11 matches found
CVE-2008-1897
The CVE-2008-1897 issue affects the IAX2 channel driver in Asterisk Open Source (various 1.0.x, 1.2.x before 1.2.28, 1.4.x before 1.4.19.1; AsteriskNOW; Business Editions; and s800i prior to listed versions). The vulnerability arises when unauthenticated calls are allowed and the ACK response doe...
CVE-2008-1332
CVE-2008-1332 affects Asterisk and several build variants (1.2.x up to 1.2.27; 1.4.x up to 1.4.18.1 and 1.4.19-rc3; AsteriskNOW, Business/Community editions, Appliance Kit, s800i) and allows remote attackers to access the SIP channel driver via a crafted From header, bypassing authentication. Con...
CVE-2007-6430
CVE-2007-6430 affects Asterisk Open Source 1.2.x (before 1.2.26), 1.4.x (before 1.4.16), and Business Edition B.x.x (before B.2.3.6) and C.x.x (before C.1.0-beta8). The issue is that when using realtime (database-based registrations) and host-based authentication, the system does not check the IP...
CVE-2009-0041
CVE-2009-0041 affects Asterisk Open Source (IAX2) across multiple branches (1.2.x, 1.4.x, 1.6.x and related Business Edition lines) and allows remote attackers to enumerate valid usernames by differing responses to login attempts. The Debian advisory (DSA-1952-1) lists CVE-2009-0041 among several...
CVE-2008-5558
CVE-2008-5558 affects Asterisk Open Source 1.2.26–1.2.30.3 and related Business Edition 2.3.5–2.5.5 when realtime IAX2 users are enabled. The vulnerability allows remote attackers to cause a denial of service (crash) during authentication attempts with an unknown user or with a hostname-matching ...
CVE-2008-1390
CVE-2008-1390 affects the AsteriskGUI HTTP server as used in Asterisk Open Source 1.4.x (before 1.4.19-rc3) and 1.6.x (before 1.6.0-beta6), plus various bundles. The vulnerability arises from generating insufficiently random manager ID values, which can allow remote attackers to hijack a manager ...
CVE-2008-3264
CVE-2008-3264 describes a DoS via the IAX2 FWDOWNL (firmware download) path in Asterisk and related packages. Affected: Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer...
CVE-2008-0095
Asterisk Open Source 1.4.x (and related editions) is affected by a remote DoS via a crafted BYE message containing an Also header, triggering a NULL pointer dereference and daemon crash. The vulnerable range includes 1.4.x before 1.4.17, with affected builds in Business Edition before C.1.0-beta8...
CVE-2008-2119
CVE-2008-2119 affects Asterisk Open Source 1.0.x and 1.2.x (pre-1.2.29) and Business Edition A.x.x/B.x.x (pre-B.2.5.3). In pedantic parsing, From header null/empty values are fed to ast_uri_decode, causing a remote DoS (daemon crash). OpenVAS/Gentoo advisories document this and recommend upgradin...
CVE-2008-1289
CVE-2008-1289 describes memory corruption in Asterisk via RTP payload handling and SDP processing. Specifically, multiple buffer overflows allow remote attackers to write arbitrary memory: (1) by sending a large RTP payload number to affect ast_rtp_unset_m_type in main/rtp.c, and (2) by a large v...
CVE-2008-1923
The CVE-2008-1923 issue affects the IAX2 channel driver (chan_iax2) in Asterisk 1.2.x (before r72630) and 1.4.x (before r65679). When configured to allow unauthenticated calls, it sends early audio to an unverified source IP address of a NEW message, enabling remote attackers to trigger a denial ...