Lucene search

Ubuntu.comUB:CVE-2008-1390

HistoryMar 24, 2008 - 12:00 a.m.

CVE-2008-1390

2008-03-2400:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.038

Percentile

92.0%

JSON

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3
and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6,
AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704,
and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID
values, which makes it easier for remote attackers to hijack a manager
session via a series of ID guesses.

Notes

Author	Note
jdstrand	1.2 not affected

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchasterisk< 1:1.4.17~dfsg-2ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	asterisk	< 1:1.4.17~dfsg-2ubuntu1.1	UNKNOWN

References

downloads.asterisk.org/pub/security/AST-2008-005.html

launchpad.net/bugs/cve/CVE-2008-1390

nvd.nist.gov/vuln/detail/CVE-2008-1390

security-tracker.debian.org/tracker/CVE-2008-1390

www.cve.org/CVERecord?id=CVE-2008-1390

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.038

Percentile

92.0%

JSON

Related for UB:CVE-2008-1390