Launchpad.net

CVE 2008-3264

The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.

Related bugs and status

CVE-2008-3264 (Candidate) is related to these bugs:

Bug #345217: Fix vulnerabilities in channels/chan_ia2x.c

		In	Importance	Status
345217	Fix vulnerabilities in channels/chan_ia2x.c	asterisk (Ubuntu)	Undecided	Invalid
345217	Fix vulnerabilities in channels/chan_ia2x.c	asterisk (Ubuntu Hardy)	Undecided	Fix Released
345217	Fix vulnerabilities in channels/chan_ia2x.c	asterisk (Ubuntu Intrepid)	Undecided	Fix Released
345217	Fix vulnerabilities in channels/chan_ia2x.c	asterisk (Ubuntu Jaunty)	Undecided	Fix Released
345217	Fix vulnerabilities in channels/chan_ia2x.c	asterisk (Ubuntu Karmic)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://downloads.digiu...
BID: 30350
SECUNIA: 31178
FEDORA: FEDORA-2008-6676
SECTRACK: 1020536
SECUNIA: 31194
GENTOO: GLSA-200905-01
SECUNIA: 34982
VUPEN: ADV-2008-2168
XF: asterisk-downloadproto...
BUGTRAQ: 20080722 AST-2008-011:...