|
|
Log in / Subscribe / Register

asterisk: multiple vulnerabilities

Package(s):asterisk CVE #(s):CVE-2007-6430 CVE-2008-1332 CVE-2008-1333
Created:March 20, 2008 Updated:April 25, 2008
Description: From the Debian alert:

CVE-2007-6430: Tilghman Lesher discovered that database-based registrations are insufficiently validated. This only affects setups, which are configured to run without a password and only host-based authentication.

CVE-2008-1332: Jason Parker discovered that insufficient validation of From: headers inside the SIP channel driver may lead to authentication bypass and the potential external initiation of calls.

Alerts:
SuSE SUSE-SR:2008:010 licq, libpng, asterisk, openldap2, audit, blender 2008-04-25
Gentoo 200804-13 asterisk 2008-04-14
Fedora FEDORA-2008-2554 asterisk 2008-03-21
Fedora FEDORA-2008-2620 asterisk 2008-03-21
Debian DSA-1525-1 asterisk 2008-03-20
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds