Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for asterisk_business_edition by asterisk

    CVE-2009-0041 (GCVE-0-2009-0041)

    Vulnerability from nvd – Published: 2009-01-14 23:00 – Updated: 2024-08-07 04:17
    VLAI
    Summary
    IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200905-01.xml vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/archive/1/499884/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/33453 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/4910 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/33174 vdb-entryx_refsource_BID
    http://secunia.com/advisories/37677 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2009/dsa-1952 vendor-advisoryx_refsource_DEBIAN
    http://www.securitytracker.com/id?1021549 vdb-entryx_refsource_SECTRACK
    http://downloads.digium.com/pub/security/AST-2009… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2009/0063 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/34982 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2009-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:17:10.507Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200905-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
              },
              {
                "name": "20090108 AST-2009-001: Information leak in IAX2 authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
              },
              {
                "name": "33453",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33453"
              },
              {
                "name": "4910",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4910"
              },
              {
                "name": "33174",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33174"
              },
              {
                "name": "37677",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37677"
              },
              {
                "name": "DSA-1952",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1952"
              },
              {
                "name": "1021549",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021549"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
              },
              {
                "name": "ADV-2009-0063",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0063"
              },
              {
                "name": "34982",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34982"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200905-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
            },
            {
              "name": "20090108 AST-2009-001: Information leak in IAX2 authentication",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
            },
            {
              "name": "33453",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33453"
            },
            {
              "name": "4910",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4910"
            },
            {
              "name": "33174",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33174"
            },
            {
              "name": "37677",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37677"
            },
            {
              "name": "DSA-1952",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1952"
            },
            {
              "name": "1021549",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021549"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
            },
            {
              "name": "ADV-2009-0063",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0063"
            },
            {
              "name": "34982",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34982"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0041",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200905-01",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
                },
                {
                  "name": "20090108 AST-2009-001: Information leak in IAX2 authentication",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
                },
                {
                  "name": "33453",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33453"
                },
                {
                  "name": "4910",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4910"
                },
                {
                  "name": "33174",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33174"
                },
                {
                  "name": "37677",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37677"
                },
                {
                  "name": "DSA-1952",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1952"
                },
                {
                  "name": "1021549",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021549"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2009-001.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
                },
                {
                  "name": "ADV-2009-0063",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0063"
                },
                {
                  "name": "34982",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34982"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0041",
        "datePublished": "2009-01-14T23:00:00.000Z",
        "dateReserved": "2009-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:17:10.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-5558 (GCVE-0-2008-5558)

    Vulnerability from nvd – Published: 2008-12-17 17:00 – Updated: 2024-08-07 10:56
    VLAI
    Summary
    Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/32773 vdb-entryx_refsource_BID
    http://security.gentoo.org/glsa/glsa-200905-01.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/32956 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/50675 vdb-entryx_refsource_OSVDB
    http://securityreason.com/securityalert/4769 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/499117/100… mailing-listx_refsource_BUGTRAQ
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/3403 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/34982 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1021378 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-12-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:56:47.072Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32773",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32773"
              },
              {
                "name": "GLSA-200905-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
              },
              {
                "name": "32956",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32956"
              },
              {
                "name": "50675",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/50675"
              },
              {
                "name": "4769",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4769"
              },
              {
                "name": "20081210 AST-2008-012: Remote crash vulnerability in IAX2",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/499117/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-012.html"
              },
              {
                "name": "ADV-2008-3403",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3403"
              },
              {
                "name": "34982",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34982"
              },
              {
                "name": "1021378",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021378"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32773",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32773"
            },
            {
              "name": "GLSA-200905-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
            },
            {
              "name": "32956",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32956"
            },
            {
              "name": "50675",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/50675"
            },
            {
              "name": "4769",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4769"
            },
            {
              "name": "20081210 AST-2008-012: Remote crash vulnerability in IAX2",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/499117/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-012.html"
            },
            {
              "name": "ADV-2008-3403",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3403"
            },
            {
              "name": "34982",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34982"
            },
            {
              "name": "1021378",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021378"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-5558",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32773",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32773"
                },
                {
                  "name": "GLSA-200905-01",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
                },
                {
                  "name": "32956",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32956"
                },
                {
                  "name": "50675",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/50675"
                },
                {
                  "name": "4769",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4769"
                },
                {
                  "name": "20081210 AST-2008-012: Remote crash vulnerability in IAX2",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/499117/100/0/threaded"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-012.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-012.html"
                },
                {
                  "name": "ADV-2008-3403",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3403"
                },
                {
                  "name": "34982",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34982"
                },
                {
                  "name": "1021378",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021378"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-5558",
        "datePublished": "2008-12-17T17:00:00.000Z",
        "dateReserved": "2008-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:56:47.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3264 (GCVE-0-2008-3264)

    Vulnerability from nvd – Published: 2008-07-24 15:18 – Updated: 2024-08-07 09:28
    VLAI
    Summary
    The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1020536 vdb-entryx_refsource_SECTRACK
    http://security.gentoo.org/glsa/glsa-200905-01.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/31194 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/2168… vdb-entryx_refsource_VUPEN
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/31178 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/30350 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/494676/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/34982 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:28:41.869Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1020536",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020536"
              },
              {
                "name": "GLSA-200905-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
              },
              {
                "name": "31194",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31194"
              },
              {
                "name": "ADV-2008-2168",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2168/references"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
              },
              {
                "name": "FEDORA-2008-6676",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
              },
              {
                "name": "31178",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31178"
              },
              {
                "name": "asterisk-downloadprotocol-dos(43955)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
              },
              {
                "name": "30350",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30350"
              },
              {
                "name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
              },
              {
                "name": "34982",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34982"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1020536",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020536"
            },
            {
              "name": "GLSA-200905-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
            },
            {
              "name": "31194",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31194"
            },
            {
              "name": "ADV-2008-2168",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2168/references"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
            },
            {
              "name": "FEDORA-2008-6676",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
            },
            {
              "name": "31178",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31178"
            },
            {
              "name": "asterisk-downloadprotocol-dos(43955)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
            },
            {
              "name": "30350",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30350"
            },
            {
              "name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
            },
            {
              "name": "34982",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34982"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3264",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1020536",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020536"
                },
                {
                  "name": "GLSA-200905-01",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
                },
                {
                  "name": "31194",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31194"
                },
                {
                  "name": "ADV-2008-2168",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2168/references"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-011.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
                },
                {
                  "name": "FEDORA-2008-6676",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
                },
                {
                  "name": "31178",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31178"
                },
                {
                  "name": "asterisk-downloadprotocol-dos(43955)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
                },
                {
                  "name": "30350",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30350"
                },
                {
                  "name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
                },
                {
                  "name": "34982",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34982"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3264",
        "datePublished": "2008-07-24T15:18:00.000Z",
        "dateReserved": "2008-07-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:28:41.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2119 (GCVE-0-2008-2119)

    Vulnerability from nvd – Published: 2008-06-04 19:17 – Updated: 2024-08-07 08:49
    VLAI
    Summary
    Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200905-01.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/30517 third-party-advisoryx_refsource_SECUNIA
    https://www.exploit-db.com/exploits/5749 exploitx_refsource_EXPLOIT-DB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://bugs.digium.com/view.php?id=12607 x_refsource_CONFIRM
    http://www.securitytracker.com/id?1020166 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/493020/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2008/1731 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/34982 third-party-advisoryx_refsource_SECUNIA
    http://svn.digium.com/view/asterisk?view=rev&revi… x_refsource_CONFIRM
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    Date Public
    2008-06-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:49:58.663Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200905-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
              },
              {
                "name": "30517",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30517"
              },
              {
                "name": "5749",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5749"
              },
              {
                "name": "asterisk-asturidecode-dos(42823)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.digium.com/view.php?id=12607"
              },
              {
                "name": "1020166",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020166"
              },
              {
                "name": "20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493020/100/0/threaded"
              },
              {
                "name": "ADV-2008-1731",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1731"
              },
              {
                "name": "34982",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34982"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://svn.digium.com/view/asterisk?view=rev\u0026revision=120109"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-008.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200905-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
            },
            {
              "name": "30517",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30517"
            },
            {
              "name": "5749",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5749"
            },
            {
              "name": "asterisk-asturidecode-dos(42823)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.digium.com/view.php?id=12607"
            },
            {
              "name": "1020166",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020166"
            },
            {
              "name": "20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493020/100/0/threaded"
            },
            {
              "name": "ADV-2008-1731",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1731"
            },
            {
              "name": "34982",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34982"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://svn.digium.com/view/asterisk?view=rev\u0026revision=120109"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-008.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2119",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200905-01",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
                },
                {
                  "name": "30517",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30517"
                },
                {
                  "name": "5749",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5749"
                },
                {
                  "name": "asterisk-asturidecode-dos(42823)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823"
                },
                {
                  "name": "http://bugs.digium.com/view.php?id=12607",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.digium.com/view.php?id=12607"
                },
                {
                  "name": "1020166",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020166"
                },
                {
                  "name": "20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493020/100/0/threaded"
                },
                {
                  "name": "ADV-2008-1731",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1731"
                },
                {
                  "name": "34982",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34982"
                },
                {
                  "name": "http://svn.digium.com/view/asterisk?view=rev\u0026revision=120109",
                  "refsource": "CONFIRM",
                  "url": "http://svn.digium.com/view/asterisk?view=rev\u0026revision=120109"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-008.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-008.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2119",
        "datePublished": "2008-06-04T19:17:00.000Z",
        "dateReserved": "2008-05-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:49:58.663Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1923 (GCVE-0-2008-1923)

    Vulnerability from nvd – Published: 2008-04-23 16:00 – Updated: 2024-08-07 08:41
    VLAI
    Summary
    The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-04-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:41:00.169Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "asterisk-new-dos(42049)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.digium.com/view.php?id=10078"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "asterisk-new-dos(42049)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.digium.com/view.php?id=10078"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1923",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "asterisk-new-dos(42049)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-006.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
                },
                {
                  "name": "http://bugs.digium.com/view.php?id=10078",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.digium.com/view.php?id=10078"
                },
                {
                  "name": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1",
                  "refsource": "MISC",
                  "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1923",
        "datePublished": "2008-04-23T16:00:00.000Z",
        "dateReserved": "2008-04-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:41:00.169Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1897 (GCVE-0-2008-1897)

    Vulnerability from nvd – Published: 2008-04-23 00:00 – Updated: 2024-08-07 08:40
    VLAI
    Summary
    The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200905-01.xml vendor-advisory
    http://secunia.com/advisories/29927 third-party-advisory
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entry
    http://www.securityfocus.com/bid/28901 vdb-entry
    http://secunia.com/advisories/30010 third-party-advisory
    http://www.vupen.com/english/advisories/2008/1324 vdb-entry
    http://downloads.digium.com/pub/security/AST-2008…
    http://bugs.digium.com/view.php?id=10078
    https://www.redhat.com/archives/fedora-package-an… vendor-advisory
    http://www.securityfocus.com/archive/1/491220/100… mailing-list
    http://www.altsci.com/concepts/page.php?s=asteri&p=2
    http://secunia.com/advisories/30042 third-party-advisory
    http://www.debian.org/security/2008/dsa-1563 vendor-advisory
    http://secunia.com/advisories/34982 third-party-advisory
    http://www.securitytracker.com/id?1019918 vdb-entry
    https://www.redhat.com/archives/fedora-package-an… vendor-advisory
    https://downloads.asterisk.org/pub/security/AST-2…
    https://github.com/xrg/asterisk-xrg/commit/51714a…
    https://github.com/jcollie/asterisk/commit/a8b180…
    https://github.com/xrg/asterisk-xrg/commit/10da3d…
    https://github.com/jcollie/asterisk/commit/771b3d…
    https://github.com/pruiz/asterisk/commit/e0ef9bd2…
    https://github.com/jcollie/asterisk/commit/60de4f…
    https://github.com/mojolingo/asterisk/commit/20ac…
    https://github.com/silentindark/asterisk-1/commit…
    https://github.com/kaoru6/asterisk/commit/1fe14f3…
    https://github.com/lyx2014/Asterisk/commit/0670e4…
    Date Public
    2008-04-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:40:59.845Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200905-01",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
              },
              {
                "name": "29927",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29927"
              },
              {
                "name": "asterisk-iax2protocol-ack-dos(41966)",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966"
              },
              {
                "name": "28901",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28901"
              },
              {
                "name": "30010",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30010"
              },
              {
                "name": "ADV-2008-1324",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1324"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://bugs.digium.com/view.php?id=10078"
              },
              {
                "name": "FEDORA-2008-3390",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html"
              },
              {
                "name": "20080422 AST-2008-006 - 3-way handshake in IAX2 incomplete",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/491220/100/0/threaded"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=2"
              },
              {
                "name": "30042",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30042"
              },
              {
                "name": "DSA-1563",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1563"
              },
              {
                "name": "34982",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34982"
              },
              {
                "name": "1019918",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019918"
              },
              {
                "name": "FEDORA-2008-3365",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2008-006.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server\u0027s reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake.  NOTE: this issue exists because of an incomplete fix for CVE-2008-1923."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T02:02:11.362Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200905-01",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
            },
            {
              "name": "29927",
              "tags": [
                "third-party-advisory"
              ],
              "url": "http://secunia.com/advisories/29927"
            },
            {
              "name": "asterisk-iax2protocol-ack-dos(41966)",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966"
            },
            {
              "name": "28901",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/28901"
            },
            {
              "name": "30010",
              "tags": [
                "third-party-advisory"
              ],
              "url": "http://secunia.com/advisories/30010"
            },
            {
              "name": "ADV-2008-1324",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1324"
            },
            {
              "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
            },
            {
              "url": "http://bugs.digium.com/view.php?id=10078"
            },
            {
              "name": "FEDORA-2008-3390",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html"
            },
            {
              "name": "20080422 AST-2008-006 - 3-way handshake in IAX2 incomplete",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.securityfocus.com/archive/1/491220/100/0/threaded"
            },
            {
              "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=2"
            },
            {
              "name": "30042",
              "tags": [
                "third-party-advisory"
              ],
              "url": "http://secunia.com/advisories/30042"
            },
            {
              "name": "DSA-1563",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1563"
            },
            {
              "name": "34982",
              "tags": [
                "third-party-advisory"
              ],
              "url": "http://secunia.com/advisories/34982"
            },
            {
              "name": "1019918",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id?1019918"
            },
            {
              "name": "FEDORA-2008-3365",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html"
            },
            {
              "url": "https://downloads.asterisk.org/pub/security/AST-2008-006.html"
            },
            {
              "url": "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83"
            },
            {
              "url": "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2"
            },
            {
              "url": "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a"
            },
            {
              "url": "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90"
            },
            {
              "url": "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6"
            },
            {
              "url": "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e"
            },
            {
              "url": "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b"
            },
            {
              "url": "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7"
            },
            {
              "url": "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb"
            },
            {
              "url": "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1897",
        "datePublished": "2008-04-23T00:00:00.000Z",
        "dateReserved": "2008-04-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:40:59.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1289 (GCVE-0-2008-1289)

    Vulnerability from nvd – Published: 2008-03-24 17:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/28308 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/3763 third-party-advisoryx_refsource_SREASON
    http://labs.musecurity.com/advisories/MU-200803-01.txt x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1019628 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29426 third-party-advisoryx_refsource_SECUNIA
    http://www.asterisk.org/node/48466 x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/archive/1/489817/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2008/0928 vdb-entryx_refsource_VUPEN
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/29470 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.571Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "28308",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28308"
              },
              {
                "name": "3763",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3763"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
              },
              {
                "name": "asterisk-rtp-codecpayload-bo(41305)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
              },
              {
                "name": "1019628",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019628"
              },
              {
                "name": "29426",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29426"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.asterisk.org/node/48466"
              },
              {
                "name": "FEDORA-2008-2554",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
              },
              {
                "name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
              },
              {
                "name": "ADV-2008-0928",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0928"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
              },
              {
                "name": "FEDORA-2008-2620",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
              },
              {
                "name": "asterisk-rtppayload-bo(41302)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
              },
              {
                "name": "29470",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29470"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "28308",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28308"
            },
            {
              "name": "3763",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3763"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
            },
            {
              "name": "asterisk-rtp-codecpayload-bo(41305)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
            },
            {
              "name": "1019628",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019628"
            },
            {
              "name": "29426",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29426"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.asterisk.org/node/48466"
            },
            {
              "name": "FEDORA-2008-2554",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
            },
            {
              "name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
            },
            {
              "name": "ADV-2008-0928",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0928"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
            },
            {
              "name": "FEDORA-2008-2620",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
            },
            {
              "name": "asterisk-rtppayload-bo(41302)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
            },
            {
              "name": "29470",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29470"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1289",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "28308",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28308"
                },
                {
                  "name": "3763",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3763"
                },
                {
                  "name": "http://labs.musecurity.com/advisories/MU-200803-01.txt",
                  "refsource": "MISC",
                  "url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
                },
                {
                  "name": "asterisk-rtp-codecpayload-bo(41305)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
                },
                {
                  "name": "1019628",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019628"
                },
                {
                  "name": "29426",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29426"
                },
                {
                  "name": "http://www.asterisk.org/node/48466",
                  "refsource": "CONFIRM",
                  "url": "http://www.asterisk.org/node/48466"
                },
                {
                  "name": "FEDORA-2008-2554",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
                },
                {
                  "name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
                },
                {
                  "name": "ADV-2008-0928",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0928"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-002.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
                },
                {
                  "name": "FEDORA-2008-2620",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
                },
                {
                  "name": "asterisk-rtppayload-bo(41302)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
                },
                {
                  "name": "29470",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29470"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1289",
        "datePublished": "2008-03-24T17:00:00.000Z",
        "dateReserved": "2008-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.571Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1390 (GCVE-0-2008-1390)

    Vulnerability from nvd – Published: 2008-03-24 17:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/3764 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/28316 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/489819/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/29449 third-party-advisoryx_refsource_SECUNIA
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securitytracker.com/id?1019679 vdb-entryx_refsource_SECTRACK
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/29470 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.588Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "3764",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3764"
              },
              {
                "name": "28316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28316"
              },
              {
                "name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
              },
              {
                "name": "asterisk-httpmanagerid-weak-security(41304)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
              },
              {
                "name": "29449",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29449"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
              },
              {
                "name": "FEDORA-2008-2554",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
              },
              {
                "name": "1019679",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019679"
              },
              {
                "name": "FEDORA-2008-2620",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
              },
              {
                "name": "29470",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29470"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "3764",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3764"
            },
            {
              "name": "28316",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28316"
            },
            {
              "name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
            },
            {
              "name": "asterisk-httpmanagerid-weak-security(41304)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
            },
            {
              "name": "29449",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29449"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
            },
            {
              "name": "FEDORA-2008-2554",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
            },
            {
              "name": "1019679",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019679"
            },
            {
              "name": "FEDORA-2008-2620",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
            },
            {
              "name": "29470",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29470"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1390",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "3764",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3764"
                },
                {
                  "name": "28316",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28316"
                },
                {
                  "name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
                },
                {
                  "name": "asterisk-httpmanagerid-weak-security(41304)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
                },
                {
                  "name": "29449",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29449"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-005.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
                },
                {
                  "name": "FEDORA-2008-2554",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
                },
                {
                  "name": "1019679",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019679"
                },
                {
                  "name": "FEDORA-2008-2620",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
                },
                {
                  "name": "29470",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29470"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1390",
        "datePublished": "2008-03-24T17:00:00.000Z",
        "dateReserved": "2008-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1332 (GCVE-0-2008-1332)

    Vulnerability from nvd – Published: 2008-03-20 00:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/29782 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200804-13.xml vendor-advisoryx_refsource_GENTOO
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/28310 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/489818/100… mailing-listx_refsource_BUGTRAQ
    http://www.debian.org/security/2008/dsa-1525 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/29426 third-party-advisoryx_refsource_SECUNIA
    http://www.asterisk.org/node/48466 x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://securitytracker.com/id?1019629 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2008/0928 vdb-entryx_refsource_VUPEN
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/29957 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29456 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29470 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SR:2008:010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
              },
              {
                "name": "29782",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29782"
              },
              {
                "name": "GLSA-200804-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
              },
              {
                "name": "28310",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28310"
              },
              {
                "name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
              },
              {
                "name": "DSA-1525",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1525"
              },
              {
                "name": "29426",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29426"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.asterisk.org/node/48466"
              },
              {
                "name": "FEDORA-2008-2554",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
              },
              {
                "name": "1019629",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019629"
              },
              {
                "name": "asterisk-sip-security-bypass(41308)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
              },
              {
                "name": "ADV-2008-0928",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0928"
              },
              {
                "name": "FEDORA-2008-2620",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
              },
              {
                "name": "29957",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29957"
              },
              {
                "name": "29456",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29456"
              },
              {
                "name": "29470",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29470"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SR:2008:010",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
            },
            {
              "name": "29782",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29782"
            },
            {
              "name": "GLSA-200804-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
            },
            {
              "name": "28310",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28310"
            },
            {
              "name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
            },
            {
              "name": "DSA-1525",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1525"
            },
            {
              "name": "29426",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29426"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.asterisk.org/node/48466"
            },
            {
              "name": "FEDORA-2008-2554",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
            },
            {
              "name": "1019629",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019629"
            },
            {
              "name": "asterisk-sip-security-bypass(41308)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
            },
            {
              "name": "ADV-2008-0928",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0928"
            },
            {
              "name": "FEDORA-2008-2620",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
            },
            {
              "name": "29957",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29957"
            },
            {
              "name": "29456",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29456"
            },
            {
              "name": "29470",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29470"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1332",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SR:2008:010",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
                },
                {
                  "name": "29782",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29782"
                },
                {
                  "name": "GLSA-200804-13",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-003.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
                },
                {
                  "name": "28310",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28310"
                },
                {
                  "name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
                },
                {
                  "name": "DSA-1525",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1525"
                },
                {
                  "name": "29426",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29426"
                },
                {
                  "name": "http://www.asterisk.org/node/48466",
                  "refsource": "CONFIRM",
                  "url": "http://www.asterisk.org/node/48466"
                },
                {
                  "name": "FEDORA-2008-2554",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
                },
                {
                  "name": "1019629",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019629"
                },
                {
                  "name": "asterisk-sip-security-bypass(41308)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
                },
                {
                  "name": "ADV-2008-0928",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0928"
                },
                {
                  "name": "FEDORA-2008-2620",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
                },
                {
                  "name": "29957",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29957"
                },
                {
                  "name": "29456",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29456"
                },
                {
                  "name": "29470",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29470"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1332",
        "datePublished": "2008-03-20T00:00:00.000Z",
        "dateReserved": "2008-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0095 (GCVE-0-2008-0095)

    Vulnerability from nvd – Published: 2008-01-08 02:00 – Updated: 2024-08-07 07:32
    VLAI
    Summary
    The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/27110 vdb-entryx_refsource_BID
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.vupen.com/english/advisories/2008/0019 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/485727/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/3520 third-party-advisoryx_refsource_SREASON
    http://bugs.digium.com/view.php?id=11637 x_refsource_MISC
    http://secunia.com/advisories/28312 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1019152 vdb-entryx_refsource_SECTRACK
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    http://secunia.com/advisories/28299 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-01-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:32:23.897Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "27110",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27110"
              },
              {
                "name": "FEDORA-2008-0199",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
              },
              {
                "name": "ADV-2008-0019",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0019"
              },
              {
                "name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
              },
              {
                "name": "asterisk-bye-also-dos(39361)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
              },
              {
                "name": "3520",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3520"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.digium.com/view.php?id=11637"
              },
              {
                "name": "28312",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28312"
              },
              {
                "name": "1019152",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019152"
              },
              {
                "name": "FEDORA-2008-0198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
              },
              {
                "name": "28299",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28299"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "27110",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27110"
            },
            {
              "name": "FEDORA-2008-0199",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
            },
            {
              "name": "ADV-2008-0019",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0019"
            },
            {
              "name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
            },
            {
              "name": "asterisk-bye-also-dos(39361)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
            },
            {
              "name": "3520",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3520"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.digium.com/view.php?id=11637"
            },
            {
              "name": "28312",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28312"
            },
            {
              "name": "1019152",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019152"
            },
            {
              "name": "FEDORA-2008-0198",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
            },
            {
              "name": "28299",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28299"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0095",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "27110",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27110"
                },
                {
                  "name": "FEDORA-2008-0199",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
                },
                {
                  "name": "ADV-2008-0019",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0019"
                },
                {
                  "name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
                },
                {
                  "name": "asterisk-bye-also-dos(39361)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
                },
                {
                  "name": "3520",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3520"
                },
                {
                  "name": "http://bugs.digium.com/view.php?id=11637",
                  "refsource": "MISC",
                  "url": "http://bugs.digium.com/view.php?id=11637"
                },
                {
                  "name": "28312",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28312"
                },
                {
                  "name": "1019152",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019152"
                },
                {
                  "name": "FEDORA-2008-0198",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-001.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
                },
                {
                  "name": "28299",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28299"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0095",
        "datePublished": "2008-01-08T02:00:00.000Z",
        "dateReserved": "2008-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:32:23.897Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6430 (GCVE-0-2007-6430)

    Vulnerability from nvd – Published: 2007-12-20 02:00 – Updated: 2024-08-07 16:02
    VLAI
    Summary
    Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/28149 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29782 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200804-13.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/29242 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/485287/100… mailing-listx_refsource_BUGTRAQ
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2007/4260 vdb-entryx_refsource_VUPEN
    http://www.debian.org/security/2008/dsa-1525 vendor-advisoryx_refsource_DEBIAN
    http://securityreason.com/securityalert/3467 third-party-advisoryx_refsource_SREASON
    http://www.osvdb.org/39519 vdb-entryx_refsource_OSVDB
    http://www.securitytracker.com/id?1019110 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/29456 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/26928 vdb-entryx_refsource_BID
    http://downloads.digium.com/pub/security/AST-2007… x_refsource_CONFIRM
    Date Public
    2007-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:02:36.470Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "28149",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28149"
              },
              {
                "name": "29782",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29782"
              },
              {
                "name": "GLSA-200804-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
              },
              {
                "name": "29242",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29242"
              },
              {
                "name": "20071218 AST-2007-027 - Database matching order permits host-based authentication to be ignored",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485287/100/0/threaded"
              },
              {
                "name": "SUSE-SR:2008:005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
              },
              {
                "name": "ADV-2007-4260",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/4260"
              },
              {
                "name": "DSA-1525",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1525"
              },
              {
                "name": "3467",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3467"
              },
              {
                "name": "39519",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/39519"
              },
              {
                "name": "1019110",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019110"
              },
              {
                "name": "asterisk-registration-security-bypass(39124)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39124"
              },
              {
                "name": "29456",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29456"
              },
              {
                "name": "26928",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26928"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2007-027.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations (\"realtime\") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "28149",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28149"
            },
            {
              "name": "29782",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29782"
            },
            {
              "name": "GLSA-200804-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
            },
            {
              "name": "29242",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29242"
            },
            {
              "name": "20071218 AST-2007-027 - Database matching order permits host-based authentication to be ignored",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485287/100/0/threaded"
            },
            {
              "name": "SUSE-SR:2008:005",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
            },
            {
              "name": "ADV-2007-4260",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/4260"
            },
            {
              "name": "DSA-1525",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1525"
            },
            {
              "name": "3467",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3467"
            },
            {
              "name": "39519",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/39519"
            },
            {
              "name": "1019110",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019110"
            },
            {
              "name": "asterisk-registration-security-bypass(39124)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39124"
            },
            {
              "name": "29456",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29456"
            },
            {
              "name": "26928",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26928"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2007-027.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6430",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations (\"realtime\") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "28149",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28149"
                },
                {
                  "name": "29782",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29782"
                },
                {
                  "name": "GLSA-200804-13",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
                },
                {
                  "name": "29242",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29242"
                },
                {
                  "name": "20071218 AST-2007-027 - Database matching order permits host-based authentication to be ignored",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485287/100/0/threaded"
                },
                {
                  "name": "SUSE-SR:2008:005",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
                },
                {
                  "name": "ADV-2007-4260",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/4260"
                },
                {
                  "name": "DSA-1525",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1525"
                },
                {
                  "name": "3467",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3467"
                },
                {
                  "name": "39519",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/39519"
                },
                {
                  "name": "1019110",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019110"
                },
                {
                  "name": "asterisk-registration-security-bypass(39124)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39124"
                },
                {
                  "name": "29456",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29456"
                },
                {
                  "name": "26928",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26928"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2007-027.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2007-027.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6430",
        "datePublished": "2007-12-20T02:00:00.000Z",
        "dateReserved": "2007-12-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:02:36.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0041 (GCVE-0-2009-0041)

    Vulnerability from cvelistv5 – Published: 2009-01-14 23:00 – Updated: 2024-08-07 04:17
    VLAI
    Summary
    IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200905-01.xml vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/archive/1/499884/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/33453 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/4910 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/33174 vdb-entryx_refsource_BID
    http://secunia.com/advisories/37677 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2009/dsa-1952 vendor-advisoryx_refsource_DEBIAN
    http://www.securitytracker.com/id?1021549 vdb-entryx_refsource_SECTRACK
    http://downloads.digium.com/pub/security/AST-2009… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2009/0063 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/34982 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2009-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:17:10.507Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200905-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
              },
              {
                "name": "20090108 AST-2009-001: Information leak in IAX2 authentication",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
              },
              {
                "name": "33453",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33453"
              },
              {
                "name": "4910",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4910"
              },
              {
                "name": "33174",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33174"
              },
              {
                "name": "37677",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37677"
              },
              {
                "name": "DSA-1952",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2009/dsa-1952"
              },
              {
                "name": "1021549",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021549"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
              },
              {
                "name": "ADV-2009-0063",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/0063"
              },
              {
                "name": "34982",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34982"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200905-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
            },
            {
              "name": "20090108 AST-2009-001: Information leak in IAX2 authentication",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
            },
            {
              "name": "33453",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33453"
            },
            {
              "name": "4910",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4910"
            },
            {
              "name": "33174",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33174"
            },
            {
              "name": "37677",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37677"
            },
            {
              "name": "DSA-1952",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1952"
            },
            {
              "name": "1021549",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021549"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
            },
            {
              "name": "ADV-2009-0063",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0063"
            },
            {
              "name": "34982",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34982"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0041",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200905-01",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
                },
                {
                  "name": "20090108 AST-2009-001: Information leak in IAX2 authentication",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/499884/100/0/threaded"
                },
                {
                  "name": "33453",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33453"
                },
                {
                  "name": "4910",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4910"
                },
                {
                  "name": "33174",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33174"
                },
                {
                  "name": "37677",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37677"
                },
                {
                  "name": "DSA-1952",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2009/dsa-1952"
                },
                {
                  "name": "1021549",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021549"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2009-001.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2009-001.html"
                },
                {
                  "name": "ADV-2009-0063",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/0063"
                },
                {
                  "name": "34982",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34982"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0041",
        "datePublished": "2009-01-14T23:00:00.000Z",
        "dateReserved": "2009-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:17:10.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-5558 (GCVE-0-2008-5558)

    Vulnerability from cvelistv5 – Published: 2008-12-17 17:00 – Updated: 2024-08-07 10:56
    VLAI
    Summary
    Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/32773 vdb-entryx_refsource_BID
    http://security.gentoo.org/glsa/glsa-200905-01.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/32956 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/50675 vdb-entryx_refsource_OSVDB
    http://securityreason.com/securityalert/4769 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/499117/100… mailing-listx_refsource_BUGTRAQ
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/3403 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/34982 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1021378 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-12-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:56:47.072Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32773",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32773"
              },
              {
                "name": "GLSA-200905-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
              },
              {
                "name": "32956",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32956"
              },
              {
                "name": "50675",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/50675"
              },
              {
                "name": "4769",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4769"
              },
              {
                "name": "20081210 AST-2008-012: Remote crash vulnerability in IAX2",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/499117/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-012.html"
              },
              {
                "name": "ADV-2008-3403",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/3403"
              },
              {
                "name": "34982",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34982"
              },
              {
                "name": "1021378",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021378"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32773",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32773"
            },
            {
              "name": "GLSA-200905-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
            },
            {
              "name": "32956",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32956"
            },
            {
              "name": "50675",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/50675"
            },
            {
              "name": "4769",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4769"
            },
            {
              "name": "20081210 AST-2008-012: Remote crash vulnerability in IAX2",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/499117/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-012.html"
            },
            {
              "name": "ADV-2008-3403",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/3403"
            },
            {
              "name": "34982",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34982"
            },
            {
              "name": "1021378",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021378"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-5558",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32773",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32773"
                },
                {
                  "name": "GLSA-200905-01",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
                },
                {
                  "name": "32956",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32956"
                },
                {
                  "name": "50675",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/50675"
                },
                {
                  "name": "4769",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4769"
                },
                {
                  "name": "20081210 AST-2008-012: Remote crash vulnerability in IAX2",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/499117/100/0/threaded"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-012.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-012.html"
                },
                {
                  "name": "ADV-2008-3403",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/3403"
                },
                {
                  "name": "34982",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34982"
                },
                {
                  "name": "1021378",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021378"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-5558",
        "datePublished": "2008-12-17T17:00:00.000Z",
        "dateReserved": "2008-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:56:47.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3264 (GCVE-0-2008-3264)

    Vulnerability from cvelistv5 – Published: 2008-07-24 15:18 – Updated: 2024-08-07 09:28
    VLAI
    Summary
    The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1020536 vdb-entryx_refsource_SECTRACK
    http://security.gentoo.org/glsa/glsa-200905-01.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/31194 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/2168… vdb-entryx_refsource_VUPEN
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/31178 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/30350 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/494676/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/34982 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:28:41.869Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1020536",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020536"
              },
              {
                "name": "GLSA-200905-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
              },
              {
                "name": "31194",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31194"
              },
              {
                "name": "ADV-2008-2168",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2168/references"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
              },
              {
                "name": "FEDORA-2008-6676",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
              },
              {
                "name": "31178",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31178"
              },
              {
                "name": "asterisk-downloadprotocol-dos(43955)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
              },
              {
                "name": "30350",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30350"
              },
              {
                "name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
              },
              {
                "name": "34982",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34982"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1020536",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020536"
            },
            {
              "name": "GLSA-200905-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
            },
            {
              "name": "31194",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31194"
            },
            {
              "name": "ADV-2008-2168",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2168/references"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
            },
            {
              "name": "FEDORA-2008-6676",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
            },
            {
              "name": "31178",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31178"
            },
            {
              "name": "asterisk-downloadprotocol-dos(43955)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
            },
            {
              "name": "30350",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30350"
            },
            {
              "name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
            },
            {
              "name": "34982",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34982"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3264",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1020536",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020536"
                },
                {
                  "name": "GLSA-200905-01",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
                },
                {
                  "name": "31194",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31194"
                },
                {
                  "name": "ADV-2008-2168",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2168/references"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-011.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
                },
                {
                  "name": "FEDORA-2008-6676",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
                },
                {
                  "name": "31178",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31178"
                },
                {
                  "name": "asterisk-downloadprotocol-dos(43955)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
                },
                {
                  "name": "30350",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30350"
                },
                {
                  "name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
                },
                {
                  "name": "34982",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34982"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3264",
        "datePublished": "2008-07-24T15:18:00.000Z",
        "dateReserved": "2008-07-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:28:41.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2119 (GCVE-0-2008-2119)

    Vulnerability from cvelistv5 – Published: 2008-06-04 19:17 – Updated: 2024-08-07 08:49
    VLAI
    Summary
    Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200905-01.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/30517 third-party-advisoryx_refsource_SECUNIA
    https://www.exploit-db.com/exploits/5749 exploitx_refsource_EXPLOIT-DB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://bugs.digium.com/view.php?id=12607 x_refsource_CONFIRM
    http://www.securitytracker.com/id?1020166 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/493020/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2008/1731 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/34982 third-party-advisoryx_refsource_SECUNIA
    http://svn.digium.com/view/asterisk?view=rev&revi… x_refsource_CONFIRM
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    Date Public
    2008-06-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:49:58.663Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200905-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
              },
              {
                "name": "30517",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30517"
              },
              {
                "name": "5749",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/5749"
              },
              {
                "name": "asterisk-asturidecode-dos(42823)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.digium.com/view.php?id=12607"
              },
              {
                "name": "1020166",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020166"
              },
              {
                "name": "20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/493020/100/0/threaded"
              },
              {
                "name": "ADV-2008-1731",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1731"
              },
              {
                "name": "34982",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34982"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://svn.digium.com/view/asterisk?view=rev\u0026revision=120109"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-008.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200905-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
            },
            {
              "name": "30517",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30517"
            },
            {
              "name": "5749",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/5749"
            },
            {
              "name": "asterisk-asturidecode-dos(42823)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.digium.com/view.php?id=12607"
            },
            {
              "name": "1020166",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020166"
            },
            {
              "name": "20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/493020/100/0/threaded"
            },
            {
              "name": "ADV-2008-1731",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1731"
            },
            {
              "name": "34982",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34982"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://svn.digium.com/view/asterisk?view=rev\u0026revision=120109"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-008.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2119",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "GLSA-200905-01",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
                },
                {
                  "name": "30517",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30517"
                },
                {
                  "name": "5749",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/5749"
                },
                {
                  "name": "asterisk-asturidecode-dos(42823)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42823"
                },
                {
                  "name": "http://bugs.digium.com/view.php?id=12607",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.digium.com/view.php?id=12607"
                },
                {
                  "name": "1020166",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020166"
                },
                {
                  "name": "20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/493020/100/0/threaded"
                },
                {
                  "name": "ADV-2008-1731",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1731"
                },
                {
                  "name": "34982",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34982"
                },
                {
                  "name": "http://svn.digium.com/view/asterisk?view=rev\u0026revision=120109",
                  "refsource": "CONFIRM",
                  "url": "http://svn.digium.com/view/asterisk?view=rev\u0026revision=120109"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-008.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-008.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2119",
        "datePublished": "2008-06-04T19:17:00.000Z",
        "dateReserved": "2008-05-08T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:49:58.663Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1923 (GCVE-0-2008-1923)

    Vulnerability from cvelistv5 – Published: 2008-04-23 16:00 – Updated: 2024-08-07 08:41
    VLAI
    Summary
    The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-04-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:41:00.169Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "asterisk-new-dos(42049)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.digium.com/view.php?id=10078"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "asterisk-new-dos(42049)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.digium.com/view.php?id=10078"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1923",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "asterisk-new-dos(42049)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-006.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
                },
                {
                  "name": "http://bugs.digium.com/view.php?id=10078",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.digium.com/view.php?id=10078"
                },
                {
                  "name": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1",
                  "refsource": "MISC",
                  "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1923",
        "datePublished": "2008-04-23T16:00:00.000Z",
        "dateReserved": "2008-04-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:41:00.169Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1897 (GCVE-0-2008-1897)

    Vulnerability from cvelistv5 – Published: 2008-04-23 00:00 – Updated: 2024-08-07 08:40
    VLAI
    Summary
    The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://security.gentoo.org/glsa/glsa-200905-01.xml vendor-advisory
    http://secunia.com/advisories/29927 third-party-advisory
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entry
    http://www.securityfocus.com/bid/28901 vdb-entry
    http://secunia.com/advisories/30010 third-party-advisory
    http://www.vupen.com/english/advisories/2008/1324 vdb-entry
    http://downloads.digium.com/pub/security/AST-2008…
    http://bugs.digium.com/view.php?id=10078
    https://www.redhat.com/archives/fedora-package-an… vendor-advisory
    http://www.securityfocus.com/archive/1/491220/100… mailing-list
    http://www.altsci.com/concepts/page.php?s=asteri&p=2
    http://secunia.com/advisories/30042 third-party-advisory
    http://www.debian.org/security/2008/dsa-1563 vendor-advisory
    http://secunia.com/advisories/34982 third-party-advisory
    http://www.securitytracker.com/id?1019918 vdb-entry
    https://www.redhat.com/archives/fedora-package-an… vendor-advisory
    https://downloads.asterisk.org/pub/security/AST-2…
    https://github.com/xrg/asterisk-xrg/commit/51714a…
    https://github.com/jcollie/asterisk/commit/a8b180…
    https://github.com/xrg/asterisk-xrg/commit/10da3d…
    https://github.com/jcollie/asterisk/commit/771b3d…
    https://github.com/pruiz/asterisk/commit/e0ef9bd2…
    https://github.com/jcollie/asterisk/commit/60de4f…
    https://github.com/mojolingo/asterisk/commit/20ac…
    https://github.com/silentindark/asterisk-1/commit…
    https://github.com/kaoru6/asterisk/commit/1fe14f3…
    https://github.com/lyx2014/Asterisk/commit/0670e4…
    Date Public
    2008-04-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:40:59.845Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GLSA-200905-01",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
              },
              {
                "name": "29927",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29927"
              },
              {
                "name": "asterisk-iax2protocol-ack-dos(41966)",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966"
              },
              {
                "name": "28901",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28901"
              },
              {
                "name": "30010",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30010"
              },
              {
                "name": "ADV-2008-1324",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1324"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://bugs.digium.com/view.php?id=10078"
              },
              {
                "name": "FEDORA-2008-3390",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html"
              },
              {
                "name": "20080422 AST-2008-006 - 3-way handshake in IAX2 incomplete",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/491220/100/0/threaded"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=2"
              },
              {
                "name": "30042",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30042"
              },
              {
                "name": "DSA-1563",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1563"
              },
              {
                "name": "34982",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34982"
              },
              {
                "name": "1019918",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019918"
              },
              {
                "name": "FEDORA-2008-3365",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://downloads.asterisk.org/pub/security/AST-2008-006.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server\u0027s reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake.  NOTE: this issue exists because of an incomplete fix for CVE-2008-1923."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-20T02:02:11.362Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "GLSA-200905-01",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
            },
            {
              "name": "29927",
              "tags": [
                "third-party-advisory"
              ],
              "url": "http://secunia.com/advisories/29927"
            },
            {
              "name": "asterisk-iax2protocol-ack-dos(41966)",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966"
            },
            {
              "name": "28901",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/28901"
            },
            {
              "name": "30010",
              "tags": [
                "third-party-advisory"
              ],
              "url": "http://secunia.com/advisories/30010"
            },
            {
              "name": "ADV-2008-1324",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1324"
            },
            {
              "url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
            },
            {
              "url": "http://bugs.digium.com/view.php?id=10078"
            },
            {
              "name": "FEDORA-2008-3390",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html"
            },
            {
              "name": "20080422 AST-2008-006 - 3-way handshake in IAX2 incomplete",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.securityfocus.com/archive/1/491220/100/0/threaded"
            },
            {
              "url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=2"
            },
            {
              "name": "30042",
              "tags": [
                "third-party-advisory"
              ],
              "url": "http://secunia.com/advisories/30042"
            },
            {
              "name": "DSA-1563",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1563"
            },
            {
              "name": "34982",
              "tags": [
                "third-party-advisory"
              ],
              "url": "http://secunia.com/advisories/34982"
            },
            {
              "name": "1019918",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id?1019918"
            },
            {
              "name": "FEDORA-2008-3365",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html"
            },
            {
              "url": "https://downloads.asterisk.org/pub/security/AST-2008-006.html"
            },
            {
              "url": "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83"
            },
            {
              "url": "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2"
            },
            {
              "url": "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a"
            },
            {
              "url": "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90"
            },
            {
              "url": "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6"
            },
            {
              "url": "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e"
            },
            {
              "url": "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b"
            },
            {
              "url": "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7"
            },
            {
              "url": "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb"
            },
            {
              "url": "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1897",
        "datePublished": "2008-04-23T00:00:00.000Z",
        "dateReserved": "2008-04-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:40:59.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1289 (GCVE-0-2008-1289)

    Vulnerability from cvelistv5 – Published: 2008-03-24 17:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/28308 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/3763 third-party-advisoryx_refsource_SREASON
    http://labs.musecurity.com/advisories/MU-200803-01.txt x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1019628 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29426 third-party-advisoryx_refsource_SECUNIA
    http://www.asterisk.org/node/48466 x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securityfocus.com/archive/1/489817/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2008/0928 vdb-entryx_refsource_VUPEN
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/29470 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.571Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "28308",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28308"
              },
              {
                "name": "3763",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3763"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
              },
              {
                "name": "asterisk-rtp-codecpayload-bo(41305)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
              },
              {
                "name": "1019628",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019628"
              },
              {
                "name": "29426",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29426"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.asterisk.org/node/48466"
              },
              {
                "name": "FEDORA-2008-2554",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
              },
              {
                "name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
              },
              {
                "name": "ADV-2008-0928",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0928"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
              },
              {
                "name": "FEDORA-2008-2620",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
              },
              {
                "name": "asterisk-rtppayload-bo(41302)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
              },
              {
                "name": "29470",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29470"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "28308",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28308"
            },
            {
              "name": "3763",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3763"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
            },
            {
              "name": "asterisk-rtp-codecpayload-bo(41305)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
            },
            {
              "name": "1019628",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019628"
            },
            {
              "name": "29426",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29426"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.asterisk.org/node/48466"
            },
            {
              "name": "FEDORA-2008-2554",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
            },
            {
              "name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
            },
            {
              "name": "ADV-2008-0928",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0928"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
            },
            {
              "name": "FEDORA-2008-2620",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
            },
            {
              "name": "asterisk-rtppayload-bo(41302)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
            },
            {
              "name": "29470",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29470"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1289",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "28308",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28308"
                },
                {
                  "name": "3763",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3763"
                },
                {
                  "name": "http://labs.musecurity.com/advisories/MU-200803-01.txt",
                  "refsource": "MISC",
                  "url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
                },
                {
                  "name": "asterisk-rtp-codecpayload-bo(41305)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
                },
                {
                  "name": "1019628",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019628"
                },
                {
                  "name": "29426",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29426"
                },
                {
                  "name": "http://www.asterisk.org/node/48466",
                  "refsource": "CONFIRM",
                  "url": "http://www.asterisk.org/node/48466"
                },
                {
                  "name": "FEDORA-2008-2554",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
                },
                {
                  "name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
                },
                {
                  "name": "ADV-2008-0928",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0928"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-002.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
                },
                {
                  "name": "FEDORA-2008-2620",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
                },
                {
                  "name": "asterisk-rtppayload-bo(41302)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
                },
                {
                  "name": "29470",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29470"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1289",
        "datePublished": "2008-03-24T17:00:00.000Z",
        "dateReserved": "2008-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.571Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1390 (GCVE-0-2008-1390)

    Vulnerability from cvelistv5 – Published: 2008-03-24 17:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/3764 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/28316 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/489819/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/29449 third-party-advisoryx_refsource_SECUNIA
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.securitytracker.com/id?1019679 vdb-entryx_refsource_SECTRACK
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/29470 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.588Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "3764",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3764"
              },
              {
                "name": "28316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28316"
              },
              {
                "name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
              },
              {
                "name": "asterisk-httpmanagerid-weak-security(41304)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
              },
              {
                "name": "29449",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29449"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
              },
              {
                "name": "FEDORA-2008-2554",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
              },
              {
                "name": "1019679",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019679"
              },
              {
                "name": "FEDORA-2008-2620",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
              },
              {
                "name": "29470",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29470"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "3764",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3764"
            },
            {
              "name": "28316",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28316"
            },
            {
              "name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
            },
            {
              "name": "asterisk-httpmanagerid-weak-security(41304)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
            },
            {
              "name": "29449",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29449"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
            },
            {
              "name": "FEDORA-2008-2554",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
            },
            {
              "name": "1019679",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019679"
            },
            {
              "name": "FEDORA-2008-2620",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
            },
            {
              "name": "29470",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29470"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1390",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "3764",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3764"
                },
                {
                  "name": "28316",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28316"
                },
                {
                  "name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
                },
                {
                  "name": "asterisk-httpmanagerid-weak-security(41304)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
                },
                {
                  "name": "29449",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29449"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-005.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
                },
                {
                  "name": "FEDORA-2008-2554",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
                },
                {
                  "name": "1019679",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019679"
                },
                {
                  "name": "FEDORA-2008-2620",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
                },
                {
                  "name": "29470",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29470"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1390",
        "datePublished": "2008-03-24T17:00:00.000Z",
        "dateReserved": "2008-03-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1332 (GCVE-0-2008-1332)

    Vulnerability from cvelistv5 – Published: 2008-03-20 00:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/29782 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200804-13.xml vendor-advisoryx_refsource_GENTOO
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/28310 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/489818/100… mailing-listx_refsource_BUGTRAQ
    http://www.debian.org/security/2008/dsa-1525 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/29426 third-party-advisoryx_refsource_SECUNIA
    http://www.asterisk.org/node/48466 x_refsource_CONFIRM
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://securitytracker.com/id?1019629 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2008/0928 vdb-entryx_refsource_VUPEN
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/29957 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29456 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29470 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SR:2008:010",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
              },
              {
                "name": "29782",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29782"
              },
              {
                "name": "GLSA-200804-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
              },
              {
                "name": "28310",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28310"
              },
              {
                "name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
              },
              {
                "name": "DSA-1525",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1525"
              },
              {
                "name": "29426",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29426"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.asterisk.org/node/48466"
              },
              {
                "name": "FEDORA-2008-2554",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
              },
              {
                "name": "1019629",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019629"
              },
              {
                "name": "asterisk-sip-security-bypass(41308)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
              },
              {
                "name": "ADV-2008-0928",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0928"
              },
              {
                "name": "FEDORA-2008-2620",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
              },
              {
                "name": "29957",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29957"
              },
              {
                "name": "29456",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29456"
              },
              {
                "name": "29470",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29470"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SR:2008:010",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
            },
            {
              "name": "29782",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29782"
            },
            {
              "name": "GLSA-200804-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
            },
            {
              "name": "28310",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28310"
            },
            {
              "name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
            },
            {
              "name": "DSA-1525",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1525"
            },
            {
              "name": "29426",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29426"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.asterisk.org/node/48466"
            },
            {
              "name": "FEDORA-2008-2554",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
            },
            {
              "name": "1019629",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019629"
            },
            {
              "name": "asterisk-sip-security-bypass(41308)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
            },
            {
              "name": "ADV-2008-0928",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0928"
            },
            {
              "name": "FEDORA-2008-2620",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
            },
            {
              "name": "29957",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29957"
            },
            {
              "name": "29456",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29456"
            },
            {
              "name": "29470",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29470"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1332",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SR:2008:010",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
                },
                {
                  "name": "29782",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29782"
                },
                {
                  "name": "GLSA-200804-13",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-003.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
                },
                {
                  "name": "28310",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28310"
                },
                {
                  "name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
                },
                {
                  "name": "DSA-1525",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1525"
                },
                {
                  "name": "29426",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29426"
                },
                {
                  "name": "http://www.asterisk.org/node/48466",
                  "refsource": "CONFIRM",
                  "url": "http://www.asterisk.org/node/48466"
                },
                {
                  "name": "FEDORA-2008-2554",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
                },
                {
                  "name": "1019629",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019629"
                },
                {
                  "name": "asterisk-sip-security-bypass(41308)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
                },
                {
                  "name": "ADV-2008-0928",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0928"
                },
                {
                  "name": "FEDORA-2008-2620",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
                },
                {
                  "name": "29957",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29957"
                },
                {
                  "name": "29456",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29456"
                },
                {
                  "name": "29470",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29470"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1332",
        "datePublished": "2008-03-20T00:00:00.000Z",
        "dateReserved": "2008-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0095 (GCVE-0-2008-0095)

    Vulnerability from cvelistv5 – Published: 2008-01-08 02:00 – Updated: 2024-08-07 07:32
    VLAI
    Summary
    The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/27110 vdb-entryx_refsource_BID
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.vupen.com/english/advisories/2008/0019 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/485727/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/3520 third-party-advisoryx_refsource_SREASON
    http://bugs.digium.com/view.php?id=11637 x_refsource_MISC
    http://secunia.com/advisories/28312 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1019152 vdb-entryx_refsource_SECTRACK
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://downloads.digium.com/pub/security/AST-2008… x_refsource_CONFIRM
    http://secunia.com/advisories/28299 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2008-01-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:32:23.897Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "27110",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27110"
              },
              {
                "name": "FEDORA-2008-0199",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
              },
              {
                "name": "ADV-2008-0019",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0019"
              },
              {
                "name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
              },
              {
                "name": "asterisk-bye-also-dos(39361)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
              },
              {
                "name": "3520",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3520"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://bugs.digium.com/view.php?id=11637"
              },
              {
                "name": "28312",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28312"
              },
              {
                "name": "1019152",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019152"
              },
              {
                "name": "FEDORA-2008-0198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
              },
              {
                "name": "28299",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28299"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "27110",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27110"
            },
            {
              "name": "FEDORA-2008-0199",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
            },
            {
              "name": "ADV-2008-0019",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0019"
            },
            {
              "name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
            },
            {
              "name": "asterisk-bye-also-dos(39361)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
            },
            {
              "name": "3520",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3520"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://bugs.digium.com/view.php?id=11637"
            },
            {
              "name": "28312",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28312"
            },
            {
              "name": "1019152",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019152"
            },
            {
              "name": "FEDORA-2008-0198",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
            },
            {
              "name": "28299",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28299"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0095",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "27110",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27110"
                },
                {
                  "name": "FEDORA-2008-0199",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
                },
                {
                  "name": "ADV-2008-0019",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0019"
                },
                {
                  "name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
                },
                {
                  "name": "asterisk-bye-also-dos(39361)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
                },
                {
                  "name": "3520",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3520"
                },
                {
                  "name": "http://bugs.digium.com/view.php?id=11637",
                  "refsource": "MISC",
                  "url": "http://bugs.digium.com/view.php?id=11637"
                },
                {
                  "name": "28312",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28312"
                },
                {
                  "name": "1019152",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019152"
                },
                {
                  "name": "FEDORA-2008-0198",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2008-001.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
                },
                {
                  "name": "28299",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28299"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0095",
        "datePublished": "2008-01-08T02:00:00.000Z",
        "dateReserved": "2008-01-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:32:23.897Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6430 (GCVE-0-2007-6430)

    Vulnerability from cvelistv5 – Published: 2007-12-20 02:00 – Updated: 2024-08-07 16:02
    VLAI
    Summary
    Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/28149 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/29782 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200804-13.xml vendor-advisoryx_refsource_GENTOO
    http://secunia.com/advisories/29242 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/485287/100… mailing-listx_refsource_BUGTRAQ
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2007/4260 vdb-entryx_refsource_VUPEN
    http://www.debian.org/security/2008/dsa-1525 vendor-advisoryx_refsource_DEBIAN
    http://securityreason.com/securityalert/3467 third-party-advisoryx_refsource_SREASON
    http://www.osvdb.org/39519 vdb-entryx_refsource_OSVDB
    http://www.securitytracker.com/id?1019110 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/29456 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/26928 vdb-entryx_refsource_BID
    http://downloads.digium.com/pub/security/AST-2007… x_refsource_CONFIRM
    Date Public
    2007-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:02:36.470Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "28149",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28149"
              },
              {
                "name": "29782",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29782"
              },
              {
                "name": "GLSA-200804-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
              },
              {
                "name": "29242",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29242"
              },
              {
                "name": "20071218 AST-2007-027 - Database matching order permits host-based authentication to be ignored",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/485287/100/0/threaded"
              },
              {
                "name": "SUSE-SR:2008:005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
              },
              {
                "name": "ADV-2007-4260",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/4260"
              },
              {
                "name": "DSA-1525",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2008/dsa-1525"
              },
              {
                "name": "3467",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3467"
              },
              {
                "name": "39519",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/39519"
              },
              {
                "name": "1019110",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019110"
              },
              {
                "name": "asterisk-registration-security-bypass(39124)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39124"
              },
              {
                "name": "29456",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29456"
              },
              {
                "name": "26928",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26928"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://downloads.digium.com/pub/security/AST-2007-027.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations (\"realtime\") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "28149",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28149"
            },
            {
              "name": "29782",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29782"
            },
            {
              "name": "GLSA-200804-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
            },
            {
              "name": "29242",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29242"
            },
            {
              "name": "20071218 AST-2007-027 - Database matching order permits host-based authentication to be ignored",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/485287/100/0/threaded"
            },
            {
              "name": "SUSE-SR:2008:005",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
            },
            {
              "name": "ADV-2007-4260",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/4260"
            },
            {
              "name": "DSA-1525",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1525"
            },
            {
              "name": "3467",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3467"
            },
            {
              "name": "39519",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/39519"
            },
            {
              "name": "1019110",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019110"
            },
            {
              "name": "asterisk-registration-security-bypass(39124)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39124"
            },
            {
              "name": "29456",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29456"
            },
            {
              "name": "26928",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26928"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://downloads.digium.com/pub/security/AST-2007-027.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6430",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations (\"realtime\") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "28149",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28149"
                },
                {
                  "name": "29782",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29782"
                },
                {
                  "name": "GLSA-200804-13",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
                },
                {
                  "name": "29242",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29242"
                },
                {
                  "name": "20071218 AST-2007-027 - Database matching order permits host-based authentication to be ignored",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/485287/100/0/threaded"
                },
                {
                  "name": "SUSE-SR:2008:005",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
                },
                {
                  "name": "ADV-2007-4260",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/4260"
                },
                {
                  "name": "DSA-1525",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2008/dsa-1525"
                },
                {
                  "name": "3467",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3467"
                },
                {
                  "name": "39519",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/39519"
                },
                {
                  "name": "1019110",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019110"
                },
                {
                  "name": "asterisk-registration-security-bypass(39124)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39124"
                },
                {
                  "name": "29456",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29456"
                },
                {
                  "name": "26928",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26928"
                },
                {
                  "name": "http://downloads.digium.com/pub/security/AST-2007-027.html",
                  "refsource": "CONFIRM",
                  "url": "http://downloads.digium.com/pub/security/AST-2007-027.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6430",
        "datePublished": "2007-12-20T02:00:00.000Z",
        "dateReserved": "2007-12-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:02:36.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }