CVE-2008-0095: Null Pointer Dereference
First published: Tue Jan 08 2008(Updated: )
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Digium Asterisk Appliance Developer Kit | <=1.4_revision_95945 | |
| Asterisk Business Edition | <=c.1.0beta7 | |
| Digium AsteriskNOW | <=beta_6 | |
| Asterisk | <=1.4.16 | |
| Digium S800i | <=1.0.3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.digium.com/view.php?id=11637
- http://downloads.digium.com/pub/security/AST-2008-001.html
- http://www.securityfocus.com/bid/27110
- http://www.securitytracker.com/id?1019152
- http://secunia.com/advisories/28312
- http://securityreason.com/securityalert/3520
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html
- http://secunia.com/advisories/28299
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html
- http://www.vupen.com/english/advisories/2008/0019
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39361
- http://www.securityfocus.com/archive/1/485727/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-0095?
CVE-2008-0095 has a high severity level as it allows remote attackers to cause a denial of service by crashing the Asterisk daemon.
How do I fix CVE-2008-0095?
To fix CVE-2008-0095, upgrade to Asterisk versions 1.4.17 or later, Business Edition C.1.0-beta8 or later, or the respective versions for AsteriskNOW and the Appliance Developer Kit.
Which software versions are affected by CVE-2008-0095?
CVE-2008-0095 affects Asterisk Open Source versions below 1.4.17, Business Edition versions before C.1.0-beta8, and several other related software versions.
What type of vulnerability is CVE-2008-0095?
CVE-2008-0095 is a remote denial of service vulnerability that can result in the crashing of the Asterisk daemon.
Can CVE-2008-0095 be exploited remotely?
Yes, CVE-2008-0095 can be exploited remotely, allowing attackers to disrupt services.
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/asterisk
- canonical/digium asterisk appliance developer kit
- version/digium asterisk appliance developer kit/1.4_revision_95945
- canonical/asterisk business edition
- version/asterisk business edition/c.1.0beta7
- canonical/digium asterisknow
- version/digium asterisknow/beta_6
- canonical/asterisk
- version/asterisk/1.4.16
- canonical/digium s800i
- version/digium s800i/1.0.3.3