Executive Summary

Informations
NameCVE-2008-1332First vendor Publication2008-03-19
VendorCveLast vendor Modification2018-10-11

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:N)
Cvss Base Score8.8Attack RangeNetwork
Cvss Impact Score9.2Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1332

CWE : Common Weakness Enumeration

%idName
100 %CWE-264Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application15
Application12
Application24
Application5
Application133
Application7

OpenVAS Exploits

DateDescription
2009-02-16Name : Fedora Update for asterisk FEDORA-2008-2554
File : nvt/gb_fedora_2008_2554_asterisk_fc8.nasl
2009-02-16Name : Fedora Update for asterisk FEDORA-2008-2620
File : nvt/gb_fedora_2008_2620_asterisk_fc7.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200804-13 (asterisk)
File : nvt/glsa_200804_13.nasl
2008-03-27Name : Debian Security Advisory DSA 1525-1 (asterisk)
File : nvt/deb_1525_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
43415Asterisk SIP Channel Driver Unauthenticated Call Remote Privilege Escalation

Nessus® Vulnerability Scanner

DateDescription
2008-05-07Name : It is possible to bypass authentication and make calls using the remote VoIP ...
File : asterisk_sip_auth_bypass.nasl - Type : ACT_ATTACK
2008-04-17Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200804-13.nasl - Type : ACT_GATHER_INFO
2008-04-17Name : The remote openSUSE host is missing a security update.
File : suse_asterisk-5169.nasl - Type : ACT_GATHER_INFO
2008-03-26Name : The remote Fedora host is missing a security update.
File : fedora_2008-2554.nasl - Type : ACT_GATHER_INFO
2008-03-26Name : The remote Fedora host is missing a security update.
File : fedora_2008-2620.nasl - Type : ACT_GATHER_INFO
2008-03-21Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1525.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/28310
BUGTRAQ http://www.securityfocus.com/archive/1/489818/100/0/threaded
CONFIRM http://downloads.digium.com/pub/security/AST-2008-003.html
http://www.asterisk.org/node/48466
DEBIAN http://www.debian.org/security/2008/dsa-1525
FEDORA https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html
GENTOO http://security.gentoo.org/glsa/glsa-200804-13.xml
SECTRACK http://securitytracker.com/id?1019629
SUSE http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html
VUPEN http://www.vupen.com/english/advisories/2008/0928
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/41308

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
DateInformations
2018-10-12 00:20:16
  • Multiple Updates
2017-08-08 09:23:57
  • Multiple Updates
2016-04-26 17:13:44
  • Multiple Updates
2014-02-17 10:44:15
  • Multiple Updates
2013-05-11 00:12:32
  • Multiple Updates