Asterisk Asterisk Appliance Developer Kit 0.6.0

This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor	Asterisk	First view	2007-08-09
Product	Asterisk Appliance Developer Kit	Last view	2008-07-24
Version	0.6.0	Type	Application
Update	*
Edition	*
Language	*
Sofware Edition	*
Target Software	*
Target Hardware	*
Other	*

CPE Product	cpe:2.3:a:asterisk:asterisk_appliance_developer_kit

Activity : Overall

Related : CVE

	Date	Alert	Description
7.8	2008-07-24	CVE-2008-3264	The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
4.3	2008-04-23	CVE-2008-1897	The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.
8.8	2008-03-19	CVE-2008-1332	Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
5	2008-01-07	CVE-2008-0095	The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
5	2007-08-21	CVE-2007-4455	The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.
3.5	2007-08-09	CVE-2007-4280	The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.

CWE : Common Weakness Enumeration

%	id	Name
50% (2)	CWE-287	Improper Authentication
25% (1)	CWE-399	Resource Management Errors
25% (1)	CWE-264	Permissions, Privileges, and Access Controls

Open Source Vulnerability Database (OSVDB)

id	Description
47254	Asterisk IAX2 FWDOWNL Request Spoofing Remote DoS
44649	Asterisk Open Source IAX2 Channel Driver (chan_iax2) Spoofed ACK Response Han...
43415	Asterisk SIP Channel Driver Unauthenticated Call Remote Privilege Escalation
39841	Asterisk BYE/Also Transfer Method DoS
38199	Asterisk SIP Channel Driver (chan_sip) Malformed SIP Dialog Remote DoS
38198	Asterisk Skinny Channel Driver (chan_skinny) Malformed CAPABILITIES_RES_MESSA...

OpenVAS Exploits

id	Description
2009-05-05	Name : Gentoo Security Advisory GLSA 200905-01 (asterisk) File : nvt/glsa_200905_01.nasl
2009-02-17	Name : Fedora Update for asterisk FEDORA-2008-0198 File : nvt/gb_fedora_2008_0198_asterisk_fc7.nasl
2009-02-17	Name : Fedora Update for asterisk FEDORA-2008-0199 File : nvt/gb_fedora_2008_0199_asterisk_fc8.nasl
2009-02-17	Name : Fedora Update for asterisk FEDORA-2008-3365 File : nvt/gb_fedora_2008_3365_asterisk_fc7.nasl
2009-02-17	Name : Fedora Update for asterisk FEDORA-2008-3390 File : nvt/gb_fedora_2008_3390_asterisk_fc8.nasl
2009-02-17	Name : Fedora Update for asterisk FEDORA-2008-6676 File : nvt/gb_fedora_2008_6676_asterisk_fc8.nasl
2009-02-17	Name : Fedora Update for asterisk FEDORA-2008-6853 File : nvt/gb_fedora_2008_6853_asterisk_fc9.nasl
2009-02-16	Name : Fedora Update for asterisk FEDORA-2008-2554 File : nvt/gb_fedora_2008_2554_asterisk_fc8.nasl
2009-02-16	Name : Fedora Update for asterisk FEDORA-2008-2620 File : nvt/gb_fedora_2008_2620_asterisk_fc7.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200804-13 (asterisk) File : nvt/glsa_200804_13.nasl
2008-05-12	Name : Debian Security Advisory DSA 1563-1 (asterisk) File : nvt/deb_1563_1.nasl
2008-03-27	Name : Debian Security Advisory DSA 1525-1 (asterisk) File : nvt/deb_1525_1.nasl

Snort® IPS/IDS

Date	Description
2015-03-17	Digium Asterisk SIP channel driver denial of service attempt RuleID : 33445 - Type : PROTOCOL-VOIP - Revision : 2
2014-01-10	Digium Asterisk SCCP capabilities response message capabilities count overflo... RuleID : 21672 - Type : PROTOCOL-VOIP - Revision : 4
2014-01-10	Digium Asterisk IAX2 ack response denial of service attempt RuleID : 16445 - Type : PROTOCOL-VOIP - Revision : 11

Nessus® Vulnerability Scanner

id	Description
2009-05-04	Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200905-01.nasl - Type: ACT_GATHER_INFO
2008-08-15	Name: The remote openSUSE host is missing a security update. File: suse_asterisk-5524.nasl - Type: ACT_GATHER_INFO
2008-07-31	Name: The remote Fedora host is missing a security update. File: fedora_2008-6853.nasl - Type: ACT_GATHER_INFO
2008-07-24	Name: The remote VoIP service can be abused to conduct an amplification attack agai... File: asterisk_iax2_spoofed_fwdownl.nasl - Type: ACT_ATTACK
2008-07-24	Name: The remote Fedora host is missing a security update. File: fedora_2008-6676.nasl - Type: ACT_GATHER_INFO
2008-05-07	Name: It is possible to bypass authentication and make calls using the remote VoIP ... File: asterisk_sip_auth_bypass.nasl - Type: ACT_ATTACK
2008-05-06	Name: The remote VoIP service can be abused to conduct an amplification attack agai... File: asterisk_iax2_spoofed_handshake.nasl - Type: ACT_ATTACK
2008-05-02	Name: The remote Debian host is missing a security-related update. File: debian_DSA-1563.nasl - Type: ACT_GATHER_INFO
2008-05-01	Name: The remote Fedora host is missing a security update. File: fedora_2008-3365.nasl - Type: ACT_GATHER_INFO
2008-05-01	Name: The remote Fedora host is missing a security update. File: fedora_2008-3390.nasl - Type: ACT_GATHER_INFO
2008-04-17	Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200804-13.nasl - Type: ACT_GATHER_INFO
2008-04-17	Name: The remote openSUSE host is missing a security update. File: suse_asterisk-5169.nasl - Type: ACT_GATHER_INFO
2008-03-26	Name: The remote Fedora host is missing a security update. File: fedora_2008-2554.nasl - Type: ACT_GATHER_INFO
2008-03-26	Name: The remote Fedora host is missing a security update. File: fedora_2008-2620.nasl - Type: ACT_GATHER_INFO
2008-03-21	Name: The remote Debian host is missing a security-related update. File: debian_DSA-1525.nasl - Type: ACT_GATHER_INFO
2008-01-04	Name: The remote Fedora host is missing a security update. File: fedora_2008-0199.nasl - Type: ACT_GATHER_INFO
2008-01-04	Name: The remote Fedora host is missing a security update. File: fedora_2008-0198.nasl - Type: ACT_GATHER_INFO

Copyright Security-Database 2006-2025 - Powered by themself ;) in 0.0104s

Facebook rss twitter linkedin mail