Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2007-1306

Published: 07/03/2007 Updated: 29/07/2017
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 785
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

Asterisk 1.4 prior to 1.4.1 and 1.2 prior to 1.2.16 allows remote malicious users to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.

Vulnerable Product Search on Vulmon Subscribe to Product

digium asterisk 1.2.11

digium asterisk 1.2.0 beta1

digium asterisk 1.2.12

digium asterisk 1.2.10

digium asterisk 1.2.9

digium asterisk 1.4.0

digium asterisk 1.2.13

digium asterisk 1.2 beta2

digium asterisk 1.4.0 beta1

digium asterisk 1.4.0 beta2

digium asterisk 1.2.8

digium asterisk 1.2.6

digium asterisk 1.2.15

digium asterisk 1.2.7

digium asterisk 1.2.14

digium asterisk 1.2 beta1

digium asterisk 1.2.0 beta2

digium asterisk 1.2.12.1

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2007-1594: Asterisk segfaults upon receipt of a certain SIP packet (SIP Response code 0)
Debian Bug report logs - #419820 CVE-2007-1594: Asterisk segfaults upon receipt of a certain SIP packet (SIP Response code 0) Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Frédéric Brière ...
Debian Security Advisories: DSA-1358-1 asterisk -- several vulnerabilities
Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1306 Mu Security discovered that a NULL pointer dereference in the SIP implementation could lead to denial of service CVE-2007-1561 Inr ...

Exploits

Exploit DB: Asterisk 1.2.15/1.4.0 - Remote Denial of Service
/* this will cause asterisk to segfault, the bug that this exploits has been patched in release 1216 & 141 CLI> Program received signal SIGSEGV, Segmentation fault [Switching to Thread 1082719152 (LWP 2510)] register_verify (p=0x81cf600, sin=0x4088e750, req=0x4088e760, uri=0x0) at chan_sipc:8257 8257 while (*t &&a ...

References

NVD-CWE-Otherhttp://asterisk.org/node/48319http://asterisk.org/node/48320http://www.kb.cert.org/vuls/id/228032http://www.securitytracker.com/id?1017723http://labs.musecurity.com/advisories/MU-200703-01.txthttp://security.gentoo.org/glsa/glsa-200703-14.xmlhttp://www.securityfocus.com/bid/22838http://secunia.com/advisories/24380http://secunia.com/advisories/24578http://www.osvdb.org/33888http://www.debian.org/security/2007/dsa-1358http://www.novell.com/linux/security/advisories/2007_34_asterisk.htmlhttp://secunia.com/advisories/25582http://www.vupen.com/english/advisories/2007/0830https://exchange.xforce.ibmcloud.com/vulnerabilities/32830https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419820https://www.exploit-db.com/exploits/3407/https://www.kb.cert.org/vuls/id/228032
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103CVE-2024-36279CVE-2024-38457elevation of privilegeCVE-2024-27801CVE-2024-30103NULL pointer dereferenceCVE-2024-6057XML injection
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook