CVE-2008-1390

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.4.x through 1.4.19-rc2 Asterisk Open Source versions 1.6.x through 1.6.0-beta5 Asterisk Business Edition C.x.x through C.1.5 AsteriskNOW versions 1.0 through 1.0.1 Asterisk Appliance Developer Kit versions prior to revision 104704 s800i versions 1.0.x through 1.1.0.1

Description The AsteriskGUI HTTP server generates insufficiently random manager ID values, making it easier for remote attackers to hijack a manager session via a series of ID guesses.

Recommendations For Asterisk Open Source versions 1.4.x through 1.4.19-rc2, update to version 1.4.19-rc3 or later. For Asterisk Open Source versions 1.6.x through 1.6.0-beta5, update to version 1.6.0-beta6 or later. For Asterisk Business Edition C.x.x through C.1.5, update to version C.1.6 or later. For AsteriskNOW versions 1.0 through 1.0.1, update to version 1.0.2 or later. For Asterisk Appliance Developer Kit versions prior to revision 104704, update to revision 104704 or later. For s800i versions 1.0.x through 1.1.0.1, update to version 1.1.0.2 or later.