Summary
Detail | |||
---|---|---|---|
Vendor | Asterisk | First view | 2007-05-07 |
Product | Asterisk | Last view | 2009-09-08 |
Version | c.1.10.5 | Type | Application |
Update | * | ||
Edition | business | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:asterisk:asterisk |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.8 | 2009-09-08 | CVE-2009-2346 | The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263. |
5 | 2007-08-21 | CVE-2007-4455 | The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created. |
3.5 | 2007-08-09 | CVE-2007-4280 | The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population. |
10 | 2007-05-07 | CVE-2007-2488 | The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
57762 | Asterisk IAX2 Call Number Resource Exhaustion Remote DoS |
38199 | Asterisk SIP Channel Driver (chan_sip) Malformed SIP Dialog Remote DoS |
38198 | Asterisk Skinny Channel Driver (chan_skinny) Malformed CAPABILITIES_RES_MESSA... |
35769 | Asterisk IAX2 Channel Driver (chan_iax2) Remote Memory Disclosure |
OpenVAS Exploits
id | Description |
---|---|
2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-20 (asterisk) File : nvt/glsa_201006_20.nasl |
2009-09-28 | Name : Fedora Core 10 FEDORA-2009-9374 (asterisk) File : nvt/fcore_2009_9374.nasl |
2009-09-28 | Name : Fedora Core 11 FEDORA-2009-9405 (asterisk) File : nvt/fcore_2009_9405.nasl |
2009-09-18 | Name : Asterisk IAX2 Call Number Exhaustion DOS Vulnerability (Linux) File : nvt/secpod_asterisk_iax2_call_number_dos_vuln.nasl |
2009-01-28 | Name : SuSE Update for asterisk SUSE-SA:2007:034 File : nvt/gb_suse_2007_034.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1358-1 (asterisk) File : nvt/deb_1358_1.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Digium Asterisk SCCP capabilities response message capabilities count overflo... RuleID : 21672 - Type : PROTOCOL-VOIP - Revision : 4 |
2014-01-10 | Digium Asterisk IAX2 call number denial of service RuleID : 21608 - Type : PROTOCOL-VOIP - Revision : 4 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2010-06-04 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201006-20.nasl - Type: ACT_GATHER_INFO |
2009-09-28 | Name: The remote Fedora host is missing a security update. File: fedora_2009-9374.nasl - Type: ACT_GATHER_INFO |
2009-09-28 | Name: The remote Fedora host is missing a security update. File: fedora_2009-9405.nasl - Type: ACT_GATHER_INFO |
2009-09-08 | Name: The remote VoIP service is susceptible to a denial of service attack. File: asterisk_iax2_call_number_dos.nasl - Type: ACT_GATHER_INFO |
2007-10-17 | Name: The remote openSUSE host is missing a security update. File: suse_asterisk-3543.nasl - Type: ACT_GATHER_INFO |
2007-08-28 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1358.nasl - Type: ACT_GATHER_INFO |