Think you have a false positive on this rule?

Sid 1-16445

Message

PROTOCOL-VOIP Digium Asterisk IAX2 ack response denial of service attempt

Summary

The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.

Impact

CVSS base score 4.3 CVSS impact score 2.9 CVSS exploitability score 8.6 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE

CVE-2008-1897:

CVSS base score 4.3

CVSS impact score 2.9

CVSS exploitability score 8.6

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Detailed information

CVE-2008-1897: The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.

Affected systems

  • asterisk asteriskappliancedeveloper_kit 0.2
  • asterisk asteriskappliancedeveloper_kit 0.3
  • asterisk asteriskappliancedeveloper_kit 0.4
  • asterisk asteriskappliancedeveloper_kit 0.5
  • asterisk asteriskappliancedeveloper_kit 0.6
  • asterisk asteriskappliancedeveloper_kit 0.6.0
  • asterisk asteriskappliancedeveloper_kit 0.7
  • asterisk asteriskappliancedeveloper_kit 0.8
  • asterisk asteriskbusinessedition a
  • asterisk asteriskbusinessedition b.1.3.2
  • asterisk asteriskbusinessedition b.1.3.3
  • asterisk asteriskbusinessedition b.2.2.0
  • asterisk asteriskbusinessedition b.2.2.1
  • asterisk asteriskbusinessedition b.2.3.1
  • asterisk asteriskbusinessedition b.2.3.2
  • asterisk asteriskbusinessedition b.2.3.3
  • asterisk asteriskbusinessedition b.2.3.4
  • asterisk asteriskbusinessedition b.2.3.6
  • asterisk asteriskbusinessedition b.2.5.0
  • asterisk asteriskbusinessedition b.2.5.1
  • asterisk asteriskbusinessedition c.1.0
  • asterisk asteriskbusinessedition c.1.6
  • asterisk asteriskbusinessedition c.1.6.1
  • asterisk asteriskbusinessedition c.1.6.2
  • asterisk asteriskbusinessedition c1.8.0
  • asterisk asterisknow 1.0
  • asterisk asterisknow 1.0.1
  • asterisk asterisknow 1.0.2
  • asterisk open_source 1.0
  • asterisk open_source 1.0.0
  • asterisk open_source 1.0.1
  • asterisk open_source 1.0.2
  • asterisk open_source 1.0.3
  • asterisk open_source 1.0.3.4
  • asterisk open_source 1.0.4
  • asterisk open_source 1.0.5
  • asterisk open_source 1.0.6
  • asterisk open_source 1.0.7
  • asterisk open_source 1.0.8
  • asterisk open_source 1.0.9
  • asterisk open_source 1.0.11
  • asterisk open_source 1.0.11.1
  • asterisk open_source 1.0.12
  • asterisk open_source 1.2.0
  • asterisk open_source 1.2.1
  • asterisk open_source 1.2.2
  • asterisk open_source 1.2.3
  • asterisk open_source 1.2.4
  • asterisk open_source 1.2.5
  • asterisk open_source 1.2.6
  • asterisk open_source 1.2.7
  • asterisk open_source 1.2.7.1
  • asterisk open_source 1.2.8
  • asterisk open_source 1.2.9
  • asterisk open_source 1.2.9.1
  • asterisk open_source 1.2.10
  • asterisk open_source 1.2.11
  • asterisk open_source 1.2.12
  • asterisk open_source 1.2.12.1
  • asterisk open_source 1.2.13
  • asterisk open_source 1.2.14
  • asterisk open_source 1.2.15
  • asterisk open_source 1.2.16
  • asterisk open_source 1.2.17
  • asterisk open_source 1.2.18
  • asterisk open_source 1.2.19
  • asterisk open_source 1.2.20
  • asterisk open_source 1.2.21
  • asterisk open_source 1.2.21.1
  • asterisk open_source 1.2.22
  • asterisk open_source 1.2.23
  • asterisk open_source 1.2.24
  • asterisk open_source 1.2.25
  • asterisk open_source 1.2.26
  • asterisk open_source 1.2.26.1
  • asterisk open_source 1.2.26.2
  • asterisk open_source 1.2.27
  • asterisk open_source 1.4.0
  • asterisk open_source 1.4.1
  • asterisk open_source 1.4.10
  • asterisk open_source 1.4.10.1
  • asterisk open_source 1.4.11
  • asterisk open_source 1.4.12
  • asterisk open_source 1.4.12.1
  • asterisk open_source 1.4.13
  • asterisk open_source 1.4.14
  • asterisk open_source 1.4.15
  • asterisk open_source 1.4.16
  • asterisk open_source 1.4.16.1
  • asterisk open_source 1.4.16.2
  • asterisk open_source 1.4.17
  • asterisk open_source 1.4.18
  • asterisk open_source 1.4.18.1
  • asterisk open_source 1.4.19
  • asterisk s800i 1.0
  • asterisk s800i 1.0.1
  • asterisk s800i 1.0.2
  • asterisk s800i 1.0.3
  • asterisk s800i 1.0.3.3
  • asterisk s800i 1.1.0
  • asterisk s800i 1.1.0.1
  • asterisk s800i 1.1.0.2

Ease of attack

CVE-2008-1897:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • downloads.digium.com/pub/security/AST-2008-006.html