Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3074
HistoryMar 21, 2008 - 12:00 a.m.

Asterisk绕过呼叫认证漏洞

2008-03-2100:00:00
Root
www.seebug.org
33

0.024 Low

EPSS

Percentile

88.7%

JSON

BUGTRAQ ID: 28310
CVE(CAN) ID: CVE-2008-1332

Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。

Asterisk在处理呼叫选项时存在漏洞,远程攻击者可能利用此漏洞执行非授权操作。

远程攻击者可以通过SIP通道驱动使用无效的From头执行非授权呼叫,这种操作类似于SIP配置选项allowguest=yes,也就是带有特制From头的呼叫会发送给sip.conf的通用部分所指定环境中的PBX。

Asterisk Asterisk 1.4.x
Asterisk Asterisk 1.2.x
Asterisk Asterisk 1.0.x
Asterisk Business Edition C.x.x
Asterisk Business Edition B.x.x
Asterisk Business Edition A.x.x
Asterisk AsteriskNOW 1.0.x
Asterisk Appliance Developer Kit SVN
Asterisk s800i 1.0.x
Asterisk

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://downloads.digium.com/pub/telephony/asterisk” target=“_blank”>http://downloads.digium.com/pub/telephony/asterisk</a>
<a href=“http://www.asterisknow.org/” target=“_blank”>http://www.asterisknow.org/</a>

Related

cve 1
debiancve 1
cvelist 1
redhatcve 1
nessus 6
prion 1
securityvulns 2
ubuntucve 1
osv 1
openvas 8
fedora 2
debian 1
gentoo 1
cve
cve
CVE-2008-1332
2008-03-20 00:44:00
debiancve
debiancve
CVE-2008-1332
2008-03-20 00:44:00
cvelist
cvelist
CVE-2008-1332
2008-03-20 00:00:00
redhatcve
redhatcve
CVE-2008-1332
2019-10-04 21:57:53
nessus
nessus
Asterisk SIP Remote Authentication Bypass
2008-05-07 00:00:00
openSUSE 10 Security Update : asterisk (asterisk-5169)
2008-04-17 00:00:00
Fedora 7 : asterisk-1.4.18.1-1.fc7 (2008-2620)
2008-03-26 00:00:00
prion
prion
Code injection
2008-03-20 00:44:00
securityvulns
securityvulns
AST-2008-003: Unauthenticated calls allowed from SIP channel driver
2008-03-19 00:00:00
Asterisk multiple security vulnerabilities
2008-03-21 00:00:00
ubuntucve
ubuntucve
CVE-2008-1332
2008-03-20 00:00:00
osv
osv
asterisk
2008-03-20 00:00:00
openvas
openvas
Debian Security Advisory DSA 1525-1 (asterisk)
2008-03-27 00:00:00
Gentoo Security Advisory GLSA 200804-13 (asterisk)
2008-09-24 00:00:00
Fedora Update for asterisk FEDORA-2008-2554
2009-02-16 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: asterisk-1.4.18.1-1.fc7
2008-03-21 22:15:10
[SECURITY] Fedora 8 Update: asterisk-1.4.18.1-1.fc8
2008-03-21 22:03:59
debian
debian
[SECURITY] [DSA 1525-1] New asterisk packages fix several vulnerabilities
2008-03-20 11:26:26
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2008-04-14 00:00:00

0.024 Low

EPSS

Percentile

88.7%

JSON
Related for SSV:3074
cve1debiancve1cvelist1redhatcve1nessus6prion1securityvulns2ubuntucve1osv1openvas8fedora2debian1gentoo1