Vulnerability CVE-2008-1332


Published: 2008-03-19   Modified: 2012-02-12

Description:
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Asterisk
Product: Asterisk business edition 
Version:
c.1.6.1
b.2.5.0
a
See more versions on NVD
Product: Asterisk 
Version:
c.1.6.1
c.1.6
c.1.0_beta8
c.1.0_beta7
b.2.3.6
b.2.3.5
b.2.3.4
b.2.3.3
b.2.3.2
b.2.3.1
b.2.2.1
b.2.2.0
b.1.3.3
b.1.3.2
a
See more versions on NVD
Product: Open source 
Version:
1.4.19
1.4.18
1.4.17
1.4.16.2
1.4.16.1
1.4.16
1.4.15
1.4.14
1.4.13
1.4.12.1
1.4.12
1.4.11
1.4.10.1
1.4.10
1.4.1
1.4.0
1.2.9.1
1.2.9
1.2.8
1.2.7.1
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.26.2
1.2.26.1
1.2.26
1.2.25
1.2.24
1.2.23
1.2.22
1.2.21.1
1.2.21
1.2.20
1.2.2
1.2.19
1.2.18
1.2.17
1.2.16
1.2.15
1.2.14
1.2.13
1.2.12.1
1.2.12
1.2.11
1.2.10
1.2.1
1.2.0beta2
1.2.0
1.0.9
1.0.8
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3.4
1.0.3
1.0.2
1.0.12
1.0.11.1
1.0.11
1.0.1
1.0.0
1.0
See more versions on NVD
Product: Asterisk appliance developer kit 
Version:
1.4
1.3
0.8
0.7
0.6.0
0.6
0.5
0.4
See more versions on NVD
Product: S800i 
Version:
1.1.0.1
1.1.0
1.0.3.3
1.0.3
1.0.2
1.0.1
1.0
See more versions on NVD
Product: Asterisknow 
Version: 1.0.1; 1.0;

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.8/10
9.2/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
None

 References:
http://downloads.digium.com/pub/security/AST-2008-003.html
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html
http://security.gentoo.org/glsa/glsa-200804-13.xml
http://securitytracker.com/id?1019629
http://www.asterisk.org/node/48466
http://www.debian.org/security/2008/dsa-1525
http://www.securityfocus.com/archive/1/489818/100/0/threaded
http://www.securityfocus.com/bid/28310
http://www.vupen.com/english/advisories/2008/0928
https://exchange.xforce.ibmcloud.com/vulnerabilities/41308
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html

Related CVE
CVE-2017-9358
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing a infinite loop and ...
CVE-2016-9937
An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsi...
CVE-2016-9938
An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for white...
CVE-2014-8418
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain...
CVE-2014-8417
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDG...
CVE-2014-8416
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE wi...
CVE-2014-8415
Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued ...
CVE-2014-8414
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions t...

Copyright 2019, cxsecurity.com

 

Back to Top