Digium Asterisk Multiple Products IAX2 Handshake Denial of Service (CVE-2008-1897)

There exists a denial of service vulnerability in multiple Digium Asterisk products. The vulnerability is due to insufficient verification of ACK responses during IAX2 handshakes by the IAX2 protocol. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted message to...

CVE-2008-1897

The IAX2 channel driver chaniax2 in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow...

Null pointer dereference

The tcpsacktagwritequeue function in net/ipv4/tcpinput.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service crash via crafted ACK responses that trigger a NULL pointer dereference...

CVE-2007-5501

The tcpsacktagwritequeue function in net/ipv4/tcpinput.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service crash via crafted ACK responses that trigger a NULL pointer dereference...