CVE-2008-1289

Asterisk Open Source <1.4.18.1-1.6.0-beta6 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1289. PoCs published by Mu Security research.

AI-analyzed exploit summary The provided text describes a buffer overflow vulnerability in Asterisk (CVE-2008-1289) due to inadequate boundary checks on user-supplied SDP payloads. It includes example payloads that could trigger the vulnerability but does not contain executable exploit code.

Description

Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Mu Security research · textdoslinux
https://www.exploit-db.com/exploits/31440

The provided text describes a buffer overflow vulnerability in Asterisk (CVE-2008-1289) due to inadequate boundary checks on user-supplied SDP payloads. It includes example payloads that could trigger the vulnerability but does not contain executable exploit code.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Theoretical
Target: Asterisk Open Source prior to 1.4.18.1, 1.4.19-rc3, 1.6.0-beta6; Asterisk Business Edition prior to C.1.6.1; AsteriskNOW prior to 1.0.2; Asterisk Appliance Developer Kit prior to revision 109386; s800i prior to 1.1.0.2
No auth needed
Prerequisites: Network access to the Asterisk server · Ability to send crafted SDP payloads
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28308
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3763
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41305
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1019628
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29426
Various Sources x_refsource_confirm
http://www.asterisk.org/node/48466
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489817/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0928
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41302
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29470

Scores

EPSS 0.1152
EPSS Percentile 95.5%

Details

CWE
CWE-119
Status published
Products (6)
asterisk/asterisk_appliance_developer_kit 1.4
asterisk/asterisk_business_edition < c.1.0-beta8
asterisk/asterisknow < 1.0.1
asterisk/open_source < 1.4.18
asterisk/open_source < 1.4.19
asterisk/s800i < 1.1.0.1
Published Mar 24, 2008
Tracked Since Feb 18, 2026