Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1390

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1390
Last Modified 05 Sep 2008 05:37:38
Published 24 Mar 2008 01:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1390

Summary

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.

Vulnerable Systems

Application

  • Asterisk 1.4 Beta

  • Asterisk 1.4 Revision 95946

  • Asterisk 1.4.1

  • Asterisk 1.4.10

  • Asterisk 1.4.11

  • Asterisk 1.4.12

  • Asterisk 1.4.13

  • Asterisk 1.4.14

  • Asterisk 1.4.15

  • Asterisk 1.4.16

  • Asterisk 1.4.17

  • Asterisk 1.4.18.1

  • Asterisk 1.4.2

  • Asterisk 1.4.3

  • Asterisk 1.4.4

  • Asterisk 1.4.5

  • Asterisk 1.4.6

  • Asterisk 1.4.7

  • Asterisk 1.4.8

  • Asterisk 1.4.9

  • Asterisk 1.6

  • Asterisk Appliance Developer Kit 0.2

  • Asterisk Appliance Developer Kit 0.3

  • Asterisk Appliance Developer Kit 0.4

  • Asterisk Appliance Developer Kit 0.5

  • Asterisk Appliance Developer Kit 0.6

  • Asterisk Appliance Developer Kit 0.7

  • Asterisk Appliance Developer Kit 0.8

  • Asterisk Appliance Developer Kit 1.4

  • Asterisk Business Edition C.1.0-beta7

  • Asterisk Business Edition C.1.0-beta8

  • Asterisk S800i 1.0

  • Asterisk S800i 1.0.1

  • Asterisk S800i 1.0.2

  • Asterisk S800i 1.0.3

  • Asterisk S800i 1.1.0

  • Asterisknow 1.0

  • Asterisknow Beta 5

  • Asterisknow Beta 6

  • Asterisknow Beta 7


References

BID - 28316

BUGTRAQ - 20080318 AST-2008-005: HTTP Manager ID is predictable

SECUNIA - 29449

CONFIRM - http://downloads.digium.com/pub/security/AST-2008-005.html

FEDORA - FEDORA-2008-2620

FEDORA - FEDORA-2008-2554

XF - asterisk-httpmanagerid-weak-security(41304)

SECTRACK - 1019679

SREASON - 3764

SECUNIA - 29470


Last Updated: 27 May 2016 10:47:08