CVE-2008-5558

Published: Dec 17, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.

Affected (17)

Products: Asterisk: Asterisk Business Edition, Open Source

2 products

Asterisk Business Edition

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Asterisk Asterisk Business Edition	Version b.2.3.4
Asterisk Asterisk Business Edition	Version b.2.3.5
Asterisk Asterisk Business Edition	Version b.2.5.0
Asterisk Asterisk Business Edition	Version b.2.5.1
Asterisk Asterisk Business Edition	Version b.2.5.3
Asterisk Open Source	Version 1.2.26.1
Asterisk Open Source	Version 1.2.26.1 netsec
Asterisk Open Source	Version 1.2.26.2
Asterisk Open Source	Version 1.2.26.2 netsec
Asterisk Open Source	Version 1.2.26
Asterisk Open Source	Version 1.2.26 netsec
Asterisk Open Source	Version 1.2.27
Asterisk Open Source	Version 1.2.28
Asterisk Open Source	Version 1.2.29
Asterisk Open Source	Version 1.2.30.2
Asterisk Open Source	Version 1.2.30.3
Asterisk Open Source	Version 1.2.30

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (20)

http://downloads.digium.com/pub/security/AST-2008-012.html

Source: cve@mitre.org

http://osvdb.org/50675

Source: cve@mitre.org

http://secunia.com/advisories/32956

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/34982

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200905-01.xml

Source: cve@mitre.org

http://securityreason.com/securityalert/4769

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/499117/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/32773

Source: cve@mitre.org

http://www.securitytracker.com/id?1021378

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/3403

Source: cve@mitre.org

http://downloads.digium.com/pub/security/AST-2008-012.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/50675

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32956

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/34982

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200905-01.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/4769

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/499117/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/32773

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1021378

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/3403

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.