4.3

CVE-2008-5558

Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AsteriskAsterisk Business Edition Versionb.2.3.4
AsteriskAsterisk Business Edition Versionb.2.3.5
AsteriskAsterisk Business Edition Versionb.2.5.0
AsteriskAsterisk Business Edition Versionb.2.5.1
AsteriskAsterisk Business Edition Versionb.2.5.3
AsteriskOpen Source Version1.2.26
AsteriskOpen Source Version1.2.26 Updatenetsec
AsteriskOpen Source Version1.2.26.1
AsteriskOpen Source Version1.2.26.1 Updatenetsec
AsteriskOpen Source Version1.2.26.2
AsteriskOpen Source Version1.2.26.2 Updatenetsec
AsteriskOpen Source Version1.2.27
AsteriskOpen Source Version1.2.28
AsteriskOpen Source Version1.2.29
AsteriskOpen Source Version1.2.30
AsteriskOpen Source Version1.2.30.2
AsteriskOpen Source Version1.2.30.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.96% 0.777
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/34982
http://security.gentoo.org/glsa/glsa-200905-01.xml
http://downloads.digium.com/pub/security/AST-2008-012.html
http://osvdb.org/50675
http://secunia.com/advisories/32956
Vendor Advisory
http://securityreason.com/securityalert/4769
http://www.securityfocus.com/archive/1/499117/100/0/threaded
http://www.securityfocus.com/bid/32773
http://www.securitytracker.com/id?1021378
http://www.vupen.com/english/advisories/2008/3403