Debian DSA-1952-1 Moderate: Remote Threats in Asterisk Software
debian
December 16, 2009
Several vulnerabilities have been discovered in asterisk, an Open Source PBX and telephony toolkit
Topics Covered
Summary
Several vulnerabilities have been discovered in asterisk, an Open Source
PBX and telephony toolkit. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-0041
It is possible to determine valid login names via probing, due to the
IAX2 response from asterisk (AST-2009-001).
CVE-2008-3903
It is possible to determine a valid SIP username, when Digest
authentication and authalwaysreject are enabled (AST-2009-003).
CVE-2009-3727
It is possible to determine a valid SIP username via multiple crafted
REGISTER messages (AST-2009-008).
CVE-2008-7220 CVE-2007-2383
It was discovered that asterisk contains an obsolete copy of the
Prototype JavaScript framework, which is vulnerable to several security
issues. This copy is unused and now removed from asterisk
(AST-2009-009).
CVE-2009-4055
It was discovered that it is possible to perform a denial of service
attack via RTP comfort noise payload with a long data length
(AST-2009-010).
For the stabl...
PREVIOUS
NEXT
Package: asterisk
CVE ID: CVE-2009-0041 CVE-2008-3903 CVE-2009-3727 CVE-2008-7220 CVE-2009-4055 CVE-2007-2383
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!