CVE-2008-3263

Name of the Vulnerable Software and Affected Versions: Asterisk Open Source versions 1.0.x through 1.2.x before 1.2.30 Asterisk Open Source versions 1.4.x before 1.4.21.2 Asterisk Business Edition A.x.x Asterisk Business Edition B.x.x before B.2.5.4 Asterisk Business Edition C.x.x before C.1.10.3 AsteriskNOW Asterisk Appliance Developer Kit 0.x.x s800i versions 1.0.x before 1.2.0.1

Description: The issue allows remote attackers to cause a denial of service by quickly sending a large number of IAX2 POKE requests, leading to call-number exhaustion and CPU consumption.

Recommendations: For Asterisk Open Source versions 1.0.x through 1.2.x before 1.2.30, update to version 1.2.30 or later. For Asterisk Open Source versions 1.4.x before 1.4.21.2, update to version 1.4.21.2 or later. For Asterisk Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3, update to the respective latest versions, B.2.5.4 or C.1.10.3. For AsteriskNOW and Asterisk Appliance Developer Kit 0.x.x, apply the necessary patches or updates as recommended by the vendor. For s800i versions 1.0.x before 1.2.0.1, update to version 1.2.0.1 or later.