asterisk

• Vulnerable: 1.4.17-1
• Unaffected: 1.4.19.2-1kalgan1

A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to improper verification of ACK responses during IAX2 handshakes, which can be exploited to spoof an IAX2 handshake and cause a DoS via high bandwidth usage.

• Bug Tracker URL: http://bugs.frugalware.org/task/3077

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1897
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1923