Published: 18/07/2007 Updated: 08/03/2011

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The IAX2 channel driver (chan_iax2) in Asterisk prior to 1.2.22 and 1.4.x prior to 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit prior to 0.5.0, and s800i prior to 1.0.2 allows remote malicious users to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
asterisk asterisk 1.0
asterisk asterisk 1.2.0_beta1
asterisk asterisk 1.2.0_beta2
asterisk asterisk 1.2.16
asterisk asterisk 1.2.17
asterisk asterisk 1.4.2
asterisk asterisk 1.0.8
asterisk asterisk 1.0.9
asterisk asterisk 1.2.14
asterisk asterisk 1.2.15
asterisk asterisk 1.2.9
asterisk asterisk 1.4.1
asterisk asterisknow beta_5
asterisk asterisknow beta_6
asterisk asterisk 1.4.4_2007-04-27
asterisk asterisk appliance developer kit
asterisk asterisk 1.0.12
asterisk asterisk 1.0.6
asterisk asterisk 1.0.7
asterisk asterisk 1.2.12
asterisk asterisk 1.2.13
asterisk asterisk 1.2.7
asterisk asterisk 1.2.8
asterisk asterisk b.1.3.3
asterisk asterisk b.2.2.0
asterisk asterisk 1.0.10
asterisk asterisk 1.0.11
asterisk asterisk 1.2.10
asterisk asterisk 1.2.11
asterisk asterisk 1.2.5
asterisk asterisk 1.2.6
asterisk asterisk 1.4_beta
asterisk asterisk a
asterisk asterisk b.1.3.2
asterisk s800i appliance 1.0
asterisk s800i appliance 1.0.1

Debian Bug report logs - #419820 CVE-2007-1594: Asterisk segfaults upon receipt of a certain SIP packet (SIP Response code 0) Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Frédéric Brière ...

Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1306 Mu Security discovered that a NULL pointer dereference in the SIP implementation could lead to denial of service CVE-2007-1561 Inr ...

#!/usr/bin/env ruby # author = tenkei_ev # Script to test chan_iax for the vuln in ASA-2007-015 # Trigger subtypes of 11 or 12 will crash an unpatched server # # First establish a call - send new, recv accept, send ack, recv answer, send ack # Then send IAX2 control packets with subtypes 0x0b or 0x0c that contain an information element # If asteris ...

NVD-CWE-Other http://ftp.digium.com/pub/asa/ASA-2007-015.pdf http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://secunia.com/advisories/26099 http://bugs.gentoo.org/show_bug.cgi?id=185713 http://security.gentoo.org/glsa/glsa-200802-11.xml http://secunia.com/advisories/29051 http://www.vupen.com/english/advisories/2007/2563 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419820 https://nvd.nist.gov https://www.exploit-db.com/exploits/4249/https://www.debian.org/security/./dsa-1358

CVE-2007-3763

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect