Computer Security
[EN] securityvulns.ru no-pyccku


Asterisk VoIP server multiple security vulnerabilities
Published:19.07.2007
Source:
SecurityVulns ID:7943
Type:remote
Threat Level:
7/10
Description:Buffer overflow and DoS on IAX2 implementation, DoS in Skinny and STUN implementation.
Affected:ASTERISK : Asterisk 1.2
 DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk s800i
CVE:CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.)
 CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy.")
 CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.)
 CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.)
Original documentdocumentASTERISK, ASA-2007-017: Remote Crash Vulnerability in STUN implementation (19.07.2007)
 documentASTERISK, ASA-2007-016: Remote crash vulnerability in Skinny channel driver (19.07.2007)
 documentASTERISK, ASA-2007-015: Remote Crash Vulnerability in IAX2 channel driver (19.07.2007)
 documentASTERISK, ASA-2007-014: Stack buffer overflow in IAX2 channel driver (19.07.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod