Back to search
CVE-2008-2543
Published: Jun 5, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://downloads.digium.com/pub/security/AST-2008-009.html
x_refsource_CONFIRM
29567
vdb-entry
x_refsource_BID
1020202
vdb-entry
x_refsource_SECTRACK
ADV-2008-1747
vdb-entry
x_refsource_VUPEN
asterisk-addons-ooh323-dos(42869)
vdb-entry
x_refsource_XF
30555
third-party-advisory
x_refsource_SECUNIA
20080604 AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver
mailing-list
x_refsource_BUGTRAQ
20080604 AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now