|
|
|
Credit:
The information has been provided by Robert Buchholz.
The original article can be found at: http://security.gentoo.org/glsa/glsa-200905-01.xml
|
|
Vulnerable Systems:
* Asterisk versions prior to 1.2.32
Immune Systems:
* Asterisk version 1.2.32 and newer
Multiple vulnerabilities have been discovered in the IAX2 channel driver when performing the 3-way handshake (CVE-2008-1897), when handling a large number of POKE requests (CVE-2008-3263), when handling authentication attempts (CVE-2008-5558) and when handling firmware download (FWDOWNL) requests (CVE-2008-3264). Asterisk does also not correctly handle SIP INVITE messages that lack a "From" header (CVE-2008-2119), and responds differently to a failed login attempt depending on whether the user account exists (CVE-2008-3903, CVE-2009-0041).
CVE Information:
CVE-2008-1897
CVE-2008-3263
CVE-2008-5558
CVE-2008-3264
CVE-2008-2119
CVE-2008-3903
CVE-2009-0041
|
|
|
|