Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2119

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-2119
Last Modified 07 Mar 2011 10:08:43
Published 04 Jun 2008 03:32:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2119

Summary

Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.

Vulnerable Systems

Application

  • Asterisk Business Edition B.1.3.2

  • Asterisk Business Edition B.1.3.3

  • Asterisk Business Edition B.2.2.0

  • Asterisk Business Edition B.2.2.1

  • Asterisk Business Edition B.2.3.1

  • Asterisk Business Edition B.2.3.2

  • Asterisk Business Edition B.2.3.3

  • Asterisk Business Edition B.2.3.4

  • Asterisk Business Edition B.2.5.0

  • Asterisk Business Edition B2.5.1

  • Asterisk Business Edition B2.5.2

  • Asterisk Open Source 1.0

  • Asterisk Open Source 1.0.0

  • Asterisk Open Source 1.0.1

  • Asterisk Open Source 1.0.11

  • Asterisk Open Source 1.0.11.1

  • Asterisk Open Source 1.0.12

  • Asterisk Open Source 1.0.2

  • Asterisk Open Source 1.0.3

  • Asterisk Open Source 1.0.4

  • Asterisk Open Source 1.0.5

  • Asterisk Open Source 1.0.6

  • Asterisk Open Source 1.0.7

  • Asterisk Open Source 1.0.8

  • Asterisk Open Source 1.0.9

  • Asterisk Open Source 1.2.0

  • Asterisk Open Source 1.2.0beta1

  • Asterisk Open Source 1.2.0beta2

  • Asterisk Open Source 1.2.1

  • Asterisk Open Source 1.2.10

  • Asterisk Open Source 1.2.11

  • Asterisk Open Source 1.2.12

  • Asterisk Open Source 1.2.12.1

  • Asterisk Open Source 1.2.13

  • Asterisk Open Source 1.2.14

  • Asterisk Open Source 1.2.15

  • Asterisk Open Source 1.2.16

  • Asterisk Open Source 1.2.17

  • Asterisk Open Source 1.2.18

  • Asterisk Open Source 1.2.19

  • Asterisk Open Source 1.2.2

  • Asterisk Open Source 1.2.20

  • Asterisk Open Source 1.2.21

  • Asterisk Open Source 1.2.21.1

  • Asterisk Open Source 1.2.22

  • Asterisk Open Source 1.2.23

  • Asterisk Open Source 1.2.24

  • Asterisk Open Source 1.2.25

  • Asterisk Open Source 1.2.26

  • Asterisk Open Source 1.2.26.1

  • Asterisk Open Source 1.2.26.2

  • Asterisk Open Source 1.2.27

  • Asterisk Open Source 1.2.28


References

VUPEN - ADV-2008-1731

SECTRACK - 1020166

BUGTRAQ - 20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode

CONFIRM - http://svn.digium.com/view/asterisk?view=rev&revision=120109

GENTOO - GLSA-200905-01

SECUNIA - 34982

CONFIRM - http://downloads.digium.com/pub/security/AST-2008-008.html

CONFIRM - http://bugs.digium.com/view.php?id=12607

XF - asterisk-asturidecode-dos(42823)

MILW0RM - 5749

SECUNIA - 30517


Last Updated: 27 May 2016 10:47:46