Computer Security
[EN] securityvulns.ru no-pyccku


Asterisk PBX SIP DoS
updated since 04.03.2007
Published:22.03.2007
Source:
SecurityVulns ID:7344
Type:remote
Threat Level:
6/10
Description:Application crash on malcrafted SIP packet.
Affected:ASTERISK : Asterisk 1.2
 DIGIUM : Asterisk 1.4
CVE:CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.)
 CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet.)
 CVE-2007-1561 (The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.)
 CVE-2007-1306 (Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.)
Original documentdocumentMatt Riddell (IT), Two new DoS Vulnerabilities in Asterisk Fixed (22.03.2007)
 documentRadu State, [Full-disclosure] Asterisk SDP DOS vulnerability (19.03.2007)
 documentnoreply_(at)_musecurity.com, [Full-disclosure] [MU-200703-01] Remote DOS in Asterisk SIP (09.03.2007)
 documentAnonymous Person, [Full-disclosure] asterisk remote pre-auth denial of service (04.03.2007)
Files:Exploits Asterisk INVITE SIP message DoS
 Exploits Asterisk SIP DoS vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod