Back to search
CVE-2008-1923
Published: Apr 23, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
asterisk-new-dos(42049)
vdb-entry
x_refsource_XF
http://downloads.digium.com/pub/security/AST-2008-006.html
x_refsource_CONFIRM
http://bugs.digium.com/view.php?id=10078
x_refsource_CONFIRM
http://www.altsci.com/concepts/page.php?s=asteri&p=1
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now