CVE-2008-5558

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.2.26 through 1.2.30.3 Asterisk Business Edition versions B.2.3.5 through B.2.5.5

Description The issue allows remote attackers to cause a denial of service (crash) via authentication attempts involving an unknown user or a user using hostname matching, when realtime IAX2 users are enabled.

Recommendations For Asterisk Open Source versions 1.2.26 through 1.2.30.3, consider disabling realtime IAX2 users as a temporary workaround until a patch is available. For Asterisk Business Edition versions B.2.3.5 through B.2.5.5, restrict access to the IAX2 authentication mechanism to minimize the risk of exploitation.