U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2008-1897 Detail

Description

The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
http://bugs.digium.com/view.php?id=10078 CVE, MITRE
http://downloads.digium.com/pub/security/AST-2008-006.html CVE, MITRE
http://secunia.com/advisories/29927 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/30010 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/30042 CVE, MITRE Vendor Advisory 
http://secunia.com/advisories/34982 CVE, MITRE
http://security.gentoo.org/glsa/glsa-200905-01.xml CVE, MITRE
http://www.altsci.com/concepts/page.php?s=asteri&p=2 CVE, MITRE
http://www.debian.org/security/2008/dsa-1563 CVE, MITRE
http://www.securityfocus.com/archive/1/491220/100/0/threaded CVE, MITRE
http://www.securityfocus.com/bid/28901 CVE, MITRE
http://www.securitytracker.com/id?1019918 CVE, MITRE
http://www.vupen.com/english/advisories/2008/1324 CVE, MITRE
https://downloads.asterisk.org/pub/security/AST-2008-006.html CVE, MITRE
https://exchange.xforce.ibmcloud.com/vulnerabilities/41966 CVE, MITRE
https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e CVE, MITRE
https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90 CVE, MITRE
https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2 CVE, MITRE
https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb CVE, MITRE
https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653 CVE, MITRE
https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b CVE, MITRE
https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6 CVE, MITRE
https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7 CVE, MITRE
https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a CVE, MITRE
https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83 CVE, MITRE
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html CVE, MITRE
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html CVE, MITRE

Weakness Enumeration

CWE-ID CWE Name Source
CWE-287 Improper Authentication cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

6 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2008-1897
NVD Published Date:
04/23/2008
NVD Last Modified:
04/08/2025
Source:
MITRE