製品・ソフトウェアに関する情報

JVN脆弱性詳細

Asterisk Open Source におけるサービス運用妨害 (DoS) の脆弱性

Title	Asterisk Open Source におけるサービス運用妨害 (DoS) の脆弱性
Summary	Asterisk Open Source および Business Edition には、リアルタイムの IAX2 ユーザが有効になっている際、サービス運用妨害 (クラッシュ) 状態となる脆弱性が存在します。
Possible impacts	第三者により、(1) 未知ユーザまたは (2) ホスト名照合を使用するユーザが関与する認証の試行を介して、サービス運用妨害 (クラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 17, 2008, midnight
Registration Date	June 26, 2012, 4:03 p.m.
Last Update	June 26, 2012, 4:03 p.m.

Affected System

Digium

Asterisk Business Edition B.2.3.5 から B.2.5.5

Asterisk Open Source 1.2.26 から 1.2.30.3

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-5558	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5558
National Vulnerability Database (NVD)
2	CVE-2008-5558	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5558

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-287	https://jvndb.jvn.jp/ja/cwe/CWE-287.html

ベンダー情報

No	Name	URL
Asterisk
1	AST-2008-012	http://downloads.asterisk.org/pub/security/AST-2008-012.html

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2008-5558

Summary	Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.
Publication Date	Dec. 18, 2008, 2:30 a.m.
Registration Date	Jan. 29, 2021, 1:47 p.m.
Last Update	Oct. 12, 2018, 5:56 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:::::::*
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.5:::::::*
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:::::::*
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.1:::::::*
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.3:::::::*
cpe:2.3:a:asterisk:open_source:1.2.26:::::::*
cpe:2.3:a:asterisk:open_source:1.2.26:netsec::::::
cpe:2.3:a:asterisk:open_source:1.2.26.1:::::::*
cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec::::::
cpe:2.3:a:asterisk:open_source:1.2.26.2:::::::*
cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec::::::
cpe:2.3:a:asterisk:open_source:1.2.27:::::::*
cpe:2.3:a:asterisk:open_source:1.2.28:::::::*
cpe:2.3:a:asterisk:open_source:1.2.29:::::::*
cpe:2.3:a:asterisk:open_source:1.2.30:::::::*
cpe:2.3:a:asterisk:open_source:1.2.30.2:::::::*
cpe:2.3:a:asterisk:open_source:1.2.30.3:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://downloads.digium.com/pub/security/AST-2008-012.html	CONFIRM
2	http://osvdb.org/50675	OSVDB
3	http://secunia.com/advisories/32956	SECUNIA	Vendor Advisory
4	http://secunia.com/advisories/34982	SECUNIA
5	http://security.gentoo.org/glsa/glsa-200905-01.xml	GENTOO
6	http://securityreason.com/securityalert/4769	SREASON
7	http://www.securityfocus.com/archive/1/499117/100/0/threaded	BUGTRAQ
8	http://www.securityfocus.com/bid/32773	BID
9	http://www.securitytracker.com/id?1021378	SECTRACK
10	http://www.vupen.com/english/advisories/2008/3403	VUPEN

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:::::::*
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.5:::::::*
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:::::::*
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.1:::::::*
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.3:::::::*
cpe:2.3:a:asterisk:open_source:1.2.26:::::::*
cpe:2.3:a:asterisk:open_source:1.2.26:netsec::::::
cpe:2.3:a:asterisk:open_source:1.2.26.1:::::::*
cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec::::::
cpe:2.3:a:asterisk:open_source:1.2.26.2:::::::*
cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec::::::
cpe:2.3:a:asterisk:open_source:1.2.27:::::::*
cpe:2.3:a:asterisk:open_source:1.2.28:::::::*
cpe:2.3:a:asterisk:open_source:1.2.29:::::::*
cpe:2.3:a:asterisk:open_source:1.2.30:::::::*
cpe:2.3:a:asterisk:open_source:1.2.30.2:::::::*
cpe:2.3:a:asterisk:open_source:1.2.30.3:::::::*