Asterisk IAX2 Protocol Verification Bug Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1019918
|
|
SecurityTracker URL: http://securitytracker.com/id?1019918
|
|
CVE Reference: CVE-2008-1897
(Links to External Site)
|
Date: Apr 23 2008
|
Impact: Denial of service via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): 1.2.x prior to 1.2.28, 1.4.x prior to 1.4.19.1
|
Description: A vulnerability was reported in Asterisk. A remote user can cause denial of service conditions.
A remote user can send a spoofed ACK response message to cause the target system to send audio connection packets to an arbitrary
system, potentially causing denial of service conditions on the arbitrary system.
The original advisory is available at:
https://www.altsci.com/concepts/page.php?s=
asteri&p=2
Joel R. Voss (aka Javantea) reported this vulnerability.
|
Impact: A remote user can cause denial of service conditions on a target system via an intermediate system.
|
Solution: The vendor has issued fixed versions (1.2.28, 1.4.19.1).
The vendor's advisory is available at:
http://downloads.digium.com/pub/security/AST-2008-006.html
|
Vendor URL: downloads.digium.com/pub/security/AST-2008-006.html (Links to External Site)
|
Cause: Authentication error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 22 Apr 2008 22:04:14 -0400
Subject: http://downloads.digium.com/pub/security/AST-2008-006.html
|
CVE-2008-1897
|
|
