Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3380
HistoryJun 05, 2008 - 12:00 a.m.

Asterisk SIP通道驱动远程拒绝服务漏洞

2008-06-0500:00:00
Root
www.seebug.org
10

0.013 Low

EPSS

Percentile

84.3%

JSON

CVE(CAN) ID: CVE-2008-2119

Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。

Asterisk在以pedantic模式处理SIP时,Asterisk将From头的值传送给了ast_uri_decode函数进行解码。由于没有检查From值是否为空,因此上述情况可能导致例程崩溃。

Asterisk Asterisk 1.2.x
Asterisk Asterisk 1.0.x
Asterisk Business Edition B.x.x
Asterisk Business Edition A.x.x
Asterisk

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://downloads.digium.com/pub/telephony/asterisk” target=“_blank”>http://downloads.digium.com/pub/telephony/asterisk</a>

Related

prion 1
ubuntucve 1
debiancve 1
securityvulns 2
cve 1
nessus 2
gentoo 1
openvas 2
prion
prion
Null pointer dereference
2008-06-04 19:32:00
ubuntucve
ubuntucve
CVE-2008-2119
2008-06-04 00:00:00
debiancve
debiancve
CVE-2008-2119
2008-06-04 19:32:00
securityvulns
securityvulns
AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode
2008-06-05 00:00:00
Asterisk voice server DoS
2008-06-07 00:00:00
cve
cve
CVE-2008-2119
2008-06-04 19:32:00
nessus
nessus
openSUSE 10 Security Update : asterisk (asterisk-5524)
2008-08-15 00:00:00
GLSA-200905-01 : Asterisk: Multiple vulnerabilities
2009-05-04 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2009-05-02 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200905-01 (asterisk)
2009-05-05 00:00:00
Gentoo Security Advisory GLSA 200905-01 (asterisk)
2009-05-05 00:00:00

0.013 Low

EPSS

Percentile

84.3%

JSON
Related for SSV:3380
prion1ubuntucve1debiancve1securityvulns2cve1nessus2gentoo1openvas2