Published: 18/07/2007 Updated: 29/07/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The Skinny channel driver (chan_skinny) in Asterisk prior to 1.2.22 and 1.4.x prior to 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit prior to 0.5.0, and s800i prior to 1.0.2 allows remote malicious users to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."

Vulnerable Product	Search on Vulmon	Subscribe to Product
asterisk asterisk 1.0.10
asterisk asterisk 1.0.11
asterisk asterisk 1.2.0_beta2
asterisk asterisk 1.2.10
asterisk asterisk 1.2.5
asterisk asterisk 1.2.6
asterisk asterisk 1.4_beta
asterisk asterisk a
asterisk asterisk 1.0.12
asterisk asterisk 1.0.6
asterisk asterisk 1.2.11
asterisk asterisk 1.2.12
asterisk asterisk 1.2.13
asterisk asterisk 1.2.7
asterisk asterisk 1.2.8
asterisk asterisk b.1.3.2
asterisk asterisk b.1.3.3
asterisk asterisk 1.0
asterisk asterisk 1.0.9
asterisk asterisk 1.2.0_beta1
asterisk asterisk 1.2.16
asterisk asterisk 1.2.17
asterisk asterisk 1.4.2
asterisk asterisk 1.4.4_2007-04-27
asterisk asterisknow beta_6
asterisk asterisk appliance developer kit
asterisk asterisk 1.0.7
asterisk asterisk 1.0.8
asterisk asterisk 1.2.14
asterisk asterisk 1.2.15
asterisk asterisk 1.2.9
asterisk asterisk 1.4.1
asterisk asterisk b.2.2.0
asterisk asterisknow beta_5
asterisk s800i appliance 1.0
asterisk s800i appliance 1.0.1

Debian Bug report logs - #419820 CVE-2007-1594: Asterisk segfaults upon receipt of a certain SIP packet (SIP Response code 0) Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Frédéric Brière ...

Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1306 Mu Security discovered that a NULL pointer dereference in the SIP implementation could lead to denial of service CVE-2007-1561 Inr ...

/* * AstKilla2c * gcc -o astkilla2 astkilla2c * /astkilla2 -h 216246***** * In no event will the author of this source be liable for any loss or damage of a material or * immaterial nature arising from access to, use or non-use of published information, or from misuse of the connection or technical faults chan_skinny runs ...

NVD-CWE-Other http://ftp.digium.com/pub/asa/ASA-2007-016.pdf http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://secunia.com/advisories/26099 http://bugs.gentoo.org/show_bug.cgi?id=185713 http://security.gentoo.org/glsa/glsa-200802-11.xml http://secunia.com/advisories/29051 http://www.vupen.com/english/advisories/2007/2563 https://exchange.xforce.ibmcloud.com/vulnerabilities/35478 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419820 https://nvd.nist.gov https://www.exploit-db.com/exploits/4196/https://www.debian.org/security/./dsa-1358

CVE-2007-3764

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect