Follow @discotekdotca
CVE-2008-2543
Current Description
The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets.
Basic Data
| Published | June 05, 2008 |
|---|---|
| Last Modified | October 15, 2018 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | CWE-399 |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | LOW |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | NONE |
| CVSS 2 - Availability Impact | PARTIAL |
| CVSS 2 - Base Score | 5.0 |
| Severity | MEDIUM |
| Exploitability Score | 10.0 |
| Impact Score | 2.9 |
| Obtain All Privilege | false |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Asterisk Asterisk-addons 1.2.0 * * * * * * * � � � � 2.3 Application Asterisk Asterisk-addons 1.2.1 * * * * * * * � � � � 2.3 Application Asterisk Asterisk-addons 1.2.2 * * * * * * * � � � � 2.3 Application Asterisk Asterisk-addons 1.2.3 * * * * * * * � � � � 2.3 Application Asterisk Asterisk-addons 1.2.4 * * * * * * * � � � � 2.3 Application Asterisk Asterisk-addons 1.2.5 * * * * * * * � � � � 2.3 Application Asterisk Asterisk-addons 1.2.6 * * * * * * * � � � � 2.3 Application Asterisk Asterisk-addons 1.2.7 * * * * * * * � � � � 2.3 Application Asterisk Asterisk-addons 1.2.8 * * * * * * * � � � � 2.3 Application Asterisk Asterisk-addons 1.4.0 * * * * * * * � � � � 2.3 Application Asterisk Asterisk-addons 1.4.1 * * * * * * * � � � � 2.3 Application Asterisk Asterisk-addons 1.4.2 * * * * * * * � � � � 2.3 Application Asterisk Asterisk-addons 1.4.3 * * * * * * * � � � � 2.3 Application Asterisk Asterisk-addons 1.4.4 * * * * * * * � � � � 2.3 Application Asterisk Asterisk-addons 1.4.5 * * * * * * * � � � � 2.3 Application Asterisk Asterisk-addons 1.4.6 * * * * * * * � � � �
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Asterisk | Asterisk-addons | 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6 |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| http://downloads.digium.com/pub/security/AST-2008-009.html | http://downloads.digium.com/pub/security/AST-2008-009.html | CONFIRM | |
| 30555 | http://secunia.com/advisories/30555 | SECUNIA | |
| 1020202 | http://securitytracker.com/id?1020202 | SECTRACK | |
| 20080604 AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised | http://www.securityfocus.com/archive/1/493122/100/0/threaded | BUGTRAQ | |
| 20080604 AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver | http://www.securityfocus.com/archive/1/493144/100/0/threaded | BUGTRAQ | |
| 29567 | http://www.securityfocus.com/bid/29567 | BID | |
| ADV-2008-1747 | http://www.vupen.com/english/advisories/2008/1747/references | VUPEN | |
| asterisk-addons-ooh323-dos(42869) | https://exchange.xforce.ibmcloud.com/vulnerabilities/42869 | XF |