Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2543

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-2543
Last Modified 07 Mar 2011 10:09:21
Published 05 Jun 2008 04:32:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2543

Summary

The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets.

Vulnerable Systems

Application

  • Asterisk-addons 1.2.0

  • Asterisk-addons 1.2.1

  • Asterisk-addons 1.2.2

  • Asterisk-addons 1.2.3

  • Asterisk-addons 1.2.4

  • Asterisk-addons 1.2.5

  • Asterisk-addons 1.2.6

  • Asterisk-addons 1.2.7

  • Asterisk-addons 1.2.8

  • Asterisk-addons 1.4.0

  • Asterisk-addons 1.4.1

  • Asterisk-addons 1.4.2

  • Asterisk-addons 1.4.3

  • Asterisk-addons 1.4.4

  • Asterisk-addons 1.4.5

  • Asterisk-addons 1.4.6


References

XF - asterisk-addons-ooh323-dos(42869)

VUPEN - ADV-2008-1747

BID - 29567

BUGTRAQ - 20080604 AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver

BUGTRAQ - 20080604 AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

SECTRACK - 1020202

SECUNIA - 30555

CONFIRM - http://downloads.digium.com/pub/security/AST-2008-009.html


Last Updated: 27 May 2016 10:47:54