CVE-2008-0095

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.4.x through 1.4.16 Asterisk Business Edition versions prior to C.1.0-beta8 AsteriskNOW versions prior to beta7 Asterisk Appliance Developer Kit versions prior to Asterisk 1.4 revision 95946 Asterisk Appliance s800i versions 1.0.x through 1.0.3.3

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This is achieved by sending a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.

Recommendations For Asterisk Open Source versions 1.4.x through 1.4.16, update to version 1.4.17 or later. For Asterisk Business Edition versions prior to C.1.0-beta8, update to version C.1.0-beta8 or later. For AsteriskNOW versions prior to beta7, update to version beta7 or later. For Asterisk Appliance Developer Kit versions prior to Asterisk 1.4 revision 95946, update to Asterisk 1.4 revision 95946 or later. For Asterisk Appliance s800i versions 1.0.x through 1.0.3.3, update to version 1.0.3.4 or later.