CVE-2008-1390

Publication date 24 March 2008

Last updated 24 July 2024


Ubuntu priority

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.

Read the notes from the security team

Status

Package Ubuntu Release Status
asterisk 9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Fixed 1:1.4.17~dfsg-2ubuntu1.1
7.10 gutsy Ignored end of life, was needed
7.04 feisty
Not affected
6.10 edgy
Not affected
6.06 LTS dapper
Not affected

Notes


jdstrand

1.2 not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
asterisk