CVE-2008-3264

Name of the Vulnerable Software and Affected Versions: Asterisk Open Source versions 1.0.x through 1.2.x before 1.2.30 Asterisk Open Source versions 1.4.x before 1.4.21.2 Asterisk Business Edition versions A.x.x through B.x.x before B.2.5.4 Asterisk Business Edition versions C.x.x before C.1.10.3 AsteriskNOW (affected versions not specified) Appliance Developer Kit versions 0.x.x s800i versions 1.0.x through 1.0.x before 1.2.0.1

Description: The issue allows remote attackers to cause a denial of service, specifically traffic amplification, via an IAX2 FWDOWNL request. This is related to the FWDOWNL firmware-download implementation in the affected software.

Recommendations: For Asterisk Open Source versions 1.0.x through 1.2.x before 1.2.30, update to version 1.2.30 or later. For Asterisk Open Source versions 1.4.x before 1.4.21.2, update to version 1.4.21.2 or later. For Asterisk Business Edition versions A.x.x through B.x.x before B.2.5.4, update to version B.2.5.4 or later. For Asterisk Business Edition versions C.x.x before C.1.10.3, update to version C.1.10.3 or later. For AsteriskNOW, at the moment, there is no information about a newer version that contains a fix for this issue. For Appliance Developer Kit versions 0.x.x, at the moment, there is no information about a newer version that contains a fix for this issue. For s800i versions 1.0.x through 1.0.x before 1.2.0.1, update to version 1.2.0.1 or later.