CVE-2008-1390
First published: Mon Mar 24 2008(Updated: )
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asterisk Asterisk | =1.4.12 | |
| Asterisk Asterisk | =1.4.13 | |
| Asterisk Asterisk Appliance Developer Kit | =0.3 | |
| Asterisk Asterisk Appliance Developer Kit | =0.6 | |
| Asterisk Asterisk | =1.4.18.1 | |
| Asterisk S800i | =1.0 | |
| Asterisk Asterisknow | =beta_7 | |
| Asterisk S800i | =1.0.2 | |
| Asterisk Asterisk | =1.6 | |
| Asterisk Asterisk | =1.4.11 | |
| Asterisk Asterisk | =1.4_revision_95946 | |
| Asterisk Asterisknow | =beta_6 | |
| Asterisk Asterisknow | =beta_5 | |
| Asterisk Asterisk | =1.4.3 | |
| Asterisk Asterisk | =1.4_beta | |
| Asterisk Asterisk Business Edition | =c.1.0-beta8 | |
| Asterisk Asterisk | =1.4.14 | |
| Asterisk S800i | =1.1.0 | |
| Asterisk Asterisk | =1.4.5 | |
| Asterisk Asterisk | =1.4.9 | |
| Asterisk Asterisk | =1.4.6 | |
| Asterisk Asterisk | =1.4.17 | |
| Asterisk Asterisk | =1.4.8 | |
| Asterisk Asterisk Appliance Developer Kit | =0.7 | |
| Asterisk Asterisk | =1.4.4 | |
| Asterisk Asterisk Appliance Developer Kit | =0.4 | |
| Asterisk Asterisk | =1.4.2 | |
| Asterisk S800i | =1.0.3 | |
| Asterisk Asterisk | =1.4.16 | |
| Asterisk Asterisk | =1.4.15 | |
| Asterisk Asterisk Appliance Developer Kit | =1.4 | |
| Asterisk S800i | =1.0.1 | |
| Asterisk Asterisk | =1.4.10 | |
| Asterisk Asterisk | =1.4.7 | |
| Asterisk Asterisk Appliance Developer Kit | =0.8 | |
| Asterisk Asterisk Appliance Developer Kit | =0.5 | |
| Asterisk Asterisk | =1.4.1 | |
| Asterisk Asterisk Appliance Developer Kit | =0.2 | |
| Asterisk Asterisk Business Edition | =c.1.0-beta7 | |
| Asterisk Asterisknow | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://downloads.digium.com/pub/security/AST-2008-005.html
- http://www.securityfocus.com/bid/28316
- http://secunia.com/advisories/29449
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html
- http://www.securitytracker.com/id?1019679
- http://secunia.com/advisories/29470
- http://securityreason.com/securityalert/3764
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41304
- http://www.securityfocus.com/archive/1/489819/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- agent/event
- agent/type
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/asterisk
- canonical/asterisk asterisk
- version/asterisk asterisk/1.4.12
- version/asterisk asterisk/1.4.13
- canonical/asterisk asterisk appliance developer kit
- version/asterisk asterisk appliance developer kit/0.3
- version/asterisk asterisk appliance developer kit/0.6
- version/asterisk asterisk/1.4.18.1
- canonical/asterisk s800i
- version/asterisk s800i/1.0
- canonical/asterisk asterisknow
- version/asterisk asterisknow/beta_7
- version/asterisk s800i/1.0.2
- version/asterisk asterisk/1.6
- version/asterisk asterisk/1.4.11
- version/asterisk asterisk/1.4_revision_95946
- version/asterisk asterisknow/beta_6
- version/asterisk asterisknow/beta_5
- version/asterisk asterisk/1.4.3
- version/asterisk asterisk/1.4_beta
- canonical/asterisk asterisk business edition
- version/asterisk asterisk business edition/c.1.0-beta8
- version/asterisk asterisk/1.4.14
- version/asterisk s800i/1.1.0
- version/asterisk asterisk/1.4.5
- version/asterisk asterisk/1.4.9
- version/asterisk asterisk/1.4.6
- version/asterisk asterisk/1.4.17
- version/asterisk asterisk/1.4.8
- version/asterisk asterisk appliance developer kit/0.7
- version/asterisk asterisk/1.4.4
- version/asterisk asterisk appliance developer kit/0.4
- version/asterisk asterisk/1.4.2
- version/asterisk s800i/1.0.3
- version/asterisk asterisk/1.4.16
- version/asterisk asterisk/1.4.15
- version/asterisk asterisk appliance developer kit/1.4
- version/asterisk s800i/1.0.1
- version/asterisk asterisk/1.4.10
- version/asterisk asterisk/1.4.7
- version/asterisk asterisk appliance developer kit/0.8
- version/asterisk asterisk appliance developer kit/0.5
- version/asterisk asterisk/1.4.1
- version/asterisk asterisk appliance developer kit/0.2
- version/asterisk asterisk business edition/c.1.0-beta7
- version/asterisk asterisknow/1.0