Remote SIP Channel Access in Asterisk Open Source Products
CVE-2008-1332

Currently unrated

Key Information:

Vendor: Asterisk
Status: Asterisk Appliance Developer Kit; Asterisknow; Open Source; Asterisk
Vendor: CVE Published:; 20 March 2008

Summary

A vulnerability in Asterisk versions allows remote attackers to exploit access through a manipulated From header, compromising the SIP channel driver. This can lead to unauthorized calls and exposure of the system's VoIP infrastructure. Affected versions include several from Open Source 1.2.x and 1.4.x families, as well as Business Editions and AsteriskNOW systems. Proper patching and security measures are critical to mitigate such risks.

References

http://lists.opensuse.org/opensuse-security-announce/2008...

vendor-advisoryx_refsource_SUSE

http://secunia.com/advisories/29782

third-party-advisoryx_refsource_SECUNIA

http://security.gentoo.org/glsa/glsa-200804-13.xml

vendor-advisoryx_refsource_GENTOO

Timeline

Vulnerability published
Mar 20, 2008
Vulnerability Reserved
Mar 13, 2008