3 matches found
Asterisk IAX2 Multiple Method Handshake Spoofing DoS
The version of Asterisk running on the remote host does not properly validate an IAX2 handshake. By spoofing NEW and ACK messages, an unauthenticated, remote attacker may be able to leverage this issue to flood a third-party host with packets from the affected host containing audio data. C Tenabl...
Code injection
The IAX2 channel driver chaniax2 in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow...
CVE-2008-1923
The CVE-2008-1923 issue affects the IAX2 channel driver (chan_iax2) in Asterisk 1.2.x (before r72630) and 1.4.x (before r65679). When configured to allow unauthenticated calls, it sends early audio to an unverified source IP address of a NEW message, enabling remote attackers to trigger a denial ...