This application requires Javascript for optimal performance.

Digium.Asterisk.IAX2.POKE.Request.DoS

Release Date

Aug 25, 2009

Severity

medium

Impact

Denial of service

Description

This indicates an attack attempt against a denial-of-service vulnerability in Digium Asterisk.

The vulnerability is caused by an error when the vulnerable software handles a large volume of crafted messages. It allows a remote attacker to cause a denial-of-service condition to the asterisk service.

Affected Products

Asterisk Open Source versions 1.0.x
Asterisk Open Source versions 1.2.x
Asterisk Open Source versions 1.4.x
Asterisk Business Edition versions A.x.x
Asterisk Business Edition versions B.x.x.x
Asterisk Business Edition versions C.x.x.x
Asterisk Appliance Developer Kit versions 0.x.x
Asterisk Appliance s800i versions 1.0.x

Recommended Actions

Upgrade to the latest versions:
http://downloads.digium.com/

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2008-3263

Reference/s

http://www.frsirt.com/english/advisories/2008/2168 (FrSIRT)
http://www.securityfocus.com/bid/30321 (BugTraq)

Reference: VID-17639