oss-sec mailing list archives
Re: asterisk dupe?
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 5 May 2008 12:51:28 -0400 (EDT)
On Wed, 30 Apr 2008, Moritz Muehlenhoff wrote:
I think there's been a dupe in a recent CVE assignment for asterisk. CVE-2008-1923 appears to be a duplicate of CVE-2007-4103.
These are most likely different based on different advisories from Asterisk, as well as different types of issue - CVE-2007-4103 is basically resource exhaustion via "malformed" handshakes, and CVE-2008-1923 involves Smurf-ish traffic amplification being sent to a spoofed address. - Steve
Current thread:
- asterisk dupe? Moritz Muehlenhoff (Apr 30)
- Re: asterisk dupe? Steven M. Christey (May 05)