UBUNTU-CVE-2015-3008

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2015-3008
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-3008.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-3008
Related
Published
2015-04-10T15:00:00Z
Modified
2025-01-13T10:21:09Z
Summary
[none]
Details

Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

References

Affected packages

Ubuntu:Pro:16.04:LTS / asterisk

Package

Name
asterisk
Purl
pkg:deb/ubuntu/asterisk@1:13.1.0~dfsg-1.1ubuntu4.1+esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:13.*

1:13.1.0~dfsg-1.1ubuntu3
1:13.1.0~dfsg-1.1ubuntu4
1:13.1.0~dfsg-1.1ubuntu4.1
1:13.1.0~dfsg-1.1ubuntu4.1+esm1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / asterisk

Package

Name
asterisk
Purl
pkg:deb/ubuntu/asterisk@1:13.18.3~dfsg-1ubuntu4?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:13.18.3~dfsg-1ubuntu4

Affected versions

1:13.*

1:13.17.2~dfsg-1ubuntu1
1:13.17.2~dfsg-2ubuntu1
1:13.18.1~dfsg-1ubuntu1
1:13.18.3~dfsg-1ubuntu1
1:13.18.3~dfsg-1ubuntu2
1:13.18.3~dfsg-1ubuntu3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "asterisk",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-config",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-dahdi",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-dahdi-dbgsym",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-dbgsym",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-dev",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-doc",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-mobile",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-mobile-dbgsym",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-modules",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-modules-dbgsym",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-mp3",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-mp3-dbgsym",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-mysql",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-mysql-dbgsym",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-ooh323",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-ooh323-dbgsym",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-tests",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-tests-dbgsym",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-voicemail",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-voicemail-dbgsym",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-voicemail-imapstorage",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-voicemail-imapstorage-dbgsym",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-voicemail-odbcstorage",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-voicemail-odbcstorage-dbgsym",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-vpb",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        },
        {
            "binary_name": "asterisk-vpb-dbgsym",
            "binary_version": "1:13.18.3~dfsg-1ubuntu4"
        }
    ],
    "availability": "No subscription required",
    "ubuntu_priority": "medium"
}