CVE Vulnerabilities

CVE-2008-0095

Published: Jan 08, 2008 | Modified: Oct 15, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.

Affected Software

Name Vendor Start Version End Version
Asterisk_appliance_developer_kit Asterisk * 1.4_revision_95945
Asterisk_business_edition Asterisk * c.1.0beta7
Asterisknow Asterisk * beta_6
Open_source Asterisk * 1.4.16
S800i Asterisk * 1.0.3.3
Asterisk Ubuntu devel *
Asterisk Ubuntu gutsy *
Asterisk Ubuntu hardy *
Asterisk Ubuntu intrepid *
Asterisk Ubuntu upstream *

References