Launchpad.net

CVE 2008-1923

The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.

Related bugs and status

CVE-2008-1923 (Candidate) is related to these bugs:

Bug #345217: Fix vulnerabilities in channels/chan_ia2x.c

		In	Importance	Status
345217	Fix vulnerabilities in channels/chan_ia2x.c	asterisk (Ubuntu)	Undecided	Invalid
345217	Fix vulnerabilities in channels/chan_ia2x.c	asterisk (Ubuntu Hardy)	Undecided	Fix Released
345217	Fix vulnerabilities in channels/chan_ia2x.c	asterisk (Ubuntu Intrepid)	Undecided	Fix Released
345217	Fix vulnerabilities in channels/chan_ia2x.c	asterisk (Ubuntu Jaunty)	Undecided	Fix Released
345217	Fix vulnerabilities in channels/chan_ia2x.c	asterisk (Ubuntu Karmic)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-1923

Related bugs and status

Related bugs

References