CVE-2008-1390 Information
Description
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6 Business Edition C.x.x before C.1.6 AsteriskNOW before 1.0.2 Appliance Developer Kit before revision 104704 and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
Reference
http://downloads.digium.com/pub/security/AST-2008-005.html http://secunia.com/advisories/29449 http://secunia.com/advisories/29470 http://securityreason.com/securityalert/3764 http://www.securityfocus.com/archive/1/489819/100/0/threaded http://www.securityfocus.com/bid/28316 http://www.securitytracker.com/id?1019679 https://exchange.xforce.ibmcloud.com/vulnerabilities/41304 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html
Share on: