Launchpad.net

CVE 2008-1332

Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.

Related bugs and status

CVE-2008-1332 (Candidate) is related to these bugs:

Bug #210124: [asterisk] several vulnerabilities

		In	Importance	Status
210124	[asterisk] several vulnerabilities	asterisk (Ubuntu)	Undecided	Fix Released
210124	[asterisk] several vulnerabilities	asterisk (Ubuntu Dapper)	Undecided	Won't Fix
210124	[asterisk] several vulnerabilities	asterisk (Ubuntu Edgy)	Undecided	Won't Fix
210124	[asterisk] several vulnerabilities	asterisk (Ubuntu Hardy)	Undecided	Fix Released
210124	[asterisk] several vulnerabilities	asterisk (Ubuntu Feisty)	Undecided	Won't Fix
210124	[asterisk] several vulnerabilities	asterisk (Ubuntu Gutsy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://downloads.digiu...
CONFIRM: http://www.asterisk.or...
BID: 28310
SECTRACK: 1019629
SECUNIA: 29426
DEBIAN: DSA-1525
FEDORA: FEDORA-2008-2554
FEDORA: FEDORA-2008-2620
SECUNIA: 29456
SECUNIA: 29470
GENTOO: GLSA-200804-13
SECUNIA: 29782
SUSE: SUSE-SR:2008:010
SECUNIA: 29957
VUPEN: ADV-2008-0928
XF: asterisk-sip-security-...
BUGTRAQ: 20080318 AST-2008-003:...