Summary
| Detail | |||
|---|---|---|---|
| Vendor | Asterisk | First view | 2007-05-07 |
| Product | Asterisk | Last view | 2009-09-08 |
| Version | c.1.10.5 | Type | Application |
| Update | * | ||
| Edition | business | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:asterisk:asterisk | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2009-09-08 | CVE-2009-2346 | The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263. |
| 5 | 2007-08-21 | CVE-2007-4455 | The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created. |
| 3.5 | 2007-08-09 | CVE-2007-4280 | The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population. |
| 10 | 2007-05-07 | CVE-2007-2488 | The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 57762 | Asterisk IAX2 Call Number Resource Exhaustion Remote DoS |
| 38199 | Asterisk SIP Channel Driver (chan_sip) Malformed SIP Dialog Remote DoS |
| 38198 | Asterisk Skinny Channel Driver (chan_skinny) Malformed CAPABILITIES_RES_MESSA... |
| 35769 | Asterisk IAX2 Channel Driver (chan_iax2) Remote Memory Disclosure |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-20 (asterisk) File : nvt/glsa_201006_20.nasl |
| 2009-09-28 | Name : Fedora Core 10 FEDORA-2009-9374 (asterisk) File : nvt/fcore_2009_9374.nasl |
| 2009-09-28 | Name : Fedora Core 11 FEDORA-2009-9405 (asterisk) File : nvt/fcore_2009_9405.nasl |
| 2009-09-18 | Name : Asterisk IAX2 Call Number Exhaustion DOS Vulnerability (Linux) File : nvt/secpod_asterisk_iax2_call_number_dos_vuln.nasl |
| 2009-01-28 | Name : SuSE Update for asterisk SUSE-SA:2007:034 File : nvt/gb_suse_2007_034.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1358-1 (asterisk) File : nvt/deb_1358_1.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Digium Asterisk SCCP capabilities response message capabilities count overflo... RuleID : 21672 - Type : PROTOCOL-VOIP - Revision : 4 |
| 2014-01-10 | Digium Asterisk IAX2 call number denial of service RuleID : 21608 - Type : PROTOCOL-VOIP - Revision : 4 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2010-06-04 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201006-20.nasl - Type: ACT_GATHER_INFO |
| 2009-09-28 | Name: The remote Fedora host is missing a security update. File: fedora_2009-9374.nasl - Type: ACT_GATHER_INFO |
| 2009-09-28 | Name: The remote Fedora host is missing a security update. File: fedora_2009-9405.nasl - Type: ACT_GATHER_INFO |
| 2009-09-08 | Name: The remote VoIP service is susceptible to a denial of service attack. File: asterisk_iax2_call_number_dos.nasl - Type: ACT_GATHER_INFO |
| 2007-10-17 | Name: The remote openSUSE host is missing a security update. File: suse_asterisk-3543.nasl - Type: ACT_GATHER_INFO |
| 2007-08-28 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1358.nasl - Type: ACT_GATHER_INFO |
