Red Hat Bugzilla – Bug 438129
CVE-2008-1332 asterisk: Unauthenticated calls allowed from SIP channel driver (AST-2008-003)
Last modified: 2008-03-31 05:44:01 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1332 to the following vulnerability:
Asterisk Project Security Advisory - AST-2008-003
Unauthenticated calls can be made via the SIP channel driver using an invalid
From header. This acts similarly to the SIP configuration option
'allowguest=yes', in that calls with a specially crafted From header would be
sent to the PBX in the context specified in the general section of sip.conf.
asterisk-22.214.171.124-1.fc8 has been submitted as an update for Fedora 8
asterisk-126.96.36.199-1.fc7 has been submitted as an update for Fedora 7
asterisk-188.8.131.52-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
asterisk-184.108.40.206-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: