Denial of Service Vulnerability in Asterisk Addons by Digium
CVE-2008-2543

Currently unrated

Key Information:

Vendor: Asterisk
Status: Asterisk-addons
Vendor: CVE Published:; 5 June 2008

What is CVE-2008-2543?

The ooh323 channel driver in Asterisk Addons versions 1.2.x prior to 1.2.9 and 1.4.x prior to 1.4.7 exposes a TCP port meant for localhost communications, allowing attackers to send specially crafted TCP packets. These packets can manipulate memory addresses improperly, potentially leading to a denial of service by causing the daemon to crash.

References

http://downloads.digium.com/pub/security/AST-2008-009.html

x_refsource_CONFIRM

http://www.securityfocus.com/bid/29567

vdb-entryx_refsource_BID

http://securitytracker.com/id?1020202

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jun 5, 2008
Vulnerability Reserved
Jun 3, 2008