First published: Thu Mar 20 2008(Updated: )
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Asterisk | =a | |
Asterisk | =b.1.3.2 | |
Asterisk | =b.1.3.3 | |
Asterisk | =b.2.2.0 | |
Asterisk | =b.2.2.1 | |
Asterisk | =b.2.3.1 | |
Asterisk | =b.2.3.2 | |
Asterisk | =b.2.3.3 | |
Asterisk | =b.2.3.4 | |
Asterisk | =b.2.3.5 | |
Asterisk | =b.2.3.6 | |
Asterisk | =c.1.0_beta7 | |
Asterisk | =c.1.0_beta8 | |
Asterisk | =c.1.6 | |
Asterisk | =c.1.6.1 | |
Digium Asterisk Appliance Developer Kit | <=1.4 | |
Digium Asterisk Appliance Developer Kit | =0.2 | |
Digium Asterisk Appliance Developer Kit | =0.3 | |
Digium Asterisk Appliance Developer Kit | =0.4 | |
Digium Asterisk Appliance Developer Kit | =0.5 | |
Digium Asterisk Appliance Developer Kit | =0.6 | |
Digium Asterisk Appliance Developer Kit | =0.6.0 | |
Digium Asterisk Appliance Developer Kit | =0.7 | |
Digium Asterisk Appliance Developer Kit | =0.8 | |
Digium Asterisk Appliance Developer Kit | =1.3 | |
Asterisk Business Edition | <=a | |
Asterisk Business Edition | <=b.2.5.0 | |
Asterisk Business Edition | <=c.1.6.1 | |
Digium AsteriskNOW | <=1.0.1 | |
Digium AsteriskNOW | =1.0 | |
Asterisk | <=1.2.26 | |
Asterisk | <=1.4.17 | |
Asterisk | <=1.4.19 | |
Asterisk | =1.0 | |
Asterisk | =1.0.0 | |
Asterisk | =1.0.1 | |
Asterisk | =1.0.2 | |
Asterisk | =1.0.3 | |
Asterisk | =1.0.3.4 | |
Asterisk | =1.0.4 | |
Asterisk | =1.0.5 | |
Asterisk | =1.0.6 | |
Asterisk | =1.0.7 | |
Asterisk | =1.0.8 | |
Asterisk | =1.0.9 | |
Asterisk | =1.0.11 | |
Asterisk | =1.0.11.1 | |
Asterisk | =1.0.12 | |
Asterisk | =1.2.0 | |
Asterisk | =1.2.0-beta1 | |
Asterisk | =1.2.0-beta2 | |
Asterisk | =1.2.0-rc1 | |
Asterisk | =1.2.0beta2 | |
Asterisk | =1.2.1 | |
Asterisk | =1.2.2 | |
Asterisk | =1.2.3 | |
Asterisk | =1.2.4 | |
Asterisk | =1.2.5 | |
Asterisk | =1.2.6 | |
Asterisk | =1.2.7 | |
Asterisk | =1.2.7.1 | |
Asterisk | =1.2.8 | |
Asterisk | =1.2.9 | |
Asterisk | =1.2.9.1 | |
Asterisk | =1.2.10 | |
Asterisk | =1.2.11 | |
Asterisk | =1.2.12 | |
Asterisk | =1.2.12.1 | |
Asterisk | =1.2.13 | |
Asterisk | =1.2.14 | |
Asterisk | =1.2.15 | |
Asterisk | =1.2.16 | |
Asterisk | =1.2.17 | |
Asterisk | =1.2.18 | |
Asterisk | =1.2.19 | |
Asterisk | =1.2.20 | |
Asterisk | =1.2.21 | |
Asterisk | =1.2.21.1 | |
Asterisk | =1.2.22 | |
Asterisk | =1.2.23 | |
Asterisk | =1.2.24 | |
Asterisk | =1.2.25 | |
Asterisk | =1.2.26.1 | |
Asterisk | =1.2.26.2 | |
Asterisk | =1.4.0 | |
Asterisk | =1.4.0-beta2 | |
Asterisk | =1.4.0-beta3 | |
Asterisk | =1.4.0-beta4 | |
Asterisk | =1.4.1 | |
Asterisk | =1.4.10 | |
Asterisk | =1.4.10.1 | |
Asterisk | =1.4.11 | |
Asterisk | =1.4.12 | |
Asterisk | =1.4.12.1 | |
Asterisk | =1.4.13 | |
Asterisk | =1.4.14 | |
Asterisk | =1.4.15 | |
Asterisk | =1.4.16 | |
Asterisk | =1.4.16.1 | |
Asterisk | =1.4.16.2 | |
Asterisk | =1.4.18 | |
Asterisk | =1.4.19-rc3 | |
Digium S800i | <=1.1.0.1 | |
Digium S800i | =1.0 | |
Digium S800i | =1.0.1 | |
Digium S800i | =1.0.2 | |
Digium S800i | =1.0.3 | |
Digium S800i | =1.0.3.3 | |
Digium S800i | =1.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2008-1332 is classified as a moderate severity vulnerability that could allow unauthorized access.
To fix CVE-2008-1332, upgrade Asterisk to versions 1.2.27 or 1.4.18.1 and above.
CVE-2008-1332 affects Asterisk Open Source versions before 1.2.27 and 1.4.18.1, among others.
Yes, CVE-2008-1332 may allow remote exploitation if the affected software is reachable over the network.
The implications of CVE-2008-1332 include potential unauthorized access and possible manipulation of voice communication.