Showing 1 - 3 of 3

CVE-2008-1897

Status Candidate

Overview

The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.

Related Files

Gentoo Linux Security Advisory 200905-1: Posted May 3, 2009; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200905-01 - Multiple vulnerabilities have been found in Asterisk allowing for Denial of Service and username disclosure.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2008-1897, CVE-2008-2119, CVE-2008-3263, CVE-2008-3264, CVE-2008-3903, CVE-2008-5558, CVE-2009-0041; SHA-256 | 8a221aac12797d099e480341a469baefe427ff3bc8ee0f6cb9b7b14595721e9d; Download | Favorite | View

Debian Linux Security Advisory 1563-1: Posted May 1, 2008; Authored by Debian | Site debian.org; Debian Security Advisory 1563-1 - Joel R. Voss discovered that the IAX2 module of Asterisk, a free software PBX and telephony toolkit performs insufficient validation of IAX2 protocol messages, which may lead to denial of service.; tags | advisory, denial of service, protocol; systems | linux, debian; advisories | CVE-2008-1897; SHA-256 | 97d037ca7b365b1c1889ff90e00b690dfb8d67d9335ff98918757842a39e8032; Download | Favorite | View

AST-2008-006.txt: Posted Apr 23, 2008; Authored by Javantea | Site asterisk.org; Asterisk Project Security Advisory - Javantea found multiple security issues in IAX2 including an incomplete 3-way handshake.; tags | advisory; advisories | CVE-2008-1897; SHA-256 | add784c1721895efd2acb383b937c9caa5e879556f5ec5e543e6590f319908a8; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 304 files
indoushka 142 files
Ubuntu 100 files
Gentoo 32 files
Debian 24 files
LiquidWorm 17 files
Apple 11 files
Google Security Research 8 files
malvuln 8 files
Michael Baer 3 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,144)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,608)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,085)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,928)
UNIX (9,469)
UnixWare (188)
Windows (6,784)
Other

CVE-2008-1897

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems