Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2008-5558

Published: 17/12/2008 Updated: 11/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Asterisk

Vulnerability Summary

Asterisk Open Source 1.2.26 up to and including 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote malicious users to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.

Vulnerable Product Search on Vulmon Subscribe to Product

asterisk open source 1.2.26.2

asterisk open source 1.2.30.3

asterisk asterisk business edition b.2.5.0

asterisk open source 1.2.26

asterisk open source 1.2.27

asterisk asterisk business edition b.2.5.1

asterisk asterisk business edition b.2.5.3

asterisk asterisk business edition b.2.3.5

asterisk open source 1.2.28

asterisk open source 1.2.29

asterisk asterisk business edition b.2.3.4

asterisk open source 1.2.26.1

asterisk open source 1.2.30

asterisk open source 1.2.30.2

Vendor Advisories

Debian CVElist Bug Report Logs: [CVE-2008-5558] remote crash of asterisk with realtime IAX2 users/peers
Debian Bug report logs - #509686 [CVE-2008-5558] remote crash of asterisk with realtime IAX2 users/peers Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Tzafrir Cohen <tzafrircohen@xorcom ...

References

CWE-287http://downloads.digium.com/pub/security/AST-2008-012.htmlhttp://osvdb.org/50675http://secunia.com/advisories/32956http://www.securitytracker.com/id?1021378http://www.securityfocus.com/bid/32773http://securityreason.com/securityalert/4769http://secunia.com/advisories/34982http://security.gentoo.org/glsa/glsa-200905-01.xmlhttp://www.vupen.com/english/advisories/2008/3403http://www.securityfocus.com/archive/1/499117/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509686https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook