PublicDate: 2008-03-24 17:44:00 UTC
Candidate: CVE-2008-1390
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1390
 http://downloads.asterisk.org/pub/security/AST-2008-005.html
Description:
 The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3
 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6,
 AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704,
 and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID
 values, which makes it easier for remote attackers to hijack a manager
 session via a series of ID guesses.
Ubuntu-Description:
Notes:
 jdstrand> 1.2 not affected
Bugs:
Priority: low
Discovered-by: Dino A. Dai Zovi
Assigned-to:
CVSS: 


Patches_asterisk:
 upstream: http://downloads.digium.com/pub/security/AST-2008-005-1.4.patch
upstream_asterisk: not-affected (1.4.19-rc3)
dapper_asterisk: not-affected
edgy_asterisk: not-affected
feisty_asterisk: not-affected
gutsy_asterisk: needed (reached end-of-life)
hardy_asterisk: released (1:1.4.17~dfsg-2ubuntu1.1)
intrepid_asterisk: not-affected (1:1.4.21.2~dfsg-1ubuntu3)
jaunty_asterisk: not-affected (1:1.4.21.2~dfsg-3ubuntu2)
devel_asterisk: not-affected (1:1.4.21.2~dfsg-3ubuntu2)