CVE-2008-5558
First published: Wed Dec 17 2008(Updated: )
Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asterisk Business Edition | =b.2.3.4 | |
| Asterisk Business Edition | =b.2.3.5 | |
| Asterisk Business Edition | =b.2.5.0 | |
| Asterisk Business Edition | =b.2.5.1 | |
| Asterisk Business Edition | =b.2.5.3 | |
| Asterisk | =1.2.26 | |
| Asterisk | =1.2.26-netsec | |
| Asterisk | =1.2.26.1 | |
| Asterisk | =1.2.26.1-netsec | |
| Asterisk | =1.2.26.2 | |
| Asterisk | =1.2.26.2-netsec | |
| Asterisk | =1.2.27 | |
| Asterisk | =1.2.28 | |
| Asterisk | =1.2.29 | |
| Asterisk | =1.2.30 | |
| Asterisk | =1.2.30.2 | |
| Asterisk | =1.2.30.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://downloads.digium.com/pub/security/AST-2008-012.html
- http://osvdb.org/50675
- http://secunia.com/advisories/32956
- http://www.securitytracker.com/id?1021378
- http://www.securityfocus.com/bid/32773
- http://securityreason.com/securityalert/4769
- http://secunia.com/advisories/34982
- http://security.gentoo.org/glsa/glsa-200905-01.xml
- http://www.vupen.com/english/advisories/2008/3403
- http://www.securityfocus.com/archive/1/499117/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-5558?
CVE-2008-5558 has a severity rating associated with denial of service vulnerabilities.
How do I fix CVE-2008-5558?
To fix CVE-2008-5558, upgrade Asterisk to a version beyond 1.2.30.3 or apply the appropriate patches provided by the vendor.
Who is affected by CVE-2008-5558?
CVE-2008-5558 affects Asterisk Open Source versions from 1.2.26 through 1.2.30.3 and Business Edition versions from B.2.3.5 through B.2.5.5.
What is the impact of CVE-2008-5558?
The impact of CVE-2008-5558 is that it allows remote attackers to cause a denial of service (crash) of the Asterisk software.
How can I determine if my system is vulnerable to CVE-2008-5558?
To determine if your system is vulnerable to CVE-2008-5558, check if you are using an affected version of Asterisk as specified in the vulnerability details.
- agent/type
- agent/references
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/softwarecombine
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/asterisk
- canonical/asterisk business edition
- version/asterisk business edition/b.2.3.4
- version/asterisk business edition/b.2.3.5
- version/asterisk business edition/b.2.5.0
- version/asterisk business edition/b.2.5.1
- version/asterisk business edition/b.2.5.3
- canonical/asterisk
- version/asterisk/1.2.26
- version/asterisk/1.2.26-netsec
- version/asterisk/1.2.26.1
- version/asterisk/1.2.26.1-netsec
- version/asterisk/1.2.26.2
- version/asterisk/1.2.26.2-netsec
- version/asterisk/1.2.27
- version/asterisk/1.2.28
- version/asterisk/1.2.29
- version/asterisk/1.2.30
- version/asterisk/1.2.30.2
- version/asterisk/1.2.30.3