8.8

CVE-2008-1332

Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AsteriskAsterisk Versiona Editionbusiness
AsteriskAsterisk Versionb.1.3.2 Editionbusiness
AsteriskAsterisk Versionb.1.3.3 Editionbusiness
AsteriskAsterisk Versionb.2.2.0 Editionbusiness
AsteriskAsterisk Versionb.2.2.1 Editionbusiness
AsteriskAsterisk Versionb.2.3.1 Editionbusiness
AsteriskAsterisk Versionb.2.3.2 Editionbusiness
AsteriskAsterisk Versionb.2.3.3 Editionbusiness
AsteriskAsterisk Versionb.2.3.4 Editionbusiness
AsteriskAsterisk Versionb.2.3.5 Editionbusiness
AsteriskAsterisk Versionb.2.3.6 Editionbusiness
AsteriskAsterisk Versionc.1.0_beta7 Editionbusiness
AsteriskAsterisk Versionc.1.0_beta8 Editionbusiness
AsteriskAsterisk Versionc.1.6 Editionbusiness
AsteriskAsterisk Versionc.1.6.1 Editionbusiness
AsteriskAsterisk Business Edition Version <= b.2.5.0
AsteriskAsterisk Business Edition Version <= c.1.6.1
AsteriskAsterisknow Version <= 1.0.1
AsteriskAsterisknow Version1.0
AsteriskOpen Source Version <= 1.2.26
AsteriskOpen Source Version <= 1.4.17
AsteriskOpen Source Updaterc-2 Version <= 1.4.19
AsteriskOpen Source Version1.0
AsteriskOpen Source Version1.0.0
AsteriskOpen Source Version1.0.1
AsteriskOpen Source Version1.0.2
AsteriskOpen Source Version1.0.3
AsteriskOpen Source Version1.0.3.4
AsteriskOpen Source Version1.0.4
AsteriskOpen Source Version1.0.5
AsteriskOpen Source Version1.0.6
AsteriskOpen Source Version1.0.7
AsteriskOpen Source Version1.0.8
AsteriskOpen Source Version1.0.9
AsteriskOpen Source Version1.0.11
AsteriskOpen Source Version1.0.11.1
AsteriskOpen Source Version1.0.12
AsteriskOpen Source Version1.2.0
AsteriskOpen Source Version1.2.0 Updatebeta1
AsteriskOpen Source Version1.2.0 Updatebeta2
AsteriskOpen Source Version1.2.0 Updaterc1
AsteriskOpen Source Version1.2.0beta2
AsteriskOpen Source Version1.2.1
AsteriskOpen Source Version1.2.2
AsteriskOpen Source Version1.2.3
AsteriskOpen Source Version1.2.4
AsteriskOpen Source Version1.2.5
AsteriskOpen Source Version1.2.6
AsteriskOpen Source Version1.2.7
AsteriskOpen Source Version1.2.7.1
AsteriskOpen Source Version1.2.8
AsteriskOpen Source Version1.2.9
AsteriskOpen Source Version1.2.9.1
AsteriskOpen Source Version1.2.10
AsteriskOpen Source Version1.2.11
AsteriskOpen Source Version1.2.12
AsteriskOpen Source Version1.2.12.1
AsteriskOpen Source Version1.2.13
AsteriskOpen Source Version1.2.14
AsteriskOpen Source Version1.2.15
AsteriskOpen Source Version1.2.16
AsteriskOpen Source Version1.2.17
AsteriskOpen Source Version1.2.18
AsteriskOpen Source Version1.2.19
AsteriskOpen Source Version1.2.20
AsteriskOpen Source Version1.2.21
AsteriskOpen Source Version1.2.21.1
AsteriskOpen Source Version1.2.22
AsteriskOpen Source Version1.2.23
AsteriskOpen Source Version1.2.24
AsteriskOpen Source Version1.2.25
AsteriskOpen Source Version1.2.26.1
AsteriskOpen Source Version1.2.26.2
AsteriskOpen Source Version1.4.0
AsteriskOpen Source Version1.4.0 Updatebeta2
AsteriskOpen Source Version1.4.0 Updatebeta3
AsteriskOpen Source Version1.4.0 Updatebeta4
AsteriskOpen Source Version1.4.1
AsteriskOpen Source Version1.4.10
AsteriskOpen Source Version1.4.10.1
AsteriskOpen Source Version1.4.11
AsteriskOpen Source Version1.4.12
AsteriskOpen Source Version1.4.12.1
AsteriskOpen Source Version1.4.13
AsteriskOpen Source Version1.4.14
AsteriskOpen Source Version1.4.15
AsteriskOpen Source Version1.4.16
AsteriskOpen Source Version1.4.16.1
AsteriskOpen Source Version1.4.16.2
AsteriskOpen Source Version1.4.18
AsteriskOpen Source Version1.4.19 Updaterc3
AsteriskS800i Version <= 1.1.0.1
AsteriskS800i Version1.0
AsteriskS800i Version1.0.1
AsteriskS800i Version1.0.2
AsteriskS800i Version1.0.3
AsteriskS800i Version1.0.3.3
AsteriskS800i Version1.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.33% 0.813
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 8.6 9.2
AV:N/AC:M/Au:N/C:C/I:C/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/29782
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200804-13.xml
http://secunia.com/advisories/29456
Vendor Advisory
http://www.debian.org/security/2008/dsa-1525
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html
http://secunia.com/advisories/29957
Vendor Advisory
http://downloads.digium.com/pub/security/AST-2008-003.html
Patch
http://secunia.com/advisories/29426
Vendor Advisory
http://secunia.com/advisories/29470
Vendor Advisory
http://securitytracker.com/id?1019629
http://www.asterisk.org/node/48466
http://www.securityfocus.com/archive/1/489818/100/0/threaded
http://www.securityfocus.com/bid/28310
http://www.vupen.com/english/advisories/2008/0928
https://exchange.xforce.ibmcloud.com/vulnerabilities/41308
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html