7.8

CVE-2008-3263

Exploit
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AsteriskAsterisk Version0.1.0
AsteriskAsterisk Version0.1.1
AsteriskAsterisk Version0.1.2
AsteriskAsterisk Version0.1.3
AsteriskAsterisk Version0.1.4
AsteriskAsterisk Version0.1.5
AsteriskAsterisk Version0.1.6
AsteriskAsterisk Version0.1.7
AsteriskAsterisk Version0.1.8
AsteriskAsterisk Version0.1.9
AsteriskAsterisk Version0.1.9_1
AsteriskAsterisk Version0.1.10
AsteriskAsterisk Version0.1.11
AsteriskAsterisk Version0.1.12
AsteriskAsterisk Version0.2
AsteriskAsterisk Version0.3
AsteriskAsterisk Version0.4
AsteriskAsterisk Version0.5.0
AsteriskAsterisk Version0.7.0
AsteriskAsterisk Version0.7.1
AsteriskAsterisk Version0.7.2
AsteriskAsterisk Version0.9.0
AsteriskAsterisk Version1.0
AsteriskAsterisk Version1.0 Updaterc1
AsteriskAsterisk Version1.0.1
AsteriskAsterisk Version1.0.2
AsteriskAsterisk Version1.0.3
AsteriskAsterisk Version1.0.4
AsteriskAsterisk Version1.0.5
AsteriskAsterisk Version1.0.6
AsteriskAsterisk Version1.0.7
AsteriskAsterisk Version1.0.8
AsteriskAsterisk Version1.0.9
AsteriskAsterisk Version1.0.10
AsteriskAsterisk Version1.0.11
AsteriskAsterisk Version1.0.11.1
AsteriskAsterisk Version1.0.12
AsteriskAsterisk Version1.2.0_beta1
AsteriskAsterisk Version1.2.0_beta2
AsteriskAsterisk Version1.2.1
AsteriskAsterisk Version1.2.2
AsteriskAsterisk Version1.2.3
AsteriskAsterisk Version1.2.4
AsteriskAsterisk Version1.2.5
AsteriskAsterisk Version1.2.6
AsteriskAsterisk Version1.2.7
AsteriskAsterisk Version1.2.7.1
AsteriskAsterisk Version1.2.8
AsteriskAsterisk Version1.2.9
AsteriskAsterisk Version1.2.9.1
AsteriskAsterisk Version1.2.10
AsteriskAsterisk Version1.2.11
AsteriskAsterisk Version1.2.12
AsteriskAsterisk Version1.2.13
AsteriskAsterisk Version1.2.14
AsteriskAsterisk Version1.2.15
AsteriskAsterisk Version1.2.16
AsteriskAsterisk Version1.2.17
AsteriskAsterisk Version1.2.18
AsteriskAsterisk Version1.2.19
AsteriskAsterisk Version1.2.20
AsteriskAsterisk Version1.2.21
AsteriskAsterisk Version1.2.22
AsteriskAsterisk Version1.2.23
AsteriskAsterisk Version1.2.24
AsteriskAsterisk Version1.2.25
AsteriskAsterisk Version1.2.26
AsteriskAsterisk Version1.2.26.1
AsteriskAsterisk Version1.2.26.2
AsteriskAsterisk Version1.2.27
AsteriskAsterisk Version1.2.28
AsteriskAsterisk Version1.2.28.1
AsteriskAsterisk Version1.2.29
AsteriskAsterisk Version1.2.30
AsteriskAsterisk Version1.4.1
AsteriskAsterisk Version1.4.2
AsteriskAsterisk Version1.4.3
AsteriskAsterisk Version1.4.4
AsteriskAsterisk Version1.4.4_2007-04-27
AsteriskAsterisk Version1.4.5
AsteriskAsterisk Version1.4.6
AsteriskAsterisk Version1.4.7
AsteriskAsterisk Version1.4.8
AsteriskAsterisk Version1.4.9
AsteriskAsterisk Version1.4.10
AsteriskAsterisk Version1.4.11
AsteriskAsterisk Version1.4.12
AsteriskAsterisk Version1.4.13
AsteriskAsterisk Version1.4.14
AsteriskAsterisk Version1.4.15
AsteriskAsterisk Version1.4.16
AsteriskAsterisk Version1.4.16.1
AsteriskAsterisk Version1.4.16.2
AsteriskAsterisk Version1.4.17
AsteriskAsterisk Version1.4.18
AsteriskAsterisk Version1.4.18.1
AsteriskAsterisk Version1.4.19
AsteriskAsterisk Version1.4_beta
AsteriskAsterisk Version1.4_revision_95946
AsteriskAsterisk Version1.6
AsteriskAsterisk Versiona
AsteriskAsterisk Versiona Editionbusiness
AsteriskAsterisk Versionb.1.3.2
AsteriskAsterisk Versionb.1.3.2 Editionbusiness
AsteriskAsterisk Versionb.1.3.3
AsteriskAsterisk Versionb.1.3.3 Editionbusiness
AsteriskAsterisk Versionb.2.2.0
AsteriskAsterisk Versionb.2.2.0 Editionbusiness
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 28% 0.979
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/34982
http://security.gentoo.org/glsa/glsa-200905-01.xml
http://downloads.digium.com/pub/security/AST-2008-010.html
http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl
Exploit
http://secunia.com/advisories/31178
http://secunia.com/advisories/31194
http://www.securityfocus.com/archive/1/494675/100/0/threaded
http://www.securityfocus.com/bid/30321
Exploit
http://www.securitytracker.com/id?1020535
http://www.vupen.com/english/advisories/2008/2168/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43942
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html