PublicDate: 2008-04-23 16:05:00 UTC
Candidate: CVE-2008-1923
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1923
Description:
 The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630
 and 1.4 before revision 65679, when configured to allow unauthenticated
 calls, sends "early audio" to an unverified source IP address of a NEW
 message, which allows remote attackers to cause a denial of service
 (traffic amplification) via a spoofed NEW message.
Ubuntu-Description:
Notes:
 mdeslaur> fix was incomplete, see CVE-2008-1897
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_asterisk:
 upstream: http://lists.digium.com/pipermail/asterisk-commits/2007-May/013260.html
upstream_asterisk: needs-triage
dapper_asterisk: ignored (reached end-of-life)
feisty_asterisk: needed (reached end-of-life)
gutsy_asterisk: needed (reached end-of-life)
hardy_asterisk: not-affected (1:1.4.17~dfsg-2ubuntu1)
intrepid_asterisk: not-affected (1:1.4.21.2~dfsg-1ubuntu3)
jaunty_asterisk: not-affected (1:1.4.21.2~dfsg-3ubuntu2)
karmic_asterisk: not-affected (1:1.4.21.2~dfsg-3ubuntu2)
devel_asterisk: not-affected (1:1.4.21.2~dfsg-3ubuntu2)