Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5558

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5558
Last Modified 07 Mar 2011 10:14:45
Published 17 Dec 2008 12:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5558

Summary

Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.

Vulnerable Systems

Application

  • Asterisk Business Edition B.2.3.4

  • Asterisk Business Edition B.2.3.5

  • Asterisk Business Edition B.2.5.0

  • Asterisk Business Edition B.2.5.1

  • Asterisk Business Edition B.2.5.3

  • Asterisk Open Source 1.2.26

  • Asterisk Open Source 1.2.26.1

  • Asterisk Open Source 1.2.26.2

  • Asterisk Open Source 1.2.27

  • Asterisk Open Source 1.2.28

  • Asterisk Open Source 1.2.29

  • Asterisk Open Source 1.2.30

  • Asterisk Open Source 1.2.30.2

  • Asterisk Open Source 1.2.30.3


References

VUPEN - ADV-2008-3403

SECTRACK - 1021378

BID - 32773

BUGTRAQ - 20081210 AST-2008-012: Remote crash vulnerability in IAX2

SREASON - 4769

GENTOO - GLSA-200905-01

SECUNIA - 34982

SECUNIA - 32956

OSVDB - 50675

CONFIRM - http://downloads.digium.com/pub/security/AST-2008-012.html


Last Updated: 27 May 2016 10:48:50