Summary
| Detail | |||
|---|---|---|---|
| Vendor | Asterisk | First view | 2008-03-24 |
| Product | Open Source | Last view | 2009-09-08 |
| Version | 1.4.19.2 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:asterisk:open_source | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2009-09-08 | CVE-2009-2346 | The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263. |
| 5 | 2009-01-14 | CVE-2009-0041 | IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. |
| 7.5 | 2008-03-24 | CVE-2008-1289 | Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 66% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 33% (1) | CWE-200 | Information Exposure |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 57762 | Asterisk IAX2 Call Number Resource Exhaustion Remote DoS |
| 51373 | Asterisk IAX2 User Account Enumeration Weakness |
| 43416 | Asterisk RTP Payload Handling Multiple Remote Overflows |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-20 (asterisk) File : nvt/glsa_201006_20.nasl |
| 2009-12-30 | Name : Debian Security Advisory DSA 1952-1 (asterisk) File : nvt/deb_1952_1.nasl |
| 2009-12-14 | Name : Fedora Core 10 FEDORA-2009-12461 (asterisk) File : nvt/fcore_2009_12461.nasl |
| 2009-12-03 | Name : Fedora Core 10 FEDORA-2009-11126 (asterisk) File : nvt/fcore_2009_11126.nasl |
| 2009-09-28 | Name : Fedora Core 10 FEDORA-2009-9374 (asterisk) File : nvt/fcore_2009_9374.nasl |
| 2009-09-28 | Name : Fedora Core 11 FEDORA-2009-9405 (asterisk) File : nvt/fcore_2009_9405.nasl |
| 2009-09-18 | Name : Asterisk IAX2 Call Number Exhaustion DOS Vulnerability (Linux) File : nvt/secpod_asterisk_iax2_call_number_dos_vuln.nasl |
| 2009-05-05 | Name : Gentoo Security Advisory GLSA 200905-01 (asterisk) File : nvt/glsa_200905_01.nasl |
| 2009-02-16 | Name : Fedora Update for asterisk FEDORA-2008-2554 File : nvt/gb_fedora_2008_2554_asterisk_fc8.nasl |
| 2009-02-16 | Name : Fedora Update for asterisk FEDORA-2008-2620 File : nvt/gb_fedora_2008_2620_asterisk_fc7.nasl |
| 2009-02-13 | Name : Fedora Core 9 FEDORA-2009-0973 (asterisk) File : nvt/fcore_2009_0973.nasl |
| 2009-02-13 | Name : Fedora Core 10 FEDORA-2009-0984 (asterisk) File : nvt/fcore_2009_0984.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Digium Asterisk IAX2 call number denial of service RuleID : 21608 - Type : PROTOCOL-VOIP - Revision : 4 |
| 2014-01-10 | Digium Asterisk Attribute header rtpmap field buffer overflow attempt RuleID : 20392 - Type : PROTOCOL-VOIP - Revision : 10 |
| 2014-01-10 | Digium Asterisk Attribute header rtpmap field buffer overflow attempt RuleID : 20391 - Type : PROTOCOL-VOIP - Revision : 10 |
| 2014-01-10 | Attribute header rtpmap field invalid payload type RuleID : 20390 - Type : PROTOCOL-VOIP - Revision : 9 |
| 2014-01-10 | Attribute header rtpmap field invalid payload type RuleID : 13693 - Type : PROTOCOL-VOIP - Revision : 12 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2010-06-04 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201006-20.nasl - Type: ACT_GATHER_INFO |
| 2010-02-24 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1952.nasl - Type: ACT_GATHER_INFO |
| 2009-09-28 | Name: The remote Fedora host is missing a security update. File: fedora_2009-9374.nasl - Type: ACT_GATHER_INFO |
| 2009-09-28 | Name: The remote Fedora host is missing a security update. File: fedora_2009-9405.nasl - Type: ACT_GATHER_INFO |
| 2009-09-08 | Name: The remote VoIP service is susceptible to a denial of service attack. File: asterisk_iax2_call_number_dos.nasl - Type: ACT_GATHER_INFO |
| 2009-05-04 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200905-01.nasl - Type: ACT_GATHER_INFO |
| 2009-04-23 | Name: The remote Fedora host is missing a security update. File: fedora_2009-0984.nasl - Type: ACT_GATHER_INFO |
| 2009-02-13 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2009-0973.nasl - Type: ACT_GATHER_INFO |
| 2008-03-26 | Name: The remote Fedora host is missing a security update. File: fedora_2008-2554.nasl - Type: ACT_GATHER_INFO |
| 2008-03-26 | Name: The remote Fedora host is missing a security update. File: fedora_2008-2620.nasl - Type: ACT_GATHER_INFO |
