304", }, { name: "29449", refsource: "SECUNIA", url: "http://secunia.com/advisories/29449", }, { name: "http://downloads.digium.com/pub/security/AST-2008-005.html", refsource: "CONFIRM", url: "http://downloads.digium.com/pub/security/AST-2008-005.html", }, { name: "FEDORA-2008-2554", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", }, { name: "1019679", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1019679", }, { name: "FEDORA-2008-2620", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", }, { name: "29470", refsource: "SECUNIA", url: "http://secunia.com/advisories/29470", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-1390", datePublished: "2008-03-24T17:00:00", dateReserved: "2008-03-18T00:00:00", dateUpdated: "2024-08-07T08:17:34.588Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1897
Vulnerability from cvelistv5
Published
2008-04-23 00:00
Modified
2024-08-07 08:40
Severity ?
EPSS score ?
Summary
The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:40:59.845Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-200905-01", tags: [ "vendor-advisory", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { name: "29927", tags: [ "third-party-advisory", "x_transferred", ], url: "http://secunia.com/advisories/29927", }, { name: "asterisk-iax2protocol-ack-dos(41966)", tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966", }, { name: "28901", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/28901", }, { name: "30010", tags: [ "third-party-advisory", "x_transferred", ], url: "http://secunia.com/advisories/30010", }, { name: "ADV-2008-1324", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1324", }, { tags: [ "x_transferred", ], url: "http://downloads.digium.com/pub/security/AST-2008-006.html", }, { tags: [ "x_transferred", ], url: "http://bugs.digium.com/view.php?id=10078", }, { name: "FEDORA-2008-3390", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html", }, { name: "20080422 AST-2008-006 - 3-way handshake in IAX2 incomplete", tags: [ "mailing-list", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/491220/100/0/threaded", }, { tags: [ "x_transferred", ], url: "http://www.altsci.com/concepts/page.php?s=asteri&p=2", }, { name: "30042", tags: [ "third-party-advisory", "x_transferred", ], url: "http://secunia.com/advisories/30042", }, { name: "DSA-1563", tags: [ "vendor-advisory", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1563", }, { name: "34982", tags: [ "third-party-advisory", "x_transferred", ], url: "http://secunia.com/advisories/34982", }, { name: "1019918", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securitytracker.com/id?1019918", }, { name: "FEDORA-2008-3365", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html", }, { tags: [ "x_transferred", ], url: "https://downloads.asterisk.org/pub/security/AST-2008-006.html", }, { tags: [ "x_transferred", ], url: "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83", }, { tags: [ "x_transferred", ], url: "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2", }, { tags: [ "x_transferred", ], url: "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a", }, { tags: [ "x_transferred", ], url: "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90", }, { tags: [ "x_transferred", ], url: "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6", }, { tags: [ "x_transferred", ], url: "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e", }, { tags: [ "x_transferred", ], url: "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b", }, { tags: [ "x_transferred", ], url: "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7", }, { tags: [ "x_transferred", ], url: "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb", }, { tags: [ "x_transferred", ], url: "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-04-22T00:00:00", descriptions: [ { lang: "en", value: "The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-20T02:02:11.362982", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "GLSA-200905-01", tags: [ "vendor-advisory", ], url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { name: "29927", tags: [ "third-party-advisory", ], url: "http://secunia.com/advisories/29927", }, { name: "asterisk-iax2protocol-ack-dos(41966)", tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966", }, { name: "28901", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/28901", }, { name: "30010", tags: [ "third-party-advisory", ], url: "http://secunia.com/advisories/30010", }, { name: "ADV-2008-1324", tags: [ "vdb-entry", ], url: "http://www.vupen.com/english/advisories/2008/1324", }, { url: "http://downloads.digium.com/pub/security/AST-2008-006.html", }, { url: "http://bugs.digium.com/view.php?id=10078", }, { name: "FEDORA-2008-3390", tags: [ "vendor-advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html", }, { name: "20080422 AST-2008-006 - 3-way handshake in IAX2 incomplete", tags: [ "mailing-list", ], url: "http://www.securityfocus.com/archive/1/491220/100/0/threaded", }, { url: "http://www.altsci.com/concepts/page.php?s=asteri&p=2", }, { name: "30042", tags: [ "third-party-advisory", ], url: "http://secunia.com/advisories/30042", }, { name: "DSA-1563", tags: [ "vendor-advisory", ], url: "http://www.debian.org/security/2008/dsa-1563", }, { name: "34982", tags: [ "third-party-advisory", ], url: "http://secunia.com/advisories/34982", }, { name: "1019918", tags: [ "vdb-entry", ], url: "http://www.securitytracker.com/id?1019918", }, { name: "FEDORA-2008-3365", tags: [ "vendor-advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html", }, { url: "https://downloads.asterisk.org/pub/security/AST-2008-006.html", }, { url: "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83", }, { url: "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2", }, { url: "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a", }, { url: "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90", }, { url: "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6", }, { url: "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e", }, { url: "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b", }, { url: "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7", }, { url: "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb", }, { url: "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-1897", datePublished: "2008-04-23T00:00:00", dateReserved: "2008-04-20T00:00:00", dateUpdated: "2024-08-07T08:40:59.845Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-6430
Vulnerability from cvelistv5
Published
2007-12-20 02:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T16:02:36.470Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "28149", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28149", }, { name: "29782", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29782", }, { name: "GLSA-200804-13", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200804-13.xml", }, { name: "29242", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29242", }, { name: "20071218 AST-2007-027 - Database matching order permits host-based authentication to be ignored", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/485287/100/0/threaded", }, { name: "SUSE-SR:2008:005", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", }, { name: "ADV-2007-4260", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/4260", }, { name: "DSA-1525", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1525", }, { name: "3467", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/3467", }, { name: "39519", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/39519", }, { name: "1019110", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1019110", }, { name: "asterisk-registration-security-bypass(39124)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39124", }, { name: "29456", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29456", }, { name: "26928", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/26928", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://downloads.digium.com/pub/security/AST-2007-027.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-12-18T00:00:00", descriptions: [ { lang: "en", value: "Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations (\"realtime\") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-15T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "28149", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28149", }, { name: "29782", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29782", }, { name: "GLSA-200804-13", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200804-13.xml", }, { name: "29242", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29242", }, { name: "20071218 AST-2007-027 - Database matching order permits host-based authentication to be ignored", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/485287/100/0/threaded", }, { name: "SUSE-SR:2008:005", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", }, { name: "ADV-2007-4260", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/4260", }, { name: "DSA-1525", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1525", }, { name: "3467", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/3467", }, { name: "39519", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/39519", }, { name: "1019110", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1019110", }, { name: "asterisk-registration-security-bypass(39124)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39124", }, { name: "29456", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29456", }, { name: "26928", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/26928", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://downloads.digium.com/pub/security/AST-2007-027.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-6430", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations (\"realtime\") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "28149", refsource: "SECUNIA", url: "http://secunia.com/advisories/28149", }, { name: "29782", refsource: "SECUNIA", url: "http://secunia.com/advisories/29782", }, { name: "GLSA-200804-13", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200804-13.xml", }, { name: "29242", refsource: "SECUNIA", url: "http://secunia.com/advisories/29242", }, { name: "20071218 AST-2007-027 - Database matching order permits host-based authentication to be ignored", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/485287/100/0/threaded", }, { name: "SUSE-SR:2008:005", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", }, { name: "ADV-2007-4260", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/4260", }, { name: "DSA-1525", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1525", }, { name: "3467", refsource: "SREASON", url: "http://securityreason.com/securityalert/3467", }, { name: "39519", refsource: "OSVDB", url: "http://www.osvdb.org/39519", }, { name: "1019110", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1019110", }, { name: "asterisk-registration-security-bypass(39124)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39124", }, { name: "29456", refsource: "SECUNIA", url: "http://secunia.com/advisories/29456", }, { name: "26928", refsource: "BID", url: "http://www.securityfocus.com/bid/26928", }, { name: "http://downloads.digium.com/pub/security/AST-2007-027.html", refsource: "CONFIRM", url: "http://downloads.digium.com/pub/security/AST-2007-027.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-6430", datePublished: "2007-12-20T02:00:00", dateReserved: "2007-12-18T00:00:00", dateUpdated: "2024-08-07T16:02:36.470Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1332
Vulnerability from cvelistv5
Published
2008-03-20 00:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:17:34.472Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SR:2008:010", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html", }, { name: "29782", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29782", }, { name: "GLSA-200804-13", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200804-13.xml", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://downloads.digium.com/pub/security/AST-2008-003.html", }, { name: "28310", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/28310", }, { name: "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/489818/100/0/threaded", }, { name: "DSA-1525", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1525", }, { name: "29426", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29426", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.asterisk.org/node/48466", }, { name: "FEDORA-2008-2554", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", }, { name: "1019629", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1019629", }, { name: "asterisk-sip-security-bypass(41308)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308", }, { name: "ADV-2008-0928", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0928", }, { name: "FEDORA-2008-2620", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", }, { name: "29957", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29957", }, { name: "29456", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29456", }, { name: "29470", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29470", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-03-18T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "SUSE-SR:2008:010", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html", }, { name: "29782", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29782", }, { name: "GLSA-200804-13", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200804-13.xml", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://downloads.digium.com/pub/security/AST-2008-003.html", }, { name: "28310", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/28310", }, { name: "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/489818/100/0/threaded", }, { name: "DSA-1525", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1525", }, { name: "29426", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29426", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.asterisk.org/node/48466", }, { name: "FEDORA-2008-2554", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", }, { name: "1019629", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1019629", }, { name: "asterisk-sip-security-bypass(41308)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308", }, { name: "ADV-2008-0928", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0928", }, { name: "FEDORA-2008-2620", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", }, { name: "29957", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29957", }, { name: "29456", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29456", }, { name: "29470", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29470", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-1332", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SUSE-SR:2008:010", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html", }, { name: "29782", refsource: "SECUNIA", url: "http://secunia.com/advisories/29782", }, { name: "GLSA-200804-13", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200804-13.xml", }, { name: "http://downloads.digium.com/pub/security/AST-2008-003.html", refsource: "CONFIRM", url: "http://downloads.digium.com/pub/security/AST-2008-003.html", }, { name: "28310", refsource: "BID", url: "http://www.securityfocus.com/bid/28310", }, { name: "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/489818/100/0/threaded", }, { name: "DSA-1525", refsource: "DEBIAN", url: "http://www.debian.org/security/2008/dsa-1525", }, { name: "29426", refsource: "SECUNIA", url: "http://secunia.com/advisories/29426", }, { name: "http://www.asterisk.org/node/48466", refsource: "CONFIRM", url: "http://www.asterisk.org/node/48466", }, { name: "FEDORA-2008-2554", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", }, { name: "1019629", refsource: "SECTRACK", url: "http://securitytracker.com/id?1019629", }, { name: "asterisk-sip-security-bypass(41308)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308", }, { name: "ADV-2008-0928", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/0928", }, { name: "FEDORA-2008-2620", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", }, { name: "29957", refsource: "SECUNIA", url: "http://secunia.com/advisories/29957", }, { name: "29456", refsource: "SECUNIA", url: "http://secunia.com/advisories/29456", }, { name: "29470", refsource: "SECUNIA", url: "http://secunia.com/advisories/29470", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-1332", datePublished: "2008-03-20T00:00:00", dateReserved: "2008-03-13T00:00:00", dateUpdated: "2024-08-07T08:17:34.472Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3264
Vulnerability from cvelistv5
Published
2008-07-24 15:18
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1020536 | vdb-entry, x_refsource_SECTRACK | |
| http://security.gentoo.org/glsa/glsa-200905-01.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/31194 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/2168/references | vdb-entry, x_refsource_VUPEN | |
| http://downloads.digium.com/pub/security/AST-2008-011.html | x_refsource_CONFIRM | |
| https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/31178 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43955 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/30350 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/494676/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/34982 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:28:41.869Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1020536", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020536", }, { name: "GLSA-200905-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { name: "31194", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31194", }, { name: "ADV-2008-2168", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2168/references", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://downloads.digium.com/pub/security/AST-2008-011.html", }, { name: "FEDORA-2008-6676", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html", }, { name: "31178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31178", }, { name: "asterisk-downloadprotocol-dos(43955)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955", }, { name: "30350", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30350", }, { name: "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/494676/100/0/threaded", }, { name: "34982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/34982", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-07-18T00:00:00", descriptions: [ { lang: "en", value: "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1020536", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020536", }, { name: "GLSA-200905-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { name: "31194", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31194", }, { name: "ADV-2008-2168", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2168/references", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://downloads.digium.com/pub/security/AST-2008-011.html", }, { name: "FEDORA-2008-6676", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html", }, { name: "31178", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31178", }, { name: "asterisk-downloadprotocol-dos(43955)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955", }, { name: "30350", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30350", }, { name: "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/494676/100/0/threaded", }, { name: "34982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/34982", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3264", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1020536", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020536", }, { name: "GLSA-200905-01", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { name: "31194", refsource: "SECUNIA", url: "http://secunia.com/advisories/31194", }, { name: "ADV-2008-2168", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2168/references", }, { name: "http://downloads.digium.com/pub/security/AST-2008-011.html", refsource: "CONFIRM", url: "http://downloads.digium.com/pub/security/AST-2008-011.html", }, { name: "FEDORA-2008-6676", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html", }, { name: "31178", refsource: "SECUNIA", url: "http://secunia.com/advisories/31178", }, { name: "asterisk-downloadprotocol-dos(43955)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955", }, { name: "30350", refsource: "BID", url: "http://www.securityfocus.com/bid/30350", }, { name: "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/494676/100/0/threaded", }, { name: "34982", refsource: "SECUNIA", url: "http://secunia.com/advisories/34982", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3264", datePublished: "2008-07-24T15:18:00", dateReserved: "2008-07-22T00:00:00", dateUpdated: "2024-08-07T09:28:41.869Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1289
Vulnerability from cvelistv5
Published
2008-03-24 17:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:17:34.571Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "28308", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/28308", }, { name: "3763", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/3763", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://labs.musecurity.com/advisories/MU-200803-01.txt", }, { name: "asterisk-rtp-codecpayload-bo(41305)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305", }, { name: "1019628", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1019628", }, { name: "29426", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29426", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.asterisk.org/node/48466", }, { name: "FEDORA-2008-2554", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", }, { name: "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/489817/100/0/threaded", }, { name: "ADV-2008-0928", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0928", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://downloads.digium.com/pub/security/AST-2008-002.html", }, { name: "FEDORA-2008-2620", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", }, { name: "asterisk-rtppayload-bo(41302)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302", }, { name: "29470", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29470", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-03-18T00:00:00", descriptions: [ { lang: "en", value: "Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "28308", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/28308", }, { name: "3763", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/3763", }, { tags: [ "x_refsource_MISC", ], url: "http://labs.musecurity.com/advisories/MU-200803-01.txt", }, { name: "asterisk-rtp-codecpayload-bo(41305)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305", }, { name: "1019628", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1019628", }, { name: "29426", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29426", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.asterisk.org/node/48466", }, { name: "FEDORA-2008-2554", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", }, { name: "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/489817/100/0/threaded", }, { name: "ADV-2008-0928", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0928", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://downloads.digium.com/pub/security/AST-2008-002.html", }, { name: "FEDORA-2008-2620", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", }, { name: "asterisk-rtppayload-bo(41302)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302", }, { name: "29470", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29470", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-1289", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "28308", refsource: "BID", url: "http://www.securityfocus.com/bid/28308", }, { name: "3763", refsource: "SREASON", url: "http://securityreason.com/securityalert/3763", }, { name: "http://labs.musecurity.com/advisories/MU-200803-01.txt", refsource: "MISC", url: "http://labs.musecurity.com/advisories/MU-200803-01.txt", }, { name: "asterisk-rtp-codecpayload-bo(41305)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305", }, { name: "1019628", refsource: "SECTRACK", url: "http://securitytracker.com/id?1019628", }, { name: "29426", refsource: "SECUNIA", url: "http://secunia.com/advisories/29426", }, { name: "http://www.asterisk.org/node/48466", refsource: "CONFIRM", url: "http://www.asterisk.org/node/48466", }, { name: "FEDORA-2008-2554", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", }, { name: "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/489817/100/0/threaded", }, { name: "ADV-2008-0928", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/0928", }, { name: "http://downloads.digium.com/pub/security/AST-2008-002.html", refsource: "CONFIRM", url: "http://downloads.digium.com/pub/security/AST-2008-002.html", }, { name: "FEDORA-2008-2620", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", }, { name: "asterisk-rtppayload-bo(41302)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302", }, { name: "29470", refsource: "SECUNIA", url: "http://secunia.com/advisories/29470", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-1289", datePublished: "2008-03-24T17:00:00", dateReserved: "2008-03-12T00:00:00", dateUpdated: "2024-08-07T08:17:34.571Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1923
Vulnerability from cvelistv5
Published
2008-04-23 16:00
Modified
2024-08-07 08:41
Severity ?
EPSS score ?
Summary
The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42049 | vdb-entry, x_refsource_XF | |
| http://downloads.digium.com/pub/security/AST-2008-006.html | x_refsource_CONFIRM | |
| http://bugs.digium.com/view.php?id=10078 | x_refsource_CONFIRM | |
| http://www.altsci.com/concepts/page.php?s=asteri&p=1 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:41:00.169Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "asterisk-new-dos(42049)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://downloads.digium.com/pub/security/AST-2008-006.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.digium.com/view.php?id=10078", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.altsci.com/concepts/page.php?s=asteri&p=1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-04-22T00:00:00", descriptions: [ { lang: "en", value: "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "asterisk-new-dos(42049)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://downloads.digium.com/pub/security/AST-2008-006.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.digium.com/view.php?id=10078", }, { tags: [ "x_refsource_MISC", ], url: "http://www.altsci.com/concepts/page.php?s=asteri&p=1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-1923", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "asterisk-new-dos(42049)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049", }, { name: "http://downloads.digium.com/pub/security/AST-2008-006.html", refsource: "CONFIRM", url: "http://downloads.digium.com/pub/security/AST-2008-006.html", }, { name: "http://bugs.digium.com/view.php?id=10078", refsource: "CONFIRM", url: "http://bugs.digium.com/view.php?id=10078", }, { name: "http://www.altsci.com/concepts/page.php?s=asteri&p=1", refsource: "MISC", url: "http://www.altsci.com/concepts/page.php?s=asteri&p=1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-1923", datePublished: "2008-04-23T16:00:00", dateReserved: "2008-04-23T00:00:00", dateUpdated: "2024-08-07T08:41:00.169Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-0041
Vulnerability from cvelistv5
Published
2009-01-14 23:00
Modified
2024-08-07 04:17
Severity ?
EPSS score ?
Summary
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200905-01.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/archive/1/499884/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/33453 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/4910 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/33174 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/37677 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2009/dsa-1952 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securitytracker.com/id?1021549 | vdb-entry, x_refsource_SECTRACK | |
| http://downloads.digium.com/pub/security/AST-2009-001.html | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/0063 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/34982 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T04:17:10.507Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-200905-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { name: "20090108 AST-2009-001: Information leak in IAX2 authentication", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/499884/100/0/threaded", }, { name: "33453", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33453", }, { name: "4910", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/4910", }, { name: "33174", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/33174", }, { name: "37677", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/37677", }, { name: "DSA-1952", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2009/dsa-1952", }, { name: "1021549", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021549", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://downloads.digium.com/pub/security/AST-2009-001.html", }, { name: "ADV-2009-0063", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/0063", }, { name: "34982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/34982", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-01-08T00:00:00", descriptions: [ { lang: "en", value: "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "GLSA-200905-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { name: "20090108 AST-2009-001: Information leak in IAX2 authentication", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/499884/100/0/threaded", }, { name: "33453", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33453", }, { name: "4910", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/4910", }, { name: "33174", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/33174", }, { name: "37677", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/37677", }, { name: "DSA-1952", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2009/dsa-1952", }, { name: "1021549", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021549", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://downloads.digium.com/pub/security/AST-2009-001.html", }, { name: "ADV-2009-0063", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/0063", }, { name: "34982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/34982", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-0041", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-200905-01", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { name: "20090108 AST-2009-001: Information leak in IAX2 authentication", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/499884/100/0/threaded", }, { name: "33453", refsource: "SECUNIA", url: "http://secunia.com/advisories/33453", }, { name: "4910", refsource: "SREASON", url: "http://securityreason.com/securityalert/4910", }, { name: "33174", refsource: "BID", url: "http://www.securityfocus.com/bid/33174", }, { name: "37677", refsource: "SECUNIA", url: "http://secunia.com/advisories/37677", }, { name: "DSA-1952", refsource: "DEBIAN", url: "http://www.debian.org/security/2009/dsa-1952", }, { name: "1021549", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021549", }, { name: "http://downloads.digium.com/pub/security/AST-2009-001.html", refsource: "CONFIRM", url: "http://downloads.digium.com/pub/security/AST-2009-001.html", }, { name: "ADV-2009-0063", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/0063", }, { name: "34982", refsource: "SECUNIA", url: "http://secunia.com/advisories/34982", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-0041", datePublished: "2009-01-14T23:00:00", dateReserved: "2009-01-06T00:00:00", dateUpdated: "2024-08-07T04:17:10.507Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-2119
Vulnerability from cvelistv5
Published
2008-06-04 19:17
Modified
2024-08-07 08:49
Severity ?
EPSS score ?
Summary
Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200905-01.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/30517 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.exploit-db.com/exploits/5749 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42823 | vdb-entry, x_refsource_XF | |
| http://bugs.digium.com/view.php?id=12607 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1020166 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/493020/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2008/1731 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/34982 | third-party-advisory, x_refsource_SECUNIA | |
| http://svn.digium.com/view/asterisk?view=rev&revision=120109 | x_refsource_CONFIRM | |
| http://downloads.digium.com/pub/security/AST-2008-008.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:49:58.663Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-200905-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { name: "30517", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30517", }, { name: "5749", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/5749", }, { name: "asterisk-asturidecode-dos(42823)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.digium.com/view.php?id=12607", }, { name: "1020166", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020166", }, { name: "20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/493020/100/0/threaded", }, { name: "ADV-2008-1731", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1731", }, { name: "34982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/34982", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://svn.digium.com/view/asterisk?view=rev&revision=120109", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://downloads.digium.com/pub/security/AST-2008-008.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-03T00:00:00", descriptions: [ { lang: "en", value: "Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "GLSA-200905-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { name: "30517", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30517", }, { name: "5749", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/5749", }, { name: "asterisk-asturidecode-dos(42823)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.digium.com/view.php?id=12607", }, { name: "1020166", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020166", }, { name: "20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/493020/100/0/threaded", }, { name: "ADV-2008-1731", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1731", }, { name: "34982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/34982", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://svn.digium.com/view/asterisk?view=rev&revision=120109", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://downloads.digium.com/pub/security/AST-2008-008.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-2119", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-200905-01", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { name: "30517", refsource: "SECUNIA", url: "http://secunia.com/advisories/30517", }, { name: "5749", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/5749", }, { name: "asterisk-asturidecode-dos(42823)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823", }, { name: "http://bugs.digium.com/view.php?id=12607", refsource: "CONFIRM", url: "http://bugs.digium.com/view.php?id=12607", }, { name: "1020166", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020166", }, { name: "20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/493020/100/0/threaded", }, { name: "ADV-2008-1731", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1731", }, { name: "34982", refsource: "SECUNIA", url: "http://secunia.com/advisories/34982", }, { name: "http://svn.digium.com/view/asterisk?view=rev&revision=120109", refsource: "CONFIRM", url: "http://svn.digium.com/view/asterisk?view=rev&revision=120109", }, { name: "http://downloads.digium.com/pub/security/AST-2008-008.html", refsource: "CONFIRM", url: "http://downloads.digium.com/pub/security/AST-2008-008.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-2119", datePublished: "2008-06-04T19:17:00", dateReserved: "2008-05-08T00:00:00", dateUpdated: "2024-08-07T08:49:58.663Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-5558
Vulnerability from cvelistv5
Published
2008-12-17 17:00
Modified
2024-08-07 10:56
Severity ?
EPSS score ?
Summary
Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/32773 | vdb-entry, x_refsource_BID | |
| http://security.gentoo.org/glsa/glsa-200905-01.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/32956 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/50675 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/4769 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/499117/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://downloads.digium.com/pub/security/AST-2008-012.html | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/3403 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/34982 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1021378 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T10:56:47.072Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "32773", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/32773", }, { name: "GLSA-200905-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { name: "32956", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32956", }, { name: "50675", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/50675", }, { name: "4769", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/4769", }, { name: "20081210 AST-2008-012: Remote crash vulnerability in IAX2", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/499117/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://downloads.digium.com/pub/security/AST-2008-012.html", }, { name: "ADV-2008-3403", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/3403", }, { name: "34982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/34982", }, { name: "1021378", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021378", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-12-10T00:00:00", descriptions: [ { lang: "en", value: "Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-11T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "32773", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/32773", }, { name: "GLSA-200905-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { name: "32956", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32956", }, { name: "50675", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/50675", }, { name: "4769", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/4769", }, { name: "20081210 AST-2008-012: Remote crash vulnerability in IAX2", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/499117/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://downloads.digium.com/pub/security/AST-2008-012.html", }, { name: "ADV-2008-3403", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/3403", }, { name: "34982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/34982", }, { name: "1021378", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021378", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-5558", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "32773", refsource: "BID", url: "http://www.securityfocus.com/bid/32773", }, { name: "GLSA-200905-01", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { name: "32956", refsource: "SECUNIA", url: "http://secunia.com/advisories/32956", }, { name: "50675", refsource: "OSVDB", url: "http://osvdb.org/50675", }, { name: "4769", refsource: "SREASON", url: "http://securityreason.com/securityalert/4769", }, { name: "20081210 AST-2008-012: Remote crash vulnerability in IAX2", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/499117/100/0/threaded", }, { name: "http://downloads.digium.com/pub/security/AST-2008-012.html", refsource: "CONFIRM", url: "http://downloads.digium.com/pub/security/AST-2008-012.html", }, { name: "ADV-2008-3403", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/3403", }, { name: "34982", refsource: "SECUNIA", url: "http://secunia.com/advisories/34982", }, { name: "1021378", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021378", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-5558", datePublished: "2008-12-17T17:00:00", dateReserved: "2008-12-15T00:00:00", dateUpdated: "2024-08-07T10:56:47.072Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2008-03-24 17:44
Modified
2024-11-21 00:44
Severity ?
Summary
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "593AA737-5AF3-4F7C-B74B-D3F37701C435", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "D942B911-979A-4AC3-93D6-07E420171E77", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "84CB8C4A-F001-4DD7-8DFE-CB082B4BB969", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "96DB0240-E93D-4BDB-859B-B44C91996993", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "0F4BA849-E092-404A-92CD-44C2D99AE971", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "2C7014B4-1860-49AD-9469-9954C3CC01C0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "3D1F0056-0945-476C-982E-7B41EB420A99", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "A53DEC9D-B288-42CD-9387-57315AC98D72", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "89C1F33F-27B6-4C56-92FF-EB2861ABBC22", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "64E07CF3-073D-4705-96A6-13367D4F5CAA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "18D19CB0-E3D7-40DB-B0C0-B62BB6075267", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "77FB7CC1-BD0D-4F34-AB21-59CFD23C494C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "997FA3C7-1894-478A-ABF1-52DD2B0487E1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "96E02BE0-BF4A-46C9-AFB5-47E8F18E3D17", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "292190EE-D9C8-4E3A-BB34-0ECD7B865482", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.16:*:*:*:*:*:*:*", matchCriteriaId: "7DAC55F9-1D43-4AA8-87C9-DB165442700B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.17:*:*:*:*:*:*:*", matchCriteriaId: "195B012E-0538-4140-9035-F5D1A442778B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4.18.1:*:*:*:*:*:*:*", matchCriteriaId: "78AC03A7-41AB-45AF-AD89-291A7429B8A0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*", matchCriteriaId: "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.4_revision_95946:*:*:*:*:*:*:*", matchCriteriaId: "DB08F4FA-8600-4D21-A565-B3BF636634B4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:1.6:*:*:*:*:*:*:*", matchCriteriaId: "FEAE6729-D79A-49B8-9758-BA74A60A238A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:*:*:*:*:*:*:*", matchCriteriaId: "1C05B437-C292-4AA0-8AFE-1CA07CD80034", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.3:*:*:*:*:*:*:*", matchCriteriaId: "0102C4C0-1A7D-4AB7-9817-44E6B0DB761E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4:*:*:*:*:*:*:*", matchCriteriaId: "81DDF486-4185-48EE-869E-0AA6726C31F7", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.5:*:*:*:*:*:*:*", matchCriteriaId: "CF45A8E1-F6B1-42BD-9168-12062FA6EAEA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6:*:*:*:*:*:*:*", matchCriteriaId: "C5757B9B-2759-439A-9A6D-CCDD6C8C8940", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.7:*:*:*:*:*:*:*", matchCriteriaId: "FCD71268-EAA2-477B-8AC4-DE4853A262B8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.8:*:*:*:*:*:*:*", matchCriteriaId: "529B2115-A191-4F3F-8F8C-A38B7C45463A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:1.4:*:*:*:*:*:*:*", matchCriteriaId: "7E2D0508-C418-48CE-BF83-39F893688D1C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta7:*:*:*:*:*:*:*", matchCriteriaId: "5BC80EBD-14D3-44A6-A06F-0549722E0EFA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta8:*:*:*:*:*:*:*", matchCriteriaId: "7859797F-E9AD-4429-BD2C-A24EC24A5D03", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CC6FE17C-3B08-4675-9F73-5DC0C2438BB1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*", matchCriteriaId: "B12A09BE-1EE0-46D5-B3F0-E8847409A49A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*", matchCriteriaId: "7A5A734E-1DD3-4924-8AC1-97048FA3270F", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:beta_7:*:*:*:*:*:*:*", matchCriteriaId: "3AE2F09E-4B5A-4EDF-A48A-BCBBAA80156B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0:*:*:*:*:*:*:*", matchCriteriaId: "0C3A0A08-4107-4B8B-AE7E-DC23849A54DC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9320928D-D83C-4258-AF62-AB2D1F50D972", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "569084D1-977D-41FC-A444-0B3F5199DDD3", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "02D182FB-761C-4F08-A776-B613FAC55230", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A7B5EDAB-61DD-4864-A159-39292D339DA2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.", }, { lang: "es", value: "El servidor AsteriskGUI HTTP en Asterisk Open Source 1.4.x antes de 1.4.19-rc3 y 1.6.x antes de 1.6.0-beta6, Business Edition C.x.x antes de C.1.6, AsteriskNOW antes de 1.0.2, Appliance Developer Kit antes de la revisión 104704 y s800i 1.0.x antes de 1.1.0.2 genera valores ID de gestión no lo suficientemente aleatorios, lo que facilita a atacantes remotos secuestrar una sesión de gestión a través de una serie de adivinaciones de ID.", }, ], id: "CVE-2008-1390", lastModified: "2024-11-21T00:44:25.977", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-03-24T17:44:00.000", references: [ { source: "cve@mitre.org", url: "http://downloads.digium.com/pub/security/AST-2008-005.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29449", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/29470", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/3764", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/489819/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/28316", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1019679", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://downloads.digium.com/pub/security/AST-2008-005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/3764", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/489819/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/28316", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1019679", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-255", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-01-08 02:46
Modified
2024-11-21 00:41
Severity ?
Summary
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk_appliance_developer_kit | * | |
| asterisk | asterisk_business_edition | * | |
| asterisk | asterisknow | * | |
| asterisk | open_source | * | |
| asterisk | s800i | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "0D6AD937-90F0-4359-85DD-038604F64D2D", versionEndIncluding: "1.4_revision_95945", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*", matchCriteriaId: "526991C1-D07E-465C-A609-704C19F8096A", versionEndIncluding: "c.1.0beta7", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:*:*:*:*:*:*:*:*", matchCriteriaId: "C896A32E-906D-4AD0-A00B-11DC064CBA6E", versionEndIncluding: "beta_6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*", matchCriteriaId: "B2EF54E7-C4A1-474F-9D89-18E13F620F42", versionEndIncluding: "1.4.16", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:*:*:*:*:*:*:*:*", matchCriteriaId: "AFA6388A-09B4-4338-8228-3E27500DD521", versionEndIncluding: "1.0.3.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.", }, { lang: "es", value: "El controlador de canal SIP de Asterisk Open Source 1.4.x versiones anteriores a 1.4.17, Business Edition versiones anteriores a C.1.0-beta8, AsteriskNOW versiones anteriores a beta7, Appliance Developer Kit versiones anteriores a Asterisk 1.4 revision 95946, y Appliance s800i 1.0.x versiones anteriores a 1.0.3.4 permite a atacantes remotos provocar una denegación de servicio (cáida de demonio) mediante un mensaje BYE con una cabecera Also (tranfiere también), que dispara un referencia a puntero NULL.", }, ], id: "CVE-2008-0095", lastModified: "2024-11-21T00:41:09.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-01-08T02:46:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://bugs.digium.com/view.php?id=11637", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://downloads.digium.com/pub/security/AST-2008-001.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/28299", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/28312", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/3520", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/485727/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/27110", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1019152", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/0019", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://bugs.digium.com/view.php?id=11637", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://downloads.digium.com/pub/security/AST-2008-001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/28299", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://secunia.com/advisories/28312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/3520", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/485727/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://www.securityfocus.com/bid/27110", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1019152", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/0019", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-06-04 19:32
Modified
2024-11-21 00:46
Severity ?
Summary
Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*", matchCriteriaId: "366DB62C-2E86-4614-AD9D-90C2F21434CB", versionEndIncluding: "b2.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "802F8680-AB38-41AF-BFC8-F6927F6B1626", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.3:*:*:*:*:*:*:*", matchCriteriaId: "BCAE8D90-B032-4C60-B487-BE655D00FFAE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "AB64A872-B7B8-46A8-81E4-49EDAC160531", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "21000270-C9B9-430C-A252-763887A15835", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "12F7CF45-5482-4947-8F1D-48C746987475", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.2:*:*:*:*:*:*:*", matchCriteriaId: "7B64995D-7892-49AB-A89D-A5D15615C5D9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.3:*:*:*:*:*:*:*", matchCriteriaId: "0397DBD4-EA00-444A-9008-4932F99DF325", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*", matchCriteriaId: "6FCD865F-BC39-4255-A797-6E5945773337", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "E4956871-4DD3-4299-8BEB-9D98A4449A42", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8936B494-E647-498B-8380-AE4DAD458533", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*", matchCriteriaId: "6CF7D9C2-C6B3-40E9-92B8-C504656BB176", versionEndIncluding: "1.2.28", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0:*:*:*:*:*:*:*", matchCriteriaId: "678DB154-4363-42FF-8B28-367923FC6595", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E8F2C378-FF0E-4765-9F66-625C4064D5CF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A55A9295-F632-4856-90A1-38371EB98589", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7FAE6AF1-884D-41F7-B174-9E13C7719C99", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCA9E35B-9A6B-42F2-9315-9C7D09F62227", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DDF7EC20-A424-45E5-B7E4-3CC86075858C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "C790E105-55C8-4CDC-9FA8-E1FF6F130A67", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "44C860EF-2B29-4995-B942-000CC43FDD14", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1ADB80EF-C724-44BA-88FC-24087799D0C6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "78B39BE8-7E2D-42DF-8633-44CAD5662777", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "F39036E3-0027-4C72-9DEB-9A6E2B4512C4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "A037E6F9-3EF7-4EEB-AC16-081421BCE40D", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.11.1:*:*:*:*:*:*:*", matchCriteriaId: "6A7EC02A-9C9E-4589-BBB3-1908D3078A7B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "6C70FA9C-6F3B-4BDF-97FB-81D06AB0EE65", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "9F7971E1-F136-4ADC-95EC-BC4F92E838CF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0beta1:*:*:*:*:*:*:*", matchCriteriaId: "7435F043-F92B-4635-93CC-A2C39AAE1BCA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0beta2:*:*:*:*:*:*:*", matchCriteriaId: "C7B2F43B-8B69-4BF6-86B7-A225175FF068", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "27202966-2C41-4964-9497-1887D2A834C0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "1471B5A2-15BE-4E7C-BA49-2E6002F7C8EC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9E79CCE5-C29B-4726-8D2F-BC20F70959BA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "F29C13DB-6F04-4B41-90A2-2408D70F3641", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "0F4F734E-0E78-4957-B323-8E9FBA7FF15C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12.1:*:*:*:*:*:*:*", matchCriteriaId: "1A4B117B-E945-4033-A79D-10DFAA3DF18B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "EA6D866F-8189-4FFD-AA24-47C0A015C246", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "A4EBFB79-C269-4132-BFAB-451F66CE8289", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:*", matchCriteriaId: "E9E1028E-2C07-4BA3-B891-FA853A87B280", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:*", matchCriteriaId: "9E74F577-70BD-4FAF-BCFD-10CD21FC5601", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:*", matchCriteriaId: "57BB03E2-E61C-4A94-82DF-8720698CE271", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:*", matchCriteriaId: "1B30A36F-5CE6-4246-8752-176FB5999C1A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:*", matchCriteriaId: "E0F76DFD-4DAC-4B02-8967-B242CDEEF6C9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.20:*:*:*:*:*:*:*", matchCriteriaId: "6A59BC20-3217-4584-9196-D1CD9E0D6B52", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:*", matchCriteriaId: "56F728BA-FC9E-4EEE-9A08-C9C7433BD8D9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21.1:*:*:*:*:*:*:*", matchCriteriaId: "3C64DF29-5B3D-401E-885E-8E37FD577254", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:*", matchCriteriaId: "1A7BF52A-2FF8-40ED-B757-28A1101DE8F5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:*", matchCriteriaId: "7A321C2D-852B-4498-ADD6-79956410AB94", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:*", matchCriteriaId: "9D5F0DCF-C6A2-4A09-90C9-D70F174FDEF5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:*", matchCriteriaId: "C820538E-14EC-43C1-80DB-6AAE4905EF0B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*", matchCriteriaId: "E9562112-2505-4F78-86DE-F30EFAEE47D5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*", matchCriteriaId: "1A6D8FD0-C8C1-4868-9AF1-96B1949C18AE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*", matchCriteriaId: "72A840B4-216B-4063-997F-791FBC8C8658", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.27:*:*:*:*:*:*:*", matchCriteriaId: "BE47A547-26E7-48F9-B0A6-2F65E04A1EDE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.", }, { lang: "es", value: "Asterisk Open Source 1.0.x y 1.2.x anterior 1.2.29 y Business Edition A.x.x y B.x.x anterior B.2.5.3, cuando \"pedantic parsing\" (también conocido como pedanticsipchecking) está activado, permite a atacantes remotos provocar una denegación de servicio (caída de demonio) a través de un mensaje SIP INVITE que carece de una cabecera From, relacionado con la invocación de la función ast_uri_decode y el manejo incorrecto de (1) una cadena const vacía y (2) un puntero NULL.", }, ], id: "CVE-2008-2119", lastModified: "2024-11-21T00:46:08.237", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-06-04T19:32:00.000", references: [ { source: "cve@mitre.org", url: "http://bugs.digium.com/view.php?id=12607", }, { source: "cve@mitre.org", url: "http://downloads.digium.com/pub/security/AST-2008-008.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/30517", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/34982", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { source: "cve@mitre.org", url: "http://svn.digium.com/view/asterisk?view=rev&revision=120109", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/493020/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1020166", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/1731", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823", }, { source: "cve@mitre.org", url: "https://www.exploit-db.com/exploits/5749", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.digium.com/view.php?id=12607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://downloads.digium.com/pub/security/AST-2008-008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/34982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://svn.digium.com/view/asterisk?view=rev&revision=120109", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/493020/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020166", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1731", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/5749", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-12-20 02:46
Modified
2024-11-21 00:40
Severity ?
Summary
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "802F8680-AB38-41AF-BFC8-F6927F6B1626", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.3:*:*:*:*:*:*:*", matchCriteriaId: "BCAE8D90-B032-4C60-B487-BE655D00FFAE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "AB64A872-B7B8-46A8-81E4-49EDAC160531", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "21000270-C9B9-430C-A252-763887A15835", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "12F7CF45-5482-4947-8F1D-48C746987475", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.2:*:*:*:*:*:*:*", matchCriteriaId: "7B64995D-7892-49AB-A89D-A5D15615C5D9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.3:*:*:*:*:*:*:*", matchCriteriaId: "0397DBD4-EA00-444A-9008-4932F99DF325", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*", matchCriteriaId: "6FCD865F-BC39-4255-A797-6E5945773337", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0beta7:*:*:*:*:*:*:*", matchCriteriaId: "34FAE6AC-1C98-42E0-A5D4-5EA17ED325A0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0beta1:*:*:*:*:*:*:*", matchCriteriaId: "7435F043-F92B-4635-93CC-A2C39AAE1BCA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0beta2:*:*:*:*:*:*:*", matchCriteriaId: "C7B2F43B-8B69-4BF6-86B7-A225175FF068", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "ABD71DD9-8A15-45E2-9FB3-F0544D7E1B80", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "5C14614F-4E27-40A6-9E56-2B1DBB10330B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "7A2F2F5A-66FD-4057-917C-66332A88D83E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "26E9760F-C0EB-47BB-8DA4-CC7815099DAF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "4C510A9A-C3E2-4AF8-9919-1A22E918CDEF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9E79CCE5-C29B-4726-8D2F-BC20F70959BA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "F29C13DB-6F04-4B41-90A2-2408D70F3641", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "EA6D866F-8189-4FFD-AA24-47C0A015C246", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "A4EBFB79-C269-4132-BFAB-451F66CE8289", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:*", matchCriteriaId: "E9E1028E-2C07-4BA3-B891-FA853A87B280", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:*", matchCriteriaId: "9E74F577-70BD-4FAF-BCFD-10CD21FC5601", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:*", matchCriteriaId: "57BB03E2-E61C-4A94-82DF-8720698CE271", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:*", matchCriteriaId: "1B30A36F-5CE6-4246-8752-176FB5999C1A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:*", matchCriteriaId: "E0F76DFD-4DAC-4B02-8967-B242CDEEF6C9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:*", matchCriteriaId: "56F728BA-FC9E-4EEE-9A08-C9C7433BD8D9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:*", matchCriteriaId: "1A7BF52A-2FF8-40ED-B757-28A1101DE8F5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:*", matchCriteriaId: "7A321C2D-852B-4498-ADD6-79956410AB94", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:*", matchCriteriaId: "9D5F0DCF-C6A2-4A09-90C9-D70F174FDEF5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:*", matchCriteriaId: "C820538E-14EC-43C1-80DB-6AAE4905EF0B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "295D4042-2D3C-481B-B969-2DDAC1161198", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "99E9EE2A-56AD-42BC-8CB0-D34091849B0E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "96877A3E-B54B-4F31-B281-76CDC98B2D02", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "6D0B4503-42A6-4D88-954E-A662E91EC204", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "A4B73813-BCD8-429E-B9B9-D6665E026BC5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "5BBA3ECC-4F40-41CD-A6D7-BBD680DDBACC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "9CBE2156-AF86-4C72-B33D-3FF83930F828", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "4A527277-D97D-4B74-906F-7481BDBD96D6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "D8B57A32-7B83-4783-A244-C26301970444", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "044FD0D0-FC92-4A01-B0D4-11A703EF21FD", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "1C90F104-FA2C-4091-B149-1774AC982C0F", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C9328768-7C08-4143-B5F8-F5C2D735D21A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "4BDE3D31-4BB2-45A3-B085-8C91152A3152", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "CE0107D4-395E-45F1-B963-7618CCC007D1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "53B8E11B-4984-45A8-A107-D276205988B0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4beta:*:*:*:*:*:*:*", matchCriteriaId: "2A8012CE-4D4B-4131-87E7-16D7907E3BB3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations (\"realtime\") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.", }, { lang: "es", value: "Asterisk Open Source 1.2.x anterior a 1.2.26 y 1.4.x anterior a 1.4.16, y Business Edition B.x.x anterior a B.2.3.6 y C.x.x anterior a C.1.0-beta8, cuando usa registros basados en base de datos (en tiempo real o \"realtime\") y autenticación basada en anfitrión (host-based), no comprueba la dirección IP cuando el nombre de usuario es correcto y no hay contraseña, lo cual permite a atacantes remotos evitar la autenticación usando un nombre de usuario válido.", }, ], id: "CVE-2007-6430", lastModified: "2024-11-21T00:40:08.850", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-12-20T02:46:00.000", references: [ { source: "cve@mitre.org", url: "http://downloads.digium.com/pub/security/AST-2007-027.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/28149", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/29242", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/29456", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/29782", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200804-13.xml", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/3467", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2008/dsa-1525", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/39519", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/485287/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/26928", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.securitytracker.com/id?1019110", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/4260", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://downloads.digium.com/pub/security/AST-2007-027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/28149", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29456", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29782", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200804-13.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/3467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2008/dsa-1525", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/39519", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/485287/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/26928", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.securitytracker.com/id?1019110", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/4260", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39124", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-07-24 15:41
Modified
2024-11-21 00:48
Severity ?
Summary
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:asterisk:s800i_appliance:1.0:*:*:*:*:*:*:*", matchCriteriaId: "9282AC42-E98A-4BC2-B46D-15B5776C961F", vulnerable: false, }, { criteria: "cpe:2.3:h:asterisk:s800i_appliance:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "83DBFD69-2500-46C1-827C-1493CF896F49", vulnerable: false, }, { criteria: "cpe:2.3:h:asterisk:s800i_appliance:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F53C8D19-507A-45B6-9B19-C733460F0739", vulnerable: false, }, { criteria: "cpe:2.3:h:asterisk:s800i_appliance:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "09AEF231-3438-420E-B2B0-1B876A929033", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:*:*:*:*:*:*:*", matchCriteriaId: "1C05B437-C292-4AA0-8AFE-1CA07CD80034", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.3:*:*:*:*:*:*:*", matchCriteriaId: "0102C4C0-1A7D-4AB7-9817-44E6B0DB761E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4:*:*:*:*:*:*:*", matchCriteriaId: "81DDF486-4185-48EE-869E-0AA6726C31F7", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.5:*:*:*:*:*:*:*", matchCriteriaId: "CF45A8E1-F6B1-42BD-9168-12062FA6EAEA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6:*:*:*:*:*:*:*", matchCriteriaId: "C5757B9B-2759-439A-9A6D-CCDD6C8C8940", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E4548D39-0562-4946-AA51-A7C1A31AEE8E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.7:*:*:*:*:*:*:*", matchCriteriaId: "FCD71268-EAA2-477B-8AC4-DE4853A262B8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.8:*:*:*:*:*:*:*", matchCriteriaId: "529B2115-A191-4F3F-8F8C-A38B7C45463A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:a:*:*:*:*:*:*:*", matchCriteriaId: "313B3A38-8DEA-4D62-A1A4-0B6011E81870", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b:*:*:*:*:*:*:*", matchCriteriaId: "B24F3283-4809-40B1-8166-9D1C3A4C9104", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "802F8680-AB38-41AF-BFC8-F6927F6B1626", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.3:*:*:*:*:*:*:*", matchCriteriaId: "BCAE8D90-B032-4C60-B487-BE655D00FFAE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "AB64A872-B7B8-46A8-81E4-49EDAC160531", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "21000270-C9B9-430C-A252-763887A15835", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "12F7CF45-5482-4947-8F1D-48C746987475", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.2:*:*:*:*:*:*:*", matchCriteriaId: "7B64995D-7892-49AB-A89D-A5D15615C5D9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.3:*:*:*:*:*:*:*", matchCriteriaId: "0397DBD4-EA00-444A-9008-4932F99DF325", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*", matchCriteriaId: "6FCD865F-BC39-4255-A797-6E5945773337", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.6:*:*:*:*:*:*:*", matchCriteriaId: "D7203093-7209-4184-92CB-08AD73FAC379", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "E4956871-4DD3-4299-8BEB-9D98A4449A42", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.3:*:*:*:*:*:*:*", matchCriteriaId: "0F04F844-79C4-41F3-9671-8B46460D0AAE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8936B494-E647-498B-8380-AE4DAD458533", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b2.5.2:*:*:*:*:*:*:*", matchCriteriaId: "1B234F33-5233-42A3-B95A-3A3558B4DDCE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c:*:*:*:*:*:*:*", matchCriteriaId: "4D47534E-8EBC-44B5-8770-65BBA7C3F3DF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta7:*:*:*:*:*:*:*", matchCriteriaId: "5BC80EBD-14D3-44A6-A06F-0549722E0EFA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta8:*:*:*:*:*:*:*", matchCriteriaId: "7859797F-E9AD-4429-BD2C-A24EC24A5D03", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E5C988FD-CFB9-4763-BE5A-B89FB3538FD5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "00A6DAD0-D4C3-4A58-A35A-991E04B50EC8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "6413B123-65DE-4483-A8A0-F5F30A809570", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "502AEBA1-2A6D-4367-86AB-F2948207FCA4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c1.8.1:*:*:*:*:*:*:*", matchCriteriaId: "93DA4919-A365-48B6-84D6-6A7D97941A13", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*", matchCriteriaId: "B12A09BE-1EE0-46D5-B3F0-E8847409A49A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*", matchCriteriaId: "7A5A734E-1DD3-4924-8AC1-97048FA3270F", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:beta_7:*:*:*:*:*:*:*", matchCriteriaId: "3AE2F09E-4B5A-4EDF-A48A-BCBBAA80156B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:pre-release:*:*:*:*:*:*:*", matchCriteriaId: "F420EB4D-5B9C-4BBA-AAC5-5E0E83CD1F74", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0:*:*:*:*:*:*:*", matchCriteriaId: "678DB154-4363-42FF-8B28-367923FC6595", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E8F2C378-FF0E-4765-9F66-625C4064D5CF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A55A9295-F632-4856-90A1-38371EB98589", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7FAE6AF1-884D-41F7-B174-9E13C7719C99", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCA9E35B-9A6B-42F2-9315-9C7D09F62227", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "89B1F293-4F0F-48FD-A1F1-1230B94D87D3", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DDF7EC20-A424-45E5-B7E4-3CC86075858C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "C790E105-55C8-4CDC-9FA8-E1FF6F130A67", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "44C860EF-2B29-4995-B942-000CC43FDD14", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1ADB80EF-C724-44BA-88FC-24087799D0C6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "78B39BE8-7E2D-42DF-8633-44CAD5662777", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "F39036E3-0027-4C72-9DEB-9A6E2B4512C4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "A037E6F9-3EF7-4EEB-AC16-081421BCE40D", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.11.1:*:*:*:*:*:*:*", matchCriteriaId: "6A7EC02A-9C9E-4589-BBB3-1908D3078A7B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "6C70FA9C-6F3B-4BDF-97FB-81D06AB0EE65", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "9F7971E1-F136-4ADC-95EC-BC4F92E838CF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0beta1:*:*:*:*:*:*:*", matchCriteriaId: "7435F043-F92B-4635-93CC-A2C39AAE1BCA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0beta2:*:*:*:*:*:*:*", matchCriteriaId: "C7B2F43B-8B69-4BF6-86B7-A225175FF068", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "27202966-2C41-4964-9497-1887D2A834C0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "1471B5A2-15BE-4E7C-BA49-2E6002F7C8EC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "7108D72F-5AFD-4EEF-B2A9-CA4FA792E193", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "107DA2D8-FE7C-4B70-856D-43D58B988694", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "ABD71DD9-8A15-45E2-9FB3-F0544D7E1B80", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "5C14614F-4E27-40A6-9E56-2B1DBB10330B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "7A2F2F5A-66FD-4057-917C-66332A88D83E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "399B0206-B48B-46EF-8CA6-A6E5A2550B25", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "26E9760F-C0EB-47BB-8DA4-CC7815099DAF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "4C510A9A-C3E2-4AF8-9919-1A22E918CDEF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.9.1:*:*:*:*:*:*:*", matchCriteriaId: "6BD915CD-A7D3-4305-A6C0-290C648A226C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9E79CCE5-C29B-4726-8D2F-BC20F70959BA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "F29C13DB-6F04-4B41-90A2-2408D70F3641", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "0F4F734E-0E78-4957-B323-8E9FBA7FF15C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12.1:*:*:*:*:*:*:*", matchCriteriaId: "1A4B117B-E945-4033-A79D-10DFAA3DF18B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "EA6D866F-8189-4FFD-AA24-47C0A015C246", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "A4EBFB79-C269-4132-BFAB-451F66CE8289", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:*", matchCriteriaId: "E9E1028E-2C07-4BA3-B891-FA853A87B280", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:*", matchCriteriaId: "9E74F577-70BD-4FAF-BCFD-10CD21FC5601", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:*", matchCriteriaId: "57BB03E2-E61C-4A94-82DF-8720698CE271", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:*", matchCriteriaId: "1B30A36F-5CE6-4246-8752-176FB5999C1A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:*", matchCriteriaId: "E0F76DFD-4DAC-4B02-8967-B242CDEEF6C9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.20:*:*:*:*:*:*:*", matchCriteriaId: "6A59BC20-3217-4584-9196-D1CD9E0D6B52", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:*", matchCriteriaId: "56F728BA-FC9E-4EEE-9A08-C9C7433BD8D9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21.1:*:*:*:*:*:*:*", matchCriteriaId: "3C64DF29-5B3D-401E-885E-8E37FD577254", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:*", matchCriteriaId: "1A7BF52A-2FF8-40ED-B757-28A1101DE8F5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:*", matchCriteriaId: "7A321C2D-852B-4498-ADD6-79956410AB94", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:*", matchCriteriaId: "9D5F0DCF-C6A2-4A09-90C9-D70F174FDEF5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:*", matchCriteriaId: "C820538E-14EC-43C1-80DB-6AAE4905EF0B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*", matchCriteriaId: "E9562112-2505-4F78-86DE-F30EFAEE47D5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*", matchCriteriaId: "1A6D8FD0-C8C1-4868-9AF1-96B1949C18AE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*", matchCriteriaId: "72A840B4-216B-4063-997F-791FBC8C8658", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.27:*:*:*:*:*:*:*", matchCriteriaId: "BE47A547-26E7-48F9-B0A6-2F65E04A1EDE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.28:*:*:*:*:*:*:*", matchCriteriaId: "E1AEB744-FCF2-4A41-8866-9D1D20E6C6B8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.29:*:*:*:*:*:*:*", matchCriteriaId: "51E5EB34-30AD-4E81-8BD4-4AB905E52B82", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "967DF432-DEF4-4FA2-8C8D-19A7FB663A33", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "295D4042-2D3C-481B-B969-2DDAC1161198", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "99E9EE2A-56AD-42BC-8CB0-D34091849B0E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "96877A3E-B54B-4F31-B281-76CDC98B2D02", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "6D0B4503-42A6-4D88-954E-A662E91EC204", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "A4B73813-BCD8-429E-B9B9-D6665E026BC5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "5BBA3ECC-4F40-41CD-A6D7-BBD680DDBACC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "9CBE2156-AF86-4C72-B33D-3FF83930F828", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "61408884-FBBF-4D94-A552-F99AB46DCED6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "4A527277-D97D-4B74-906F-7481BDBD96D6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "D8B57A32-7B83-4783-A244-C26301970444", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "044FD0D0-FC92-4A01-B0D4-11A703EF21FD", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.10.1:*:*:*:*:*:*:*", matchCriteriaId: "3477EC1A-9634-492C-B052-35770A9C9F4C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "1C90F104-FA2C-4091-B149-1774AC982C0F", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C9328768-7C08-4143-B5F8-F5C2D735D21A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.12.1:*:*:*:*:*:*:*", matchCriteriaId: "6C04E2B3-094B-4828-A2FC-BB66244A9F73", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "4BDE3D31-4BB2-45A3-B085-8C91152A3152", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "CE0107D4-395E-45F1-B963-7618CCC007D1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "53B8E11B-4984-45A8-A107-D276205988B0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.16:*:*:*:*:*:*:*", matchCriteriaId: "2495DB98-F923-4E60-86EC-2DBB7A98C90C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.16.1:*:*:*:*:*:*:*", matchCriteriaId: "E186D125-996E-4900-A2B8-5CDC8B5D5136", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.16.2:*:*:*:*:*:*:*", matchCriteriaId: "27DC6CF7-4DF8-4472-A684-8CCB5E26FCFD", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.17:*:*:*:*:*:*:*", matchCriteriaId: "88576385-EF03-408B-9775-B52E6AFFE48A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.18:*:*:*:*:*:*:*", matchCriteriaId: "1A838577-2BA1-4792-8B69-6FB07FFD7727", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.18.1:*:*:*:*:*:*:*", matchCriteriaId: "CDEED3E1-13E0-46E6-8AAB-D24D2D04AE4F", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.19:*:*:*:*:*:*:*", matchCriteriaId: "ED2BF36F-CF10-4F24-970B-3D0BB7561C81", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.19.1:*:*:*:*:*:*:*", matchCriteriaId: "FB1593E1-BF21-4DB9-A18E-9F221F3F9022", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.19_rc3:*:*:*:*:*:*:*", matchCriteriaId: "2D41604A-21CB-4EF3-85E8-8CD170C8013F", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4_revision_95946:*:*:*:*:*:*:*", matchCriteriaId: "E3C6272B-D0C4-4EA5-AEE4-5A45DAA2DDE1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4beta:*:*:*:*:*:*:*", matchCriteriaId: "2A8012CE-4D4B-4131-87E7-16D7907E3BB3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.", }, { lang: "es", value: "La implementación FWDOWNL firmware-download en Asterisk Open Source 1.0.x, 1.2.x antes de 1.2.30 y 1.4.x antes de 1.4.21.2; Business Edition A.x.x, B.x.x antes de B.2.5.4 y C.x.x antes de C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; y s800i 1.0.x antes de 1.2.0.1 permite a atacantes remotos provocar una denegación de servicio (amplificación del tráfico) mediante una petición IAX2 FWDOWNL.", }, ], id: "CVE-2008-3264", lastModified: "2024-11-21T00:48:50.417", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-07-24T15:41:00.000", references: [ { source: "cve@mitre.org", url: "http://downloads.digium.com/pub/security/AST-2008-011.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31178", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/31194", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/34982", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/494676/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/30350", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1020536", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/2168/references", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://downloads.digium.com/pub/security/AST-2008-011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/31178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/31194", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/34982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/494676/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/30350", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020536", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/2168/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-03-24 17:44
Modified
2024-11-21 00:44
Severity ?
Summary
Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk_appliance_developer_kit | 1.4 | |
| asterisk | asterisk_business_edition | * | |
| asterisk | asterisk_business_edition | * | |
| asterisk | asterisknow | * | |
| asterisk | open_source | * | |
| asterisk | open_source | * | |
| asterisk | open_source | * | |
| asterisk | s800i | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:1.4:*:*:*:*:*:*:*", matchCriteriaId: "7E2D0508-C418-48CE-BF83-39F893688D1C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*", matchCriteriaId: "1A80C0F3-F3F0-4BC6-92F8-131F3F875E34", versionEndIncluding: "c.1.0-beta8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*", matchCriteriaId: "526991C1-D07E-465C-A609-704C19F8096A", versionEndIncluding: "c.1.0beta7", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:*:*:*:*:*:*:*:*", matchCriteriaId: "B7C58E6B-AECC-48AF-8059-61772690776A", versionEndIncluding: "1.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*", matchCriteriaId: "E7F13399-5084-40FA-A4AB-D78ED588E434", versionEndIncluding: "1.4.18", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:*:rc-2:*:*:*:*:*:*", matchCriteriaId: "F4AB8D8F-15AC-4516-85A2-B5D2B5B3DF04", versionEndIncluding: "1.4.19", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*", matchCriteriaId: "53B339C1-272B-4A7E-A342-8BBD9DC82826", versionEndIncluding: "1.6.0_beta5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:*:*:*:*:*:*:*:*", matchCriteriaId: "6D1E04DC-AE6A-4536-8E45-36494E51B036", versionEndIncluding: "1.1.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.", }, { lang: "es", value: "Múltiples desbordamientos de búfer en Asterisk Open Source 1.4.x antes de 1.4.18.1 y 1.4.19-rc3, Open Source 1.6.x antes de 1.6.0-beta6, Business Edition C.x.x antes de C.1.6.1, AsteriskNOW 1.0.x antes de 1.0.2, Appliance Developer Kit antes de 1.4 revisión 109386 y s800i 1.1.x antes de 1.1.0.2 permite a atacantes remotos (1) escribir un cero en una posición de memoria de su elección a través de un número de carga útil (payload) RTP grande, relacionada con la función ast_rtp_unset_m_type en main/rtp.c; o (2) escribir ciertos enteros en una posición de memoria de su elección a través de un número grande de cargas útiles RTP, relacionadas con la función process_sdp en channels/chan_sip.c.", }, ], id: "CVE-2008-1289", lastModified: "2024-11-21T00:44:10.863", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-03-24T17:44:00.000", references: [ { source: "cve@mitre.org", url: "http://downloads.digium.com/pub/security/AST-2008-002.html", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://labs.musecurity.com/advisories/MU-200803-01.txt", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29426", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/29470", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/3763", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1019628", }, { source: "cve@mitre.org", url: "http://www.asterisk.org/node/48466", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/489817/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/28308", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/0928", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://downloads.digium.com/pub/security/AST-2008-002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://labs.musecurity.com/advisories/MU-200803-01.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29426", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/3763", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1019628", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.asterisk.org/node/48466", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/489817/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/28308", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/0928", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-12-17 17:30
Modified
2024-11-21 00:54
Severity ?
Summary
Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asterisk | asterisk_business_edition | b.2.3.4 | |
| asterisk | asterisk_business_edition | b.2.3.5 | |
| asterisk | asterisk_business_edition | b.2.5.0 | |
| asterisk | asterisk_business_edition | b.2.5.1 | |
| asterisk | asterisk_business_edition | b.2.5.3 | |
| asterisk | open_source | 1.2.26 | |
| asterisk | open_source | 1.2.26 | |
| asterisk | open_source | 1.2.26.1 | |
| asterisk | open_source | 1.2.26.1 | |
| asterisk | open_source | 1.2.26.2 | |
| asterisk | open_source | 1.2.26.2 | |
| asterisk | open_source | 1.2.27 | |
| asterisk | open_source | 1.2.28 | |
| asterisk | open_source | 1.2.29 | |
| asterisk | open_source | 1.2.30 | |
| asterisk | open_source | 1.2.30.2 | |
| asterisk | open_source | 1.2.30.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*", matchCriteriaId: "6FCD865F-BC39-4255-A797-6E5945773337", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.5:*:*:*:*:*:*:*", matchCriteriaId: "BB3C2CF4-4A4B-4398-92DC-EAE43801D08A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "E4956871-4DD3-4299-8BEB-9D98A4449A42", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "F796D547-034A-46FB-B245-3863C198AA84", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.3:*:*:*:*:*:*:*", matchCriteriaId: "0F04F844-79C4-41F3-9671-8B46460D0AAE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*", matchCriteriaId: "E9562112-2505-4F78-86DE-F30EFAEE47D5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26:netsec:*:*:*:*:*:*", matchCriteriaId: "9EEA1E9C-C1FB-4EFD-86EA-DCF78C57FC35", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*", matchCriteriaId: "1A6D8FD0-C8C1-4868-9AF1-96B1949C18AE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec:*:*:*:*:*:*", matchCriteriaId: "5E20FAF7-9031-478E-A89C-D6FB3B5FDE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*", matchCriteriaId: "72A840B4-216B-4063-997F-791FBC8C8658", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec:*:*:*:*:*:*", matchCriteriaId: "72375576-F857-4585-A677-A326D89A65B5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.27:*:*:*:*:*:*:*", matchCriteriaId: "BE47A547-26E7-48F9-B0A6-2F65E04A1EDE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.28:*:*:*:*:*:*:*", matchCriteriaId: "E1AEB744-FCF2-4A41-8866-9D1D20E6C6B8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.29:*:*:*:*:*:*:*", matchCriteriaId: "51E5EB34-30AD-4E81-8BD4-4AB905E52B82", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.30:*:*:*:*:*:*:*", matchCriteriaId: "4359322B-08D0-4710-A9C3-54BD4A17B800", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.30.2:*:*:*:*:*:*:*", matchCriteriaId: "78F84DF4-DBA7-430C-AF17-F52024EF80D7", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.30.3:*:*:*:*:*:*:*", matchCriteriaId: "34266614-3588-485C-A609-37823F8499AC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.", }, { lang: "es", value: "Asterisk Open Source 1.2.26 hasta 1.2.30.3 y Business Edition B.2.3.5 hasta B.2.5.5, cuando los usuarios realtime IAX2 son habilitados, permite a los atacantes remotos causar una denegación de servicio (caída) a través de intentos de autenticación relativos a (1) usuarios desconocidos o (2) usuarios que usan hostname coincidentes.", }, ], id: "CVE-2008-5558", lastModified: "2024-11-21T00:54:20.233", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-12-17T17:30:00.407", references: [ { source: "cve@mitre.org", url: "http://downloads.digium.com/pub/security/AST-2008-012.html", }, { source: "cve@mitre.org", url: "http://osvdb.org/50675", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32956", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/34982", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/4769", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/499117/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/32773", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1021378", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/3403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://downloads.digium.com/pub/security/AST-2008-012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/50675", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/32956", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/34982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/4769", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/499117/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/32773", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/3403", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-04-23 16:05
Modified
2024-11-21 00:45
Severity ?
Summary
The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:*:*:*:*:*:*:*", matchCriteriaId: "1C05B437-C292-4AA0-8AFE-1CA07CD80034", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.3:*:*:*:*:*:*:*", matchCriteriaId: "0102C4C0-1A7D-4AB7-9817-44E6B0DB761E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4:*:*:*:*:*:*:*", matchCriteriaId: "81DDF486-4185-48EE-869E-0AA6726C31F7", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.5:*:*:*:*:*:*:*", matchCriteriaId: "CF45A8E1-F6B1-42BD-9168-12062FA6EAEA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6:*:*:*:*:*:*:*", matchCriteriaId: "C5757B9B-2759-439A-9A6D-CCDD6C8C8940", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E4548D39-0562-4946-AA51-A7C1A31AEE8E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.7:*:*:*:*:*:*:*", matchCriteriaId: "FCD71268-EAA2-477B-8AC4-DE4853A262B8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.8:*:*:*:*:*:*:*", matchCriteriaId: "529B2115-A191-4F3F-8F8C-A38B7C45463A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*", matchCriteriaId: "3097291D-BBBB-4C69-8909-D6F7AC622B5D", versionEndIncluding: "b.2.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*", matchCriteriaId: "267F32ED-B9E4-4454-99C1-F445E52EE96F", versionEndIncluding: "c1.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:a:*:*:*:*:*:*:*", matchCriteriaId: "313B3A38-8DEA-4D62-A1A4-0B6011E81870", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "802F8680-AB38-41AF-BFC8-F6927F6B1626", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.3:*:*:*:*:*:*:*", matchCriteriaId: "BCAE8D90-B032-4C60-B487-BE655D00FFAE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "AB64A872-B7B8-46A8-81E4-49EDAC160531", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "21000270-C9B9-430C-A252-763887A15835", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "12F7CF45-5482-4947-8F1D-48C746987475", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.2:*:*:*:*:*:*:*", matchCriteriaId: "7B64995D-7892-49AB-A89D-A5D15615C5D9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.3:*:*:*:*:*:*:*", matchCriteriaId: "0397DBD4-EA00-444A-9008-4932F99DF325", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*", matchCriteriaId: "6FCD865F-BC39-4255-A797-6E5945773337", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.6:*:*:*:*:*:*:*", matchCriteriaId: "D7203093-7209-4184-92CB-08AD73FAC379", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "E4956871-4DD3-4299-8BEB-9D98A4449A42", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0:beta7:*:*:*:*:*:*", matchCriteriaId: "F981A428-E7F3-4DE5-91DC-60A1C5C6C6EF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0:beta8:*:*:*:*:*:*", matchCriteriaId: "AF94C93A-723D-4DC5-9342-F091C8C6FF7E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E5C988FD-CFB9-4763-BE5A-B89FB3538FD5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "00A6DAD0-D4C3-4A58-A35A-991E04B50EC8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.6.2:*:*:*:*:*:*:*", matchCriteriaId: "6413B123-65DE-4483-A8A0-F5F30A809570", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:*:*:*:*:*:*:*:*", matchCriteriaId: "272DE03B-1470-45FF-A31B-2CE44A8E8378", versionEndIncluding: "1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CC6FE17C-3B08-4675-9F73-5DC0C2438BB1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0D8AB81C-3DCF-42E9-8022-2F7135022C73", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*", matchCriteriaId: "BB10847E-585B-492B-A174-4D1C14755E0E", versionEndIncluding: "1.2.27", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*", matchCriteriaId: "6BD2F115-4614-4E25-8902-356EEC966E8E", versionEndIncluding: "1.4.19", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0:*:*:*:*:*:*:*", matchCriteriaId: "678DB154-4363-42FF-8B28-367923FC6595", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0:rc1:*:*:*:*:*:*", matchCriteriaId: "0B41BC83-3AE3-4C89-A682-E24A4EFF9605", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0:rc2:*:*:*:*:*:*", matchCriteriaId: "98F2FE25-8CDA-4D6D-884B-82C4D90F7FED", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E8F2C378-FF0E-4765-9F66-625C4064D5CF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A55A9295-F632-4856-90A1-38371EB98589", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7FAE6AF1-884D-41F7-B174-9E13C7719C99", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCA9E35B-9A6B-42F2-9315-9C7D09F62227", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "89B1F293-4F0F-48FD-A1F1-1230B94D87D3", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DDF7EC20-A424-45E5-B7E4-3CC86075858C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "C790E105-55C8-4CDC-9FA8-E1FF6F130A67", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "44C860EF-2B29-4995-B942-000CC43FDD14", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1ADB80EF-C724-44BA-88FC-24087799D0C6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "78B39BE8-7E2D-42DF-8633-44CAD5662777", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "F39036E3-0027-4C72-9DEB-9A6E2B4512C4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "A037E6F9-3EF7-4EEB-AC16-081421BCE40D", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.11:patch:*:*:*:*:*:*", matchCriteriaId: "A553D442-A573-4A60-8514-3C70F651756D", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.11.1:*:*:*:*:*:*:*", matchCriteriaId: "6A7EC02A-9C9E-4589-BBB3-1908D3078A7B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.11.1:patch:*:*:*:*:*:*", matchCriteriaId: "2395C742-D9FE-466F-BC97-67A846539121", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "6C70FA9C-6F3B-4BDF-97FB-81D06AB0EE65", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.12:patch:*:*:*:*:*:*", matchCriteriaId: "58487C69-86C0-4736-BC90-4292AF8E3DB4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "9F7971E1-F136-4ADC-95EC-BC4F92E838CF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:beta1:*:*:*:*:*:*", matchCriteriaId: "E62D108C-862D-4BDB-BE37-285AA4C9C59A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:beta2:*:*:*:*:*:*", matchCriteriaId: "CF1422F3-829D-498C-83A6-02989DFB70A7", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:rc1:*:*:*:*:*:*", matchCriteriaId: "CBEB9D69-A404-4053-92F9-CAC3481AFF1B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:rc2:*:*:*:*:*:*", matchCriteriaId: "E816CCDB-4169-4F09-AE87-E467F4BE7685", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "27202966-2C41-4964-9497-1887D2A834C0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "1471B5A2-15BE-4E7C-BA49-2E6002F7C8EC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.2:netsec:*:*:*:*:*:*", matchCriteriaId: "65223182-1675-462C-AF67-4A48760A63F5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "7108D72F-5AFD-4EEF-B2A9-CA4FA792E193", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.3:netsec:*:*:*:*:*:*", matchCriteriaId: "DC7EB4CD-6436-4E0B-A620-9DF2AC8A3C66", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "107DA2D8-FE7C-4B70-856D-43D58B988694", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.4:netsec:*:*:*:*:*:*", matchCriteriaId: "02D5E6DF-7C9C-479F-986B-D5C8A144ACB8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "ABD71DD9-8A15-45E2-9FB3-F0544D7E1B80", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.5:netsec:*:*:*:*:*:*", matchCriteriaId: "68AF6200-1385-449F-A00E-2BACEE16450B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "5C14614F-4E27-40A6-9E56-2B1DBB10330B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.6:netsec:*:*:*:*:*:*", matchCriteriaId: "61C0769F-6739-41D2-ADD8-924AC04C5F28", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "7A2F2F5A-66FD-4057-917C-66332A88D83E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.7:netsec:*:*:*:*:*:*", matchCriteriaId: "8EF13987-5767-4FED-9584-63D74B0A30A1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "399B0206-B48B-46EF-8CA6-A6E5A2550B25", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.7.1:netsec:*:*:*:*:*:*", matchCriteriaId: "C57C1324-E11A-4B2B-9722-A4A63AEF0497", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "26E9760F-C0EB-47BB-8DA4-CC7815099DAF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.8:netsec:*:*:*:*:*:*", matchCriteriaId: "EE6D9718-D57D-48F6-A2B1-CECAFFCDDFB8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "4C510A9A-C3E2-4AF8-9919-1A22E918CDEF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.9.1:*:*:*:*:*:*:*", matchCriteriaId: "6BD915CD-A7D3-4305-A6C0-290C648A226C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.9.1:netsec:*:*:*:*:*:*", matchCriteriaId: "3249AB40-2058-42E9-9A33-64E434E5BB64", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9E79CCE5-C29B-4726-8D2F-BC20F70959BA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.10:netsec:*:*:*:*:*:*", matchCriteriaId: "0CF6584D-A7BB-4BD5-8232-9293FEE4A971", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "F29C13DB-6F04-4B41-90A2-2408D70F3641", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.11:netsec:*:*:*:*:*:*", matchCriteriaId: "174D6B56-7D0F-46F0-849A-FD05CB348FAC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "0F4F734E-0E78-4957-B323-8E9FBA7FF15C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12:netsec:*:*:*:*:*:*", matchCriteriaId: "938F545A-F8A7-455E-8E5A-2B5454B6CE53", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12.1:*:*:*:*:*:*:*", matchCriteriaId: "1A4B117B-E945-4033-A79D-10DFAA3DF18B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12.1:netsec:*:*:*:*:*:*", matchCriteriaId: "E7C0897A-C841-4AAB-A6B3-1FCF7A99A60A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "EA6D866F-8189-4FFD-AA24-47C0A015C246", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.13:netsec:*:*:*:*:*:*", matchCriteriaId: "B2BAA1B3-7DD3-4248-915D-2BCC0ACFA2C2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "A4EBFB79-C269-4132-BFAB-451F66CE8289", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.14:netsec:*:*:*:*:*:*", matchCriteriaId: "21612C17-7368-4108-B55B-5AB5CA6733E4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:*", matchCriteriaId: "E9E1028E-2C07-4BA3-B891-FA853A87B280", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.15:netsec:*:*:*:*:*:*", matchCriteriaId: "8A0D57D7-15AD-4CDF-A5A7-AB83F8E6154E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:*", matchCriteriaId: "9E74F577-70BD-4FAF-BCFD-10CD21FC5601", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.16:netsec:*:*:*:*:*:*", matchCriteriaId: "06DB25C8-4EA5-465F-8EFA-BCA8D40F1795", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:*", matchCriteriaId: "57BB03E2-E61C-4A94-82DF-8720698CE271", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.17:netsec:*:*:*:*:*:*", matchCriteriaId: "A149F8C2-3DA5-44B2-A288-3482F3975824", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:*", matchCriteriaId: "1B30A36F-5CE6-4246-8752-176FB5999C1A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.18:netsec:*:*:*:*:*:*", matchCriteriaId: "9462B320-B69D-409D-8DCC-D8D6CA1A757D", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:*", matchCriteriaId: "E0F76DFD-4DAC-4B02-8967-B242CDEEF6C9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.19:netsec:*:*:*:*:*:*", matchCriteriaId: "ECCCBAE9-8FD4-43F0-9EF8-56E9BBA3D8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.20:*:*:*:*:*:*:*", matchCriteriaId: "6A59BC20-3217-4584-9196-D1CD9E0D6B52", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.20:netsec:*:*:*:*:*:*", matchCriteriaId: "BEA0014A-659B-4533-A393-6D4ADC80EB0E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:*", matchCriteriaId: "56F728BA-FC9E-4EEE-9A08-C9C7433BD8D9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21:netsec:*:*:*:*:*:*", matchCriteriaId: "8F1621F9-7C84-4CF0-BBCD-CEAEE8683BAA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21.1:*:*:*:*:*:*:*", matchCriteriaId: "3C64DF29-5B3D-401E-885E-8E37FD577254", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21.1:netsec:*:*:*:*:*:*", matchCriteriaId: "346C9F65-B5FB-4A75-8E1B-137112F270D2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:*", matchCriteriaId: "1A7BF52A-2FF8-40ED-B757-28A1101DE8F5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.22:netsec:*:*:*:*:*:*", matchCriteriaId: "7EFEE380-0C64-4413-AF3A-45ABC8833500", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:*", matchCriteriaId: "7A321C2D-852B-4498-ADD6-79956410AB94", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.23:netsec:*:*:*:*:*:*", matchCriteriaId: "8CA18FC6-1480-400E-A885-8CDAE45AA7A8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:*", matchCriteriaId: "9D5F0DCF-C6A2-4A09-90C9-D70F174FDEF5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.24:netsec:*:*:*:*:*:*", matchCriteriaId: "93741261-378B-4C02-8D68-0E5F39128375", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:*", matchCriteriaId: "C820538E-14EC-43C1-80DB-6AAE4905EF0B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.25:netsec:*:*:*:*:*:*", matchCriteriaId: "07CF9DD6-B624-49F0-A8E4-7EBCE7932BEE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*", matchCriteriaId: "E9562112-2505-4F78-86DE-F30EFAEE47D5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26:netsec:*:*:*:*:*:*", matchCriteriaId: "9EEA1E9C-C1FB-4EFD-86EA-DCF78C57FC35", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*", matchCriteriaId: "1A6D8FD0-C8C1-4868-9AF1-96B1949C18AE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec:*:*:*:*:*:*", matchCriteriaId: "5E20FAF7-9031-478E-A89C-D6FB3B5FDE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*", matchCriteriaId: "72A840B4-216B-4063-997F-791FBC8C8658", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec:*:*:*:*:*:*", matchCriteriaId: "72375576-F857-4585-A677-A326D89A65B5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "967DF432-DEF4-4FA2-8C8D-19A7FB663A33", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:beta2:*:*:*:*:*:*", matchCriteriaId: "40850BF4-E252-4667-9B46-9B6FEF6E997D", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:beta3:*:*:*:*:*:*", matchCriteriaId: "1BB01DD1-B29B-4210-88CC-9ADB3148A410", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:beta4:*:*:*:*:*:*", matchCriteriaId: "5C0FA6A3-BFA9-4397-B75B-75C8357C36B2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "295D4042-2D3C-481B-B969-2DDAC1161198", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "044FD0D0-FC92-4A01-B0D4-11A703EF21FD", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.10.1:*:*:*:*:*:*:*", matchCriteriaId: "3477EC1A-9634-492C-B052-35770A9C9F4C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "1C90F104-FA2C-4091-B149-1774AC982C0F", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C9328768-7C08-4143-B5F8-F5C2D735D21A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.12.1:*:*:*:*:*:*:*", matchCriteriaId: "6C04E2B3-094B-4828-A2FC-BB66244A9F73", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "4BDE3D31-4BB2-45A3-B085-8C91152A3152", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "CE0107D4-395E-45F1-B963-7618CCC007D1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "53B8E11B-4984-45A8-A107-D276205988B0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.16:*:*:*:*:*:*:*", matchCriteriaId: "2495DB98-F923-4E60-86EC-2DBB7A98C90C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.16.1:*:*:*:*:*:*:*", matchCriteriaId: "E186D125-996E-4900-A2B8-5CDC8B5D5136", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.16.2:*:*:*:*:*:*:*", matchCriteriaId: "27DC6CF7-4DF8-4472-A684-8CCB5E26FCFD", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.17:*:*:*:*:*:*:*", matchCriteriaId: "88576385-EF03-408B-9775-B52E6AFFE48A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.18:*:*:*:*:*:*:*", matchCriteriaId: "1A838577-2BA1-4792-8B69-6FB07FFD7727", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.18.1:*:*:*:*:*:*:*", matchCriteriaId: "CDEED3E1-13E0-46E6-8AAB-D24D2D04AE4F", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:*:*:*:*:*:*:*:*", matchCriteriaId: "15C01793-C5D3-4359-B332-A8A104832370", versionEndIncluding: "1.1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0:*:*:*:*:*:*:*", matchCriteriaId: "0C3A0A08-4107-4B8B-AE7E-DC23849A54DC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9320928D-D83C-4258-AF62-AB2D1F50D972", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "569084D1-977D-41FC-A444-0B3F5199DDD3", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "02D182FB-761C-4F08-A776-B613FAC55230", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0.3.3:*:*:*:*:*:*:*", matchCriteriaId: "C9046D49-6878-4571-8B9E-2FBD5BA80D19", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A7B5EDAB-61DD-4864-A159-39292D339DA2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "101DFEFB-7627-4D36-AAA2-EDFB4D0E5AB5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.", }, { lang: "es", value: "El driver del canal IAX2 (chan_iax2) en Asterisk Open Source 1.0.x, 1.2.x anteriores a 1.2.28 y 1.4.x anteriores a 1.4.19.1; Business Edition A.x.x, B.x.x anteriores a B.2.5.2 y C.x.x anteriores a C.1.8.1; AsteriskNOW anteriores a 1.0.3; Apliance Developer Kit 0.x.x y s800i anterior a la 1.1.0.3, cuando está configurado para permitir llamadas no autenticadas, no verifica que una respuesta ACK contenga un número que coincida con el de respuesta del servidor a un NUEVO mensaje, que puede permitir a los atacantes provocar una denegación de servicio (amplificación del tráfico) a través de una respuesta ACK falseada, que no complete la negociación de 3 pasos. NOTA: Este problema existe debido a una correción incompleto para CVE-2008-1923", }, ], id: "CVE-2008-1897", lastModified: "2024-11-21T00:45:36.733", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-04-23T16:05:00.000", references: [ { source: "cve@mitre.org", url: "http://bugs.digium.com/view.php?id=10078", }, { source: "cve@mitre.org", url: "http://downloads.digium.com/pub/security/AST-2008-006.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29927", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30010", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30042", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/34982", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { source: "cve@mitre.org", url: "http://www.altsci.com/concepts/page.php?s=asteri&p=2", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2008/dsa-1563", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/491220/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/28901", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1019918", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/1324", }, { source: "cve@mitre.org", url: "https://downloads.asterisk.org/pub/security/AST-2008-006.html", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966", }, { source: "cve@mitre.org", url: "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e", }, { source: "cve@mitre.org", url: "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90", }, { source: "cve@mitre.org", url: "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2", }, { source: "cve@mitre.org", url: "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb", }, { source: "cve@mitre.org", url: "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653", }, { source: "cve@mitre.org", url: "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b", }, { source: "cve@mitre.org", url: "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6", }, { source: "cve@mitre.org", url: "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7", }, { source: "cve@mitre.org", url: "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a", }, { source: "cve@mitre.org", url: "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.digium.com/view.php?id=10078", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://downloads.digium.com/pub/security/AST-2008-006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29927", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30042", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/34982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.altsci.com/concepts/page.php?s=asteri&p=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2008/dsa-1563", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/491220/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/28901", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1019918", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1324", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://downloads.asterisk.org/pub/security/AST-2008-006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-04-23 16:05
Modified
2024-11-21 00:45
Severity ?
Summary
The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "2140AF01-7079-4433-AF28-45E767E59AD6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*", matchCriteriaId: "C58BA442-8E36-492B-9700-B20B469190F4", versionEndIncluding: "b2.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*", matchCriteriaId: "267F32ED-B9E4-4454-99C1-F445E52EE96F", versionEndIncluding: "c1.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:a:*:*:*:*:*:*:*", matchCriteriaId: "313B3A38-8DEA-4D62-A1A4-0B6011E81870", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "802F8680-AB38-41AF-BFC8-F6927F6B1626", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.3:*:*:*:*:*:*:*", matchCriteriaId: "BCAE8D90-B032-4C60-B487-BE655D00FFAE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "AB64A872-B7B8-46A8-81E4-49EDAC160531", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "21000270-C9B9-430C-A252-763887A15835", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "12F7CF45-5482-4947-8F1D-48C746987475", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.2:*:*:*:*:*:*:*", matchCriteriaId: "7B64995D-7892-49AB-A89D-A5D15615C5D9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.3:*:*:*:*:*:*:*", matchCriteriaId: "0397DBD4-EA00-444A-9008-4932F99DF325", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*", matchCriteriaId: "6FCD865F-BC39-4255-A797-6E5945773337", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "E4956871-4DD3-4299-8BEB-9D98A4449A42", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta7:*:*:*:*:*:*:*", matchCriteriaId: "5BC80EBD-14D3-44A6-A06F-0549722E0EFA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0-beta8:*:*:*:*:*:*:*", matchCriteriaId: "7859797F-E9AD-4429-BD2C-A24EC24A5D03", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0beta7:*:*:*:*:*:*:*", matchCriteriaId: "34FAE6AC-1C98-42E0-A5D4-5EA17ED325A0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "00A6DAD0-D4C3-4A58-A35A-991E04B50EC8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:*:*:*:*:*:*:*:*", matchCriteriaId: "272DE03B-1470-45FF-A31B-2CE44A8E8378", versionEndIncluding: "1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CC6FE17C-3B08-4675-9F73-5DC0C2438BB1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0D8AB81C-3DCF-42E9-8022-2F7135022C73", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0:*:*:*:*:*:*:*", matchCriteriaId: "678DB154-4363-42FF-8B28-367923FC6595", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E8F2C378-FF0E-4765-9F66-625C4064D5CF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A55A9295-F632-4856-90A1-38371EB98589", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7FAE6AF1-884D-41F7-B174-9E13C7719C99", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCA9E35B-9A6B-42F2-9315-9C7D09F62227", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DDF7EC20-A424-45E5-B7E4-3CC86075858C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "C790E105-55C8-4CDC-9FA8-E1FF6F130A67", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "44C860EF-2B29-4995-B942-000CC43FDD14", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1ADB80EF-C724-44BA-88FC-24087799D0C6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "78B39BE8-7E2D-42DF-8633-44CAD5662777", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "F39036E3-0027-4C72-9DEB-9A6E2B4512C4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "A037E6F9-3EF7-4EEB-AC16-081421BCE40D", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.11.1:*:*:*:*:*:*:*", matchCriteriaId: "6A7EC02A-9C9E-4589-BBB3-1908D3078A7B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "6C70FA9C-6F3B-4BDF-97FB-81D06AB0EE65", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "9F7971E1-F136-4ADC-95EC-BC4F92E838CF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "27202966-2C41-4964-9497-1887D2A834C0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "1471B5A2-15BE-4E7C-BA49-2E6002F7C8EC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "7108D72F-5AFD-4EEF-B2A9-CA4FA792E193", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.3:netsec:*:*:*:*:*:*", matchCriteriaId: "DC7EB4CD-6436-4E0B-A620-9DF2AC8A3C66", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "107DA2D8-FE7C-4B70-856D-43D58B988694", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.4:netsec:*:*:*:*:*:*", matchCriteriaId: "02D5E6DF-7C9C-479F-986B-D5C8A144ACB8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "ABD71DD9-8A15-45E2-9FB3-F0544D7E1B80", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.5:netsec:*:*:*:*:*:*", matchCriteriaId: "68AF6200-1385-449F-A00E-2BACEE16450B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "5C14614F-4E27-40A6-9E56-2B1DBB10330B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.6:netsec:*:*:*:*:*:*", matchCriteriaId: "61C0769F-6739-41D2-ADD8-924AC04C5F28", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "7A2F2F5A-66FD-4057-917C-66332A88D83E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.7:netsec:*:*:*:*:*:*", matchCriteriaId: "8EF13987-5767-4FED-9584-63D74B0A30A1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "399B0206-B48B-46EF-8CA6-A6E5A2550B25", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.7.1:netsec:*:*:*:*:*:*", matchCriteriaId: "C57C1324-E11A-4B2B-9722-A4A63AEF0497", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "26E9760F-C0EB-47BB-8DA4-CC7815099DAF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.8:netsec:*:*:*:*:*:*", matchCriteriaId: "EE6D9718-D57D-48F6-A2B1-CECAFFCDDFB8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "4C510A9A-C3E2-4AF8-9919-1A22E918CDEF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.9.1:*:*:*:*:*:*:*", matchCriteriaId: "6BD915CD-A7D3-4305-A6C0-290C648A226C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.9.1:netsec:*:*:*:*:*:*", matchCriteriaId: "3249AB40-2058-42E9-9A33-64E434E5BB64", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9E79CCE5-C29B-4726-8D2F-BC20F70959BA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.10:netsec:*:*:*:*:*:*", matchCriteriaId: "0CF6584D-A7BB-4BD5-8232-9293FEE4A971", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "F29C13DB-6F04-4B41-90A2-2408D70F3641", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.11:netsec:*:*:*:*:*:*", matchCriteriaId: "174D6B56-7D0F-46F0-849A-FD05CB348FAC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "0F4F734E-0E78-4957-B323-8E9FBA7FF15C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12:netsec:*:*:*:*:*:*", matchCriteriaId: "938F545A-F8A7-455E-8E5A-2B5454B6CE53", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12.1:*:*:*:*:*:*:*", matchCriteriaId: "1A4B117B-E945-4033-A79D-10DFAA3DF18B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "EA6D866F-8189-4FFD-AA24-47C0A015C246", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.13:netsec:*:*:*:*:*:*", matchCriteriaId: "B2BAA1B3-7DD3-4248-915D-2BCC0ACFA2C2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "A4EBFB79-C269-4132-BFAB-451F66CE8289", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.14:netsec:*:*:*:*:*:*", matchCriteriaId: "21612C17-7368-4108-B55B-5AB5CA6733E4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:*", matchCriteriaId: "E9E1028E-2C07-4BA3-B891-FA853A87B280", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.15:netsec:*:*:*:*:*:*", matchCriteriaId: "8A0D57D7-15AD-4CDF-A5A7-AB83F8E6154E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:*", matchCriteriaId: "9E74F577-70BD-4FAF-BCFD-10CD21FC5601", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.16:netsec:*:*:*:*:*:*", matchCriteriaId: "06DB25C8-4EA5-465F-8EFA-BCA8D40F1795", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:*", matchCriteriaId: "57BB03E2-E61C-4A94-82DF-8720698CE271", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.17:netsec:*:*:*:*:*:*", matchCriteriaId: "A149F8C2-3DA5-44B2-A288-3482F3975824", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:*", matchCriteriaId: "1B30A36F-5CE6-4246-8752-176FB5999C1A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.18:netsec:*:*:*:*:*:*", matchCriteriaId: "9462B320-B69D-409D-8DCC-D8D6CA1A757D", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:*", matchCriteriaId: "E0F76DFD-4DAC-4B02-8967-B242CDEEF6C9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.19:netsec:*:*:*:*:*:*", matchCriteriaId: "ECCCBAE9-8FD4-43F0-9EF8-56E9BBA3D8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.20:*:*:*:*:*:*:*", matchCriteriaId: "6A59BC20-3217-4584-9196-D1CD9E0D6B52", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.20:netsec:*:*:*:*:*:*", matchCriteriaId: "BEA0014A-659B-4533-A393-6D4ADC80EB0E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:*", matchCriteriaId: "56F728BA-FC9E-4EEE-9A08-C9C7433BD8D9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21:netsec:*:*:*:*:*:*", matchCriteriaId: "8F1621F9-7C84-4CF0-BBCD-CEAEE8683BAA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21.1:*:*:*:*:*:*:*", matchCriteriaId: "3C64DF29-5B3D-401E-885E-8E37FD577254", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21.1:netsec:*:*:*:*:*:*", matchCriteriaId: "346C9F65-B5FB-4A75-8E1B-137112F270D2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:*", matchCriteriaId: "1A7BF52A-2FF8-40ED-B757-28A1101DE8F5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.22:netsec:*:*:*:*:*:*", matchCriteriaId: "7EFEE380-0C64-4413-AF3A-45ABC8833500", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:*", matchCriteriaId: "7A321C2D-852B-4498-ADD6-79956410AB94", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.23:netsec:*:*:*:*:*:*", matchCriteriaId: "8CA18FC6-1480-400E-A885-8CDAE45AA7A8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:*", matchCriteriaId: "9D5F0DCF-C6A2-4A09-90C9-D70F174FDEF5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.24:netsec:*:*:*:*:*:*", matchCriteriaId: "93741261-378B-4C02-8D68-0E5F39128375", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:*", matchCriteriaId: "C820538E-14EC-43C1-80DB-6AAE4905EF0B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.25:netsec:*:*:*:*:*:*", matchCriteriaId: "07CF9DD6-B624-49F0-A8E4-7EBCE7932BEE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*", matchCriteriaId: "E9562112-2505-4F78-86DE-F30EFAEE47D5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26:netsec:*:*:*:*:*:*", matchCriteriaId: "9EEA1E9C-C1FB-4EFD-86EA-DCF78C57FC35", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*", matchCriteriaId: "1A6D8FD0-C8C1-4868-9AF1-96B1949C18AE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec:*:*:*:*:*:*", matchCriteriaId: "5E20FAF7-9031-478E-A89C-D6FB3B5FDE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*", matchCriteriaId: "72A840B4-216B-4063-997F-791FBC8C8658", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec:*:*:*:*:*:*", matchCriteriaId: "72375576-F857-4585-A677-A326D89A65B5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.27:*:*:*:*:*:*:*", matchCriteriaId: "BE47A547-26E7-48F9-B0A6-2F65E04A1EDE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.28:*:*:*:*:*:*:*", matchCriteriaId: "E1AEB744-FCF2-4A41-8866-9D1D20E6C6B8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "967DF432-DEF4-4FA2-8C8D-19A7FB663A33", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:beta2:*:*:*:*:*:*", matchCriteriaId: "40850BF4-E252-4667-9B46-9B6FEF6E997D", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:beta3:*:*:*:*:*:*", matchCriteriaId: "1BB01DD1-B29B-4210-88CC-9ADB3148A410", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:beta4:*:*:*:*:*:*", matchCriteriaId: "5C0FA6A3-BFA9-4397-B75B-75C8357C36B2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "295D4042-2D3C-481B-B969-2DDAC1161198", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "99E9EE2A-56AD-42BC-8CB0-D34091849B0E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "96877A3E-B54B-4F31-B281-76CDC98B2D02", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "6D0B4503-42A6-4D88-954E-A662E91EC204", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "A4B73813-BCD8-429E-B9B9-D6665E026BC5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "5BBA3ECC-4F40-41CD-A6D7-BBD680DDBACC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "9CBE2156-AF86-4C72-B33D-3FF83930F828", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "61408884-FBBF-4D94-A552-F99AB46DCED6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "4A527277-D97D-4B74-906F-7481BDBD96D6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "D8B57A32-7B83-4783-A244-C26301970444", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "044FD0D0-FC92-4A01-B0D4-11A703EF21FD", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.10.1:*:*:*:*:*:*:*", matchCriteriaId: "3477EC1A-9634-492C-B052-35770A9C9F4C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "1C90F104-FA2C-4091-B149-1774AC982C0F", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C9328768-7C08-4143-B5F8-F5C2D735D21A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.12.1:*:*:*:*:*:*:*", matchCriteriaId: "6C04E2B3-094B-4828-A2FC-BB66244A9F73", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "4BDE3D31-4BB2-45A3-B085-8C91152A3152", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "CE0107D4-395E-45F1-B963-7618CCC007D1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "53B8E11B-4984-45A8-A107-D276205988B0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.16:*:*:*:*:*:*:*", matchCriteriaId: "2495DB98-F923-4E60-86EC-2DBB7A98C90C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.16.1:*:*:*:*:*:*:*", matchCriteriaId: "E186D125-996E-4900-A2B8-5CDC8B5D5136", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.16.2:*:*:*:*:*:*:*", matchCriteriaId: "27DC6CF7-4DF8-4472-A684-8CCB5E26FCFD", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.17:*:*:*:*:*:*:*", matchCriteriaId: "88576385-EF03-408B-9775-B52E6AFFE48A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.18:*:*:*:*:*:*:*", matchCriteriaId: "1A838577-2BA1-4792-8B69-6FB07FFD7727", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.18.1:*:*:*:*:*:*:*", matchCriteriaId: "CDEED3E1-13E0-46E6-8AAB-D24D2D04AE4F", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.19:rc1:*:*:*:*:*:*", matchCriteriaId: "BFC1BB05-15C6-4829-86EB-5B1BFA4B5B17", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.19:rc2:*:*:*:*:*:*", matchCriteriaId: "AB77E88B-7233-4979-914E-24E671C1FB23", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.19:rc3:*:*:*:*:*:*", matchCriteriaId: "C4FF0F09-0268-480F-A2F3-6F8C3F323EEB", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.19:rc4:*:*:*:*:*:*", matchCriteriaId: "1CCF9CAE-674A-4833-9D5C-FCBD865BE9F6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:*:*:*:*:*:*:*:*", matchCriteriaId: "15C01793-C5D3-4359-B332-A8A104832370", versionEndIncluding: "1.1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0:*:*:*:*:*:*:*", matchCriteriaId: "0C3A0A08-4107-4B8B-AE7E-DC23849A54DC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9320928D-D83C-4258-AF62-AB2D1F50D972", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "569084D1-977D-41FC-A444-0B3F5199DDD3", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "02D182FB-761C-4F08-A776-B613FAC55230", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0.3.3:*:*:*:*:*:*:*", matchCriteriaId: "C9046D49-6878-4571-8B9E-2FBD5BA80D19", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A7B5EDAB-61DD-4864-A159-39292D339DA2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "101DFEFB-7627-4D36-AAA2-EDFB4D0E5AB5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.", }, { lang: "es", value: "El IAX2 channel driver (chan_iax2) en Asterisk 1.2 anterior a la revisión 72630 y 1.4 anterior a la revisión 65679, cuando está configurado para permitir llamadas sin autenticación, envía \"early audio\" a una IP sin verificar de un mensaje NEW, lo que permite a atacantes remotos provocar una denegación de servicio (amplificación del tráfico) a través de un mensaje NEW falseado.", }, ], id: "CVE-2008-1923", lastModified: "2024-11-21T00:45:40.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-04-23T16:05:00.000", references: [ { source: "cve@mitre.org", url: "http://bugs.digium.com/view.php?id=10078", }, { source: "cve@mitre.org", url: "http://downloads.digium.com/pub/security/AST-2008-006.html", }, { source: "cve@mitre.org", url: "http://www.altsci.com/concepts/page.php?s=asteri&p=1", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.digium.com/view.php?id=10078", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://downloads.digium.com/pub/security/AST-2008-006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.altsci.com/concepts/page.php?s=asteri&p=1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-16", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-03-20 00:44
Modified
2024-11-21 00:44
Severity ?
Summary
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*", matchCriteriaId: "C6702046-43CF-4C84-9F76-24716C9F7D20", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*", matchCriteriaId: "524CF00B-1B36-4C1F-80B4-28349891669B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*", matchCriteriaId: "2942FA48-42CE-4E67-A5BF-7852652EDE28", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*", matchCriteriaId: "4160A834-9194-474C-819B-60627E470D13", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:b.2.2.1:*:business:*:*:*:*:*", matchCriteriaId: "D81F6E55-80F1-4770-9FF0-305EEEF3C4E4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:b.2.3.1:*:business:*:*:*:*:*", matchCriteriaId: "087DC9EC-0DF2-48AE-BB62-8DDF95C3EC56", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:b.2.3.2:*:business:*:*:*:*:*", matchCriteriaId: "471032A5-5EB6-44D1-91C8-BEA42C1E205A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:b.2.3.3:*:business:*:*:*:*:*", matchCriteriaId: "6FEB3FCA-065E-4C32-A4C7-F2C79F214F17", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:b.2.3.4:*:business:*:*:*:*:*", matchCriteriaId: "636D765F-C47B-4762-9419-D7B51FA38AEE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:b.2.3.5:*:business:*:*:*:*:*", matchCriteriaId: "36F29EE8-E05F-4F0A-B0FA-66C551856C3A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:b.2.3.6:*:business:*:*:*:*:*", matchCriteriaId: "CEAA72FE-E13C-4363-AF5C-7D1CEEE2FA77", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:c.1.0_beta7:*:business:*:*:*:*:*", matchCriteriaId: "D0A87D63-35F5-47D7-893B-E8B179B16C3A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:c.1.0_beta8:*:business:*:*:*:*:*", matchCriteriaId: "95C1809E-9031-483F-B873-160284FA71D7", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:c.1.6:*:business:*:*:*:*:*", matchCriteriaId: "E35C336A-A786-476B-8B9F-E682D999B6AA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk:c.1.6.1:*:business:*:*:*:*:*", matchCriteriaId: "8121721B-EBC6-44EA-86D6-7B0FF1C8FF52", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "DEF22BFB-2B22-4FBE-AE35-D7BC2A461865", versionEndIncluding: "1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.2:*:*:*:*:*:*:*", matchCriteriaId: "1C05B437-C292-4AA0-8AFE-1CA07CD80034", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.3:*:*:*:*:*:*:*", matchCriteriaId: "0102C4C0-1A7D-4AB7-9817-44E6B0DB761E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4:*:*:*:*:*:*:*", matchCriteriaId: "81DDF486-4185-48EE-869E-0AA6726C31F7", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.5:*:*:*:*:*:*:*", matchCriteriaId: "CF45A8E1-F6B1-42BD-9168-12062FA6EAEA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6:*:*:*:*:*:*:*", matchCriteriaId: "C5757B9B-2759-439A-9A6D-CCDD6C8C8940", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E4548D39-0562-4946-AA51-A7C1A31AEE8E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.7:*:*:*:*:*:*:*", matchCriteriaId: "FCD71268-EAA2-477B-8AC4-DE4853A262B8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.8:*:*:*:*:*:*:*", matchCriteriaId: "529B2115-A191-4F3F-8F8C-A38B7C45463A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:1.3:*:*:*:*:*:*:*", matchCriteriaId: "B76EFDCA-20EC-4C62-A0AD-CBD317D69441", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*", matchCriteriaId: "D4EC98BF-00C0-48F5-ADFA-DB8AC6E95F3A", versionEndIncluding: "a", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*", matchCriteriaId: "9E140B81-4528-4BCC-AE60-B91DD4B2C9FE", versionEndIncluding: "b.2.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*", matchCriteriaId: "8E8CF6B9-050B-426B-86FC-8A32E8C09A68", versionEndIncluding: "c.1.6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:*:*:*:*:*:*:*:*", matchCriteriaId: "B7C58E6B-AECC-48AF-8059-61772690776A", versionEndIncluding: "1.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisknow:1.0:*:*:*:*:*:*:*", matchCriteriaId: "CC6FE17C-3B08-4675-9F73-5DC0C2438BB1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*", matchCriteriaId: "A66DC4A6-290C-48ED-A0F8-8DC05EA0AAC6", versionEndIncluding: "1.2.26", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*", matchCriteriaId: "6CEDD6A3-13B1-4553-8BAD-93DB5203F3B6", versionEndIncluding: "1.4.17", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:*:rc-2:*:*:*:*:*:*", matchCriteriaId: "F4AB8D8F-15AC-4516-85A2-B5D2B5B3DF04", versionEndIncluding: "1.4.19", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0:*:*:*:*:*:*:*", matchCriteriaId: "678DB154-4363-42FF-8B28-367923FC6595", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E8F2C378-FF0E-4765-9F66-625C4064D5CF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A55A9295-F632-4856-90A1-38371EB98589", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7FAE6AF1-884D-41F7-B174-9E13C7719C99", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCA9E35B-9A6B-42F2-9315-9C7D09F62227", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.3.4:*:*:*:*:*:*:*", matchCriteriaId: "89B1F293-4F0F-48FD-A1F1-1230B94D87D3", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DDF7EC20-A424-45E5-B7E4-3CC86075858C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "C790E105-55C8-4CDC-9FA8-E1FF6F130A67", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "44C860EF-2B29-4995-B942-000CC43FDD14", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "1ADB80EF-C724-44BA-88FC-24087799D0C6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "78B39BE8-7E2D-42DF-8633-44CAD5662777", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "F39036E3-0027-4C72-9DEB-9A6E2B4512C4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "A037E6F9-3EF7-4EEB-AC16-081421BCE40D", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.11.1:*:*:*:*:*:*:*", matchCriteriaId: "6A7EC02A-9C9E-4589-BBB3-1908D3078A7B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "6C70FA9C-6F3B-4BDF-97FB-81D06AB0EE65", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "9F7971E1-F136-4ADC-95EC-BC4F92E838CF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:beta1:*:*:*:*:*:*", matchCriteriaId: "E62D108C-862D-4BDB-BE37-285AA4C9C59A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:beta2:*:*:*:*:*:*", matchCriteriaId: "CF1422F3-829D-498C-83A6-02989DFB70A7", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:rc1:*:*:*:*:*:*", matchCriteriaId: "CBEB9D69-A404-4053-92F9-CAC3481AFF1B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0beta2:*:*:*:*:*:*:*", matchCriteriaId: "C7B2F43B-8B69-4BF6-86B7-A225175FF068", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "27202966-2C41-4964-9497-1887D2A834C0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "1471B5A2-15BE-4E7C-BA49-2E6002F7C8EC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "7108D72F-5AFD-4EEF-B2A9-CA4FA792E193", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "107DA2D8-FE7C-4B70-856D-43D58B988694", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.5:*:*:*:*:*:*:*", matchCriteriaId: "ABD71DD9-8A15-45E2-9FB3-F0544D7E1B80", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.6:*:*:*:*:*:*:*", matchCriteriaId: "5C14614F-4E27-40A6-9E56-2B1DBB10330B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.7:*:*:*:*:*:*:*", matchCriteriaId: "7A2F2F5A-66FD-4057-917C-66332A88D83E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "399B0206-B48B-46EF-8CA6-A6E5A2550B25", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "26E9760F-C0EB-47BB-8DA4-CC7815099DAF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.9:*:*:*:*:*:*:*", matchCriteriaId: "4C510A9A-C3E2-4AF8-9919-1A22E918CDEF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.9.1:*:*:*:*:*:*:*", matchCriteriaId: "6BD915CD-A7D3-4305-A6C0-290C648A226C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9E79CCE5-C29B-4726-8D2F-BC20F70959BA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "F29C13DB-6F04-4B41-90A2-2408D70F3641", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "0F4F734E-0E78-4957-B323-8E9FBA7FF15C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12.1:*:*:*:*:*:*:*", matchCriteriaId: "1A4B117B-E945-4033-A79D-10DFAA3DF18B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "EA6D866F-8189-4FFD-AA24-47C0A015C246", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "A4EBFB79-C269-4132-BFAB-451F66CE8289", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:*", matchCriteriaId: "E9E1028E-2C07-4BA3-B891-FA853A87B280", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:*", matchCriteriaId: "9E74F577-70BD-4FAF-BCFD-10CD21FC5601", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:*", matchCriteriaId: "57BB03E2-E61C-4A94-82DF-8720698CE271", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:*", matchCriteriaId: "1B30A36F-5CE6-4246-8752-176FB5999C1A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:*", matchCriteriaId: "E0F76DFD-4DAC-4B02-8967-B242CDEEF6C9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.20:*:*:*:*:*:*:*", matchCriteriaId: "6A59BC20-3217-4584-9196-D1CD9E0D6B52", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:*", matchCriteriaId: "56F728BA-FC9E-4EEE-9A08-C9C7433BD8D9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21.1:*:*:*:*:*:*:*", matchCriteriaId: "3C64DF29-5B3D-401E-885E-8E37FD577254", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:*", matchCriteriaId: "1A7BF52A-2FF8-40ED-B757-28A1101DE8F5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:*", matchCriteriaId: "7A321C2D-852B-4498-ADD6-79956410AB94", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:*", matchCriteriaId: "9D5F0DCF-C6A2-4A09-90C9-D70F174FDEF5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:*", matchCriteriaId: "C820538E-14EC-43C1-80DB-6AAE4905EF0B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*", matchCriteriaId: "1A6D8FD0-C8C1-4868-9AF1-96B1949C18AE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*", matchCriteriaId: "72A840B4-216B-4063-997F-791FBC8C8658", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "967DF432-DEF4-4FA2-8C8D-19A7FB663A33", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:beta2:*:*:*:*:*:*", matchCriteriaId: "40850BF4-E252-4667-9B46-9B6FEF6E997D", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:beta3:*:*:*:*:*:*", matchCriteriaId: "1BB01DD1-B29B-4210-88CC-9ADB3148A410", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:beta4:*:*:*:*:*:*", matchCriteriaId: "5C0FA6A3-BFA9-4397-B75B-75C8357C36B2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "295D4042-2D3C-481B-B969-2DDAC1161198", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "044FD0D0-FC92-4A01-B0D4-11A703EF21FD", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.10.1:*:*:*:*:*:*:*", matchCriteriaId: "3477EC1A-9634-492C-B052-35770A9C9F4C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "1C90F104-FA2C-4091-B149-1774AC982C0F", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C9328768-7C08-4143-B5F8-F5C2D735D21A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.12.1:*:*:*:*:*:*:*", matchCriteriaId: "6C04E2B3-094B-4828-A2FC-BB66244A9F73", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "4BDE3D31-4BB2-45A3-B085-8C91152A3152", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "CE0107D4-395E-45F1-B963-7618CCC007D1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "53B8E11B-4984-45A8-A107-D276205988B0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.16:*:*:*:*:*:*:*", matchCriteriaId: "2495DB98-F923-4E60-86EC-2DBB7A98C90C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.16.1:*:*:*:*:*:*:*", matchCriteriaId: "E186D125-996E-4900-A2B8-5CDC8B5D5136", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.16.2:*:*:*:*:*:*:*", matchCriteriaId: "27DC6CF7-4DF8-4472-A684-8CCB5E26FCFD", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.18:*:*:*:*:*:*:*", matchCriteriaId: "1A838577-2BA1-4792-8B69-6FB07FFD7727", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.19:rc3:*:*:*:*:*:*", matchCriteriaId: "C4FF0F09-0268-480F-A2F3-6F8C3F323EEB", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:*:*:*:*:*:*:*:*", matchCriteriaId: "6D1E04DC-AE6A-4536-8E45-36494E51B036", versionEndIncluding: "1.1.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0:*:*:*:*:*:*:*", matchCriteriaId: "0C3A0A08-4107-4B8B-AE7E-DC23849A54DC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9320928D-D83C-4258-AF62-AB2D1F50D972", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "569084D1-977D-41FC-A444-0B3F5199DDD3", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "02D182FB-761C-4F08-A776-B613FAC55230", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.0.3.3:*:*:*:*:*:*:*", matchCriteriaId: "C9046D49-6878-4571-8B9E-2FBD5BA80D19", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:s800i:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A7B5EDAB-61DD-4864-A159-39292D339DA2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.", }, { lang: "es", value: "Vulnerabilidad no especificada en Asterisk Open Source versiones 1.2.x anteriores a 1.2.27, 1.4.x anteriores a 1.4.18.1 y 1.4.19-rc3; en Business Edition versiones A.x.x, B.x.x anteriores a B.2.5.1, y C.x.x anteriores a C.1.6.2; en AsteriskNOW versiones 1.0.x anteriores a 1.0.2; Appliance Developer Kit anteriores a 1.4 revisión 109393; y s800i versiones 1.0.x anteriores a 1.1.0.2 permite a atacantes remotos acceder al controlador del canal SIP mediante la utilización de una cabecera From especialmente construida.", }, ], id: "CVE-2008-1332", lastModified: "2024-11-21T00:44:17.453", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 8.8, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 9.2, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2008-03-20T00:44:00.000", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://downloads.digium.com/pub/security/AST-2008-003.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29426", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29456", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29470", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29782", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29957", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200804-13.xml", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1019629", }, { source: "cve@mitre.org", url: "http://www.asterisk.org/node/48466", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2008/dsa-1525", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/489818/100/0/threaded", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/28310", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/0928", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", }, { source: "cve@mitre.org", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://downloads.digium.com/pub/security/AST-2008-003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29426", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29456", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29782", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/29957", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200804-13.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1019629", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.asterisk.org/node/48466", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2008/dsa-1525", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/489818/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/28310", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/0928", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-01-14 23:30
Modified
2024-11-21 00:58
Severity ?
Summary
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:*:*:*:*:*:*:*:*", matchCriteriaId: "24A5B8FE-5EB4-4EFD-957D-D0B7AADC55E5", versionEndIncluding: "b.2.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:*:beta8:*:*:*:*:*:*", matchCriteriaId: "5E583AB0-6127-4C34-B6C6-1837F5D0C2D6", versionEndIncluding: "c.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:a:*:*:*:*:*:*:*", matchCriteriaId: "313B3A38-8DEA-4D62-A1A4-0B6011E81870", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "802F8680-AB38-41AF-BFC8-F6927F6B1626", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.3:*:*:*:*:*:*:*", matchCriteriaId: "BCAE8D90-B032-4C60-B487-BE655D00FFAE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "AB64A872-B7B8-46A8-81E4-49EDAC160531", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.1:*:*:*:*:*:*:*", matchCriteriaId: "21000270-C9B9-430C-A252-763887A15835", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "12F7CF45-5482-4947-8F1D-48C746987475", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.2:*:*:*:*:*:*:*", matchCriteriaId: "7B64995D-7892-49AB-A89D-A5D15615C5D9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.3:*:*:*:*:*:*:*", matchCriteriaId: "0397DBD4-EA00-444A-9008-4932F99DF325", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:*:*:*:*:*:*:*", matchCriteriaId: "6FCD865F-BC39-4255-A797-6E5945773337", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.5:*:*:*:*:*:*:*", matchCriteriaId: "BB3C2CF4-4A4B-4398-92DC-EAE43801D08A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.6:*:*:*:*:*:*:*", matchCriteriaId: "D7203093-7209-4184-92CB-08AD73FAC379", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "E4956871-4DD3-4299-8BEB-9D98A4449A42", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "F796D547-034A-46FB-B245-3863C198AA84", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.3:*:*:*:*:*:*:*", matchCriteriaId: "0F04F844-79C4-41F3-9671-8B46460D0AAE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0:beta7:*:*:*:*:*:*", matchCriteriaId: "F981A428-E7F3-4DE5-91DC-60A1C5C6C6EF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*", matchCriteriaId: "BC6254A9-FDE8-4167-9B8F-BA387A813DCC", versionEndIncluding: "1.2.30.4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:*:rc3:*:*:*:*:*:*", matchCriteriaId: "FD73983B-7A1A-4016-B5D6-EA1019CC8D35", versionEndIncluding: "1.4.23", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:*:rc1:*:*:*:*:*:*", matchCriteriaId: "8E0B464C-075E-4B62-B00A-53AA2613B619", versionEndIncluding: "1.6.0.3", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "9F7971E1-F136-4ADC-95EC-BC4F92E838CF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:beta1:*:*:*:*:*:*", matchCriteriaId: "E62D108C-862D-4BDB-BE37-285AA4C9C59A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:beta2:*:*:*:*:*:*", matchCriteriaId: "CF1422F3-829D-498C-83A6-02989DFB70A7", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:rc1:*:*:*:*:*:*", matchCriteriaId: "CBEB9D69-A404-4053-92F9-CAC3481AFF1B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0:rc2:*:*:*:*:*:*", matchCriteriaId: "E816CCDB-4169-4F09-AE87-E467F4BE7685", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0beta1:*:*:*:*:*:*:*", matchCriteriaId: "7435F043-F92B-4635-93CC-A2C39AAE1BCA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.0beta2:*:*:*:*:*:*:*", matchCriteriaId: "C7B2F43B-8B69-4BF6-86B7-A225175FF068", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "27202966-2C41-4964-9497-1887D2A834C0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.2:*:*:*:*:*:*:*", matchCriteriaId: "1471B5A2-15BE-4E7C-BA49-2E6002F7C8EC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.2:netsec:*:*:*:*:*:*", matchCriteriaId: "65223182-1675-462C-AF67-4A48760A63F5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.3:*:*:*:*:*:*:*", matchCriteriaId: "7108D72F-5AFD-4EEF-B2A9-CA4FA792E193", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.3:netsec:*:*:*:*:*:*", matchCriteriaId: "DC7EB4CD-6436-4E0B-A620-9DF2AC8A3C66", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9E79CCE5-C29B-4726-8D2F-BC20F70959BA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.10:netsec:*:*:*:*:*:*", matchCriteriaId: "0CF6584D-A7BB-4BD5-8232-9293FEE4A971", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.11:*:*:*:*:*:*:*", matchCriteriaId: "F29C13DB-6F04-4B41-90A2-2408D70F3641", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.11:netsec:*:*:*:*:*:*", matchCriteriaId: "174D6B56-7D0F-46F0-849A-FD05CB348FAC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12:*:*:*:*:*:*:*", matchCriteriaId: "0F4F734E-0E78-4957-B323-8E9FBA7FF15C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12:netsec:*:*:*:*:*:*", matchCriteriaId: "938F545A-F8A7-455E-8E5A-2B5454B6CE53", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12.1:*:*:*:*:*:*:*", matchCriteriaId: "1A4B117B-E945-4033-A79D-10DFAA3DF18B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.12.1:netsec:*:*:*:*:*:*", matchCriteriaId: "E7C0897A-C841-4AAB-A6B3-1FCF7A99A60A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.13:*:*:*:*:*:*:*", matchCriteriaId: "EA6D866F-8189-4FFD-AA24-47C0A015C246", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.13:netsec:*:*:*:*:*:*", matchCriteriaId: "B2BAA1B3-7DD3-4248-915D-2BCC0ACFA2C2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.14:*:*:*:*:*:*:*", matchCriteriaId: "A4EBFB79-C269-4132-BFAB-451F66CE8289", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.14:netsec:*:*:*:*:*:*", matchCriteriaId: "21612C17-7368-4108-B55B-5AB5CA6733E4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.15:*:*:*:*:*:*:*", matchCriteriaId: "E9E1028E-2C07-4BA3-B891-FA853A87B280", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.15:netsec:*:*:*:*:*:*", matchCriteriaId: "8A0D57D7-15AD-4CDF-A5A7-AB83F8E6154E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.16:*:*:*:*:*:*:*", matchCriteriaId: "9E74F577-70BD-4FAF-BCFD-10CD21FC5601", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.16:netsec:*:*:*:*:*:*", matchCriteriaId: "06DB25C8-4EA5-465F-8EFA-BCA8D40F1795", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.17:*:*:*:*:*:*:*", matchCriteriaId: "57BB03E2-E61C-4A94-82DF-8720698CE271", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.17:netsec:*:*:*:*:*:*", matchCriteriaId: "A149F8C2-3DA5-44B2-A288-3482F3975824", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.18:*:*:*:*:*:*:*", matchCriteriaId: "1B30A36F-5CE6-4246-8752-176FB5999C1A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.18:netsec:*:*:*:*:*:*", matchCriteriaId: "9462B320-B69D-409D-8DCC-D8D6CA1A757D", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.19:*:*:*:*:*:*:*", matchCriteriaId: "E0F76DFD-4DAC-4B02-8967-B242CDEEF6C9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.19:netsec:*:*:*:*:*:*", matchCriteriaId: "ECCCBAE9-8FD4-43F0-9EF8-56E9BBA3D8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.20:*:*:*:*:*:*:*", matchCriteriaId: "6A59BC20-3217-4584-9196-D1CD9E0D6B52", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.20:netsec:*:*:*:*:*:*", matchCriteriaId: "BEA0014A-659B-4533-A393-6D4ADC80EB0E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21:*:*:*:*:*:*:*", matchCriteriaId: "56F728BA-FC9E-4EEE-9A08-C9C7433BD8D9", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21:netsec:*:*:*:*:*:*", matchCriteriaId: "8F1621F9-7C84-4CF0-BBCD-CEAEE8683BAA", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21.1:*:*:*:*:*:*:*", matchCriteriaId: "3C64DF29-5B3D-401E-885E-8E37FD577254", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.21.1:netsec:*:*:*:*:*:*", matchCriteriaId: "346C9F65-B5FB-4A75-8E1B-137112F270D2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.22:*:*:*:*:*:*:*", matchCriteriaId: "1A7BF52A-2FF8-40ED-B757-28A1101DE8F5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.22:netsec:*:*:*:*:*:*", matchCriteriaId: "7EFEE380-0C64-4413-AF3A-45ABC8833500", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.23:*:*:*:*:*:*:*", matchCriteriaId: "7A321C2D-852B-4498-ADD6-79956410AB94", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.23:netsec:*:*:*:*:*:*", matchCriteriaId: "8CA18FC6-1480-400E-A885-8CDAE45AA7A8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.24:*:*:*:*:*:*:*", matchCriteriaId: "9D5F0DCF-C6A2-4A09-90C9-D70F174FDEF5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.24:netsec:*:*:*:*:*:*", matchCriteriaId: "93741261-378B-4C02-8D68-0E5F39128375", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.25:*:*:*:*:*:*:*", matchCriteriaId: "C820538E-14EC-43C1-80DB-6AAE4905EF0B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.25:netsec:*:*:*:*:*:*", matchCriteriaId: "07CF9DD6-B624-49F0-A8E4-7EBCE7932BEE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26:*:*:*:*:*:*:*", matchCriteriaId: "E9562112-2505-4F78-86DE-F30EFAEE47D5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26:netsec:*:*:*:*:*:*", matchCriteriaId: "9EEA1E9C-C1FB-4EFD-86EA-DCF78C57FC35", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.1:*:*:*:*:*:*:*", matchCriteriaId: "1A6D8FD0-C8C1-4868-9AF1-96B1949C18AE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec:*:*:*:*:*:*", matchCriteriaId: "5E20FAF7-9031-478E-A89C-D6FB3B5FDE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.2:*:*:*:*:*:*:*", matchCriteriaId: "72A840B4-216B-4063-997F-791FBC8C8658", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec:*:*:*:*:*:*", matchCriteriaId: "72375576-F857-4585-A677-A326D89A65B5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.27:*:*:*:*:*:*:*", matchCriteriaId: "BE47A547-26E7-48F9-B0A6-2F65E04A1EDE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.28:*:*:*:*:*:*:*", matchCriteriaId: "E1AEB744-FCF2-4A41-8866-9D1D20E6C6B8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.29:*:*:*:*:*:*:*", matchCriteriaId: "51E5EB34-30AD-4E81-8BD4-4AB905E52B82", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.30:*:*:*:*:*:*:*", matchCriteriaId: "4359322B-08D0-4710-A9C3-54BD4A17B800", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.30.2:*:*:*:*:*:*:*", matchCriteriaId: "78F84DF4-DBA7-430C-AF17-F52024EF80D7", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.2.30.3:*:*:*:*:*:*:*", matchCriteriaId: "34266614-3588-485C-A609-37823F8499AC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "967DF432-DEF4-4FA2-8C8D-19A7FB663A33", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:beta2:*:*:*:*:*:*", matchCriteriaId: "40850BF4-E252-4667-9B46-9B6FEF6E997D", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:beta3:*:*:*:*:*:*", matchCriteriaId: "1BB01DD1-B29B-4210-88CC-9ADB3148A410", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.0:beta4:*:*:*:*:*:*", matchCriteriaId: "5C0FA6A3-BFA9-4397-B75B-75C8357C36B2", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.1:*:*:*:*:*:*:*", matchCriteriaId: "295D4042-2D3C-481B-B969-2DDAC1161198", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.2:*:*:*:*:*:*:*", matchCriteriaId: "99E9EE2A-56AD-42BC-8CB0-D34091849B0E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.3:*:*:*:*:*:*:*", matchCriteriaId: "96877A3E-B54B-4F31-B281-76CDC98B2D02", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.4:*:*:*:*:*:*:*", matchCriteriaId: "6D0B4503-42A6-4D88-954E-A662E91EC204", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "A4B73813-BCD8-429E-B9B9-D6665E026BC5", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.6:*:*:*:*:*:*:*", matchCriteriaId: "5BBA3ECC-4F40-41CD-A6D7-BBD680DDBACC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "9CBE2156-AF86-4C72-B33D-3FF83930F828", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "61408884-FBBF-4D94-A552-F99AB46DCED6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.8:*:*:*:*:*:*:*", matchCriteriaId: "4A527277-D97D-4B74-906F-7481BDBD96D6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.9:*:*:*:*:*:*:*", matchCriteriaId: "D8B57A32-7B83-4783-A244-C26301970444", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.10:*:*:*:*:*:*:*", matchCriteriaId: "044FD0D0-FC92-4A01-B0D4-11A703EF21FD", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.10.1:*:*:*:*:*:*:*", matchCriteriaId: "3477EC1A-9634-492C-B052-35770A9C9F4C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.11:*:*:*:*:*:*:*", matchCriteriaId: "1C90F104-FA2C-4091-B149-1774AC982C0F", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C9328768-7C08-4143-B5F8-F5C2D735D21A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.12.1:*:*:*:*:*:*:*", matchCriteriaId: "6C04E2B3-094B-4828-A2FC-BB66244A9F73", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.13:*:*:*:*:*:*:*", matchCriteriaId: "4BDE3D31-4BB2-45A3-B085-8C91152A3152", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.14:*:*:*:*:*:*:*", matchCriteriaId: "CE0107D4-395E-45F1-B963-7618CCC007D1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.15:*:*:*:*:*:*:*", matchCriteriaId: "53B8E11B-4984-45A8-A107-D276205988B0", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.16:*:*:*:*:*:*:*", matchCriteriaId: "2495DB98-F923-4E60-86EC-2DBB7A98C90C", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.16.1:*:*:*:*:*:*:*", matchCriteriaId: "E186D125-996E-4900-A2B8-5CDC8B5D5136", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.16.2:*:*:*:*:*:*:*", matchCriteriaId: "27DC6CF7-4DF8-4472-A684-8CCB5E26FCFD", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.17:*:*:*:*:*:*:*", matchCriteriaId: "88576385-EF03-408B-9775-B52E6AFFE48A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.18:*:*:*:*:*:*:*", matchCriteriaId: "1A838577-2BA1-4792-8B69-6FB07FFD7727", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.18.1:*:*:*:*:*:*:*", matchCriteriaId: "CDEED3E1-13E0-46E6-8AAB-D24D2D04AE4F", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.19:*:*:*:*:*:*:*", matchCriteriaId: "ED2BF36F-CF10-4F24-970B-3D0BB7561C81", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.19:rc1:*:*:*:*:*:*", matchCriteriaId: "BFC1BB05-15C6-4829-86EB-5B1BFA4B5B17", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.19:rc2:*:*:*:*:*:*", matchCriteriaId: "AB77E88B-7233-4979-914E-24E671C1FB23", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.19:rc3:*:*:*:*:*:*", matchCriteriaId: "C4FF0F09-0268-480F-A2F3-6F8C3F323EEB", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.19:rc4:*:*:*:*:*:*", matchCriteriaId: "1CCF9CAE-674A-4833-9D5C-FCBD865BE9F6", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.19.1:*:*:*:*:*:*:*", matchCriteriaId: "FB1593E1-BF21-4DB9-A18E-9F221F3F9022", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.19.2:*:*:*:*:*:*:*", matchCriteriaId: "EC8E9FE3-FA25-4054-876E-4A3CE6E71AFF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.20:*:*:*:*:*:*:*", matchCriteriaId: "4BBAEADC-D1DE-46EF-808C-2F6D2A74D988", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.20:rc1:*:*:*:*:*:*", matchCriteriaId: "AEF8EB4B-2947-4BD3-ADF3-345AEFE85B05", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.20:rc2:*:*:*:*:*:*", matchCriteriaId: "E4476FB3-A759-49F5-ABDE-6D2A321B61BF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.20:rc3:*:*:*:*:*:*", matchCriteriaId: "DFC109C3-2F52-48BE-B07E-3D65F31C1012", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.21:*:*:*:*:*:*:*", matchCriteriaId: "E54101A9-3967-4111-8A03-DA1BB23141BE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.21:rc1:*:*:*:*:*:*", matchCriteriaId: "D8B00600-1D45-41F7-9A10-97FB39012FDF", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.21:rc2:*:*:*:*:*:*", matchCriteriaId: "D8CB2331-0F95-45E0-AF5B-0B9C74C5BA88", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.21.1:*:*:*:*:*:*:*", matchCriteriaId: "D4ADB6A7-76AC-4AE3-B1AA-9F8DFA635418", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.21.2:*:*:*:*:*:*:*", matchCriteriaId: "776BC35C-CF37-4F4E-9FD5-EC351D4C2C2D", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.22:*:*:*:*:*:*:*", matchCriteriaId: "F10DAABC-FF06-44FB-98EC-B6AD17C03FBC", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.22:rc3:*:*:*:*:*:*", matchCriteriaId: "ACA8AFD5-4C7C-4876-93CA-C5B3E881C455", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.22:rc4:*:*:*:*:*:*", matchCriteriaId: "547EEB2B-2ECA-4B00-83BB-CFAA11BE0145", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.22.1:*:*:*:*:*:*:*", matchCriteriaId: "83829E0F-C24B-4BD6-88EA-98898A9AD86E", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.22.2:*:*:*:*:*:*:*", matchCriteriaId: "D4C19141-823E-4057-A699-FD1DFF92DF38", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.23:*:*:*:*:*:*:*", matchCriteriaId: "ECE7FE41-E749-49B8-99DF-19F9E7C4827A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.23:rc1:*:*:*:*:*:*", matchCriteriaId: "4E78234B-39B6-4DB4-A10F-AA55F174D4F3", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4.23:rc2:*:*:*:*:*:*", matchCriteriaId: "3984CF42-2431-4661-B333-C6721DF7123A", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4_revision_95946:*:*:*:*:*:*:*", matchCriteriaId: "E3C6272B-D0C4-4EA5-AEE4-5A45DAA2DDE1", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.4beta:*:*:*:*:*:*:*", matchCriteriaId: "2A8012CE-4D4B-4131-87E7-16D7907E3BB3", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.6.0:beta1:*:*:*:*:*:*", matchCriteriaId: "D4F88914-6097-4AF1-8337-DCF062EB88AE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.6.0:beta2:*:*:*:*:*:*", matchCriteriaId: "8BDB49DC-5344-451E-B8D6-D02C3431CE78", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.6.0:beta3:*:*:*:*:*:*", matchCriteriaId: "B1FDA8D3-5082-479B-BA0A-F1E83D750B5F", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.6.0:beta4:*:*:*:*:*:*", matchCriteriaId: "7305910F-42BA-44CE-A7AC-B6F74200B68D", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.6.0:beta5:*:*:*:*:*:*", matchCriteriaId: "B93EB4D6-3375-44BC-870F-714A3BC00C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.6.0:beta7:*:*:*:*:*:*", matchCriteriaId: "52F60D6E-64EB-4223-8A79-595693B444C3", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.6.0:beta7.1:*:*:*:*:*:*", matchCriteriaId: "37CF29B9-4397-4298-9326-0443E666CDC8", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.6.0:beta8:*:*:*:*:*:*", matchCriteriaId: "7D85DA34-A977-4A82-8E79-7BFE064DE9EE", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.6.0:beta9:*:*:*:*:*:*", matchCriteriaId: "1476EF7B-A6F8-4B10-AF0F-986EA6BA3116", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.6.0:rc4:*:*:*:*:*:*", matchCriteriaId: "98E222F0-4CAA-4247-A00D-C6CEC2E55198", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.6.0:rc5:*:*:*:*:*:*", matchCriteriaId: "63744245-6126-47F6-B9F5-E936538140C7", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.6.0:rc6:*:*:*:*:*:*", matchCriteriaId: "C8805BEE-A4CF-45C2-B948-F1E8EF0A0886", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4E474C33-B42A-4BB8-AC57-8A9071316240", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "B83B3132-7D78-4AC3-B83A-A6A20AA28993", vulnerable: true, }, { criteria: "cpe:2.3:a:asterisk:open_source:1.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0147FCED-AE75-4945-B76E-33F2AA764B9B", vulnerable: true, }, { criteria: "cpe:2.3:h:asterisk:s800i_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "BBE03C02-BE4A-47B6-A2B4-68DAEC5AA47F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.", }, { lang: "es", value: "IAX2 en Asterisk Open Source v1.2.x anterior a v1.2.31, v1.4.x anterior a v1.4.23-rc4, y v1.6.x anterior a v1.6.0.3-rc2; Business Edition A.x.x, B.x.x anterior a B.2.5.7, C.1.x.x anterior a C.1.10.4, y C.2.x.x anterior a C.2.1.2.1; y s800i 1.2.x anterior a v1.3.0 responden de manera distinta ante un intento de acceso fallido dependiendo de si la cuenta de usuario existe, lo que permite a atacantes remotos listar nombres de usuario válidos.", }, ], evaluatorComment: "Vendor Advisory: http://downloads.digium.com/pub/security/AST-2009-001.html", id: "CVE-2009-0041", lastModified: "2024-11-21T00:58:55.977", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-01-14T23:30:00.187", references: [ { source: "cve@mitre.org", url: "http://downloads.digium.com/pub/security/AST-2009-001.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/33453", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/34982", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/37677", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/4910", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2009/dsa-1952", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/499884/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/33174", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1021549", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2009/0063", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://downloads.digium.com/pub/security/AST-2009-001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/33453", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/34982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/37677", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200905-01.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/4910", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2009/dsa-1952", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/499884/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/33174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/0063", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }