CVE-2006-5445 - Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1

CVE-2006-5445

Summary

Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. This vulnerability is addressed in the following product releases: Digium, Asterisk, 1.4.0-beta2 Digium, Asterisk, 1.2.13

References

Vulnerable Configurations

cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.0_beta2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.0_beta2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.0_beta1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.0_beta1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.0_beta2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.0_beta2:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 17-10-2018 - 21:42)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	20835
confirm	http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 http://www.asterisk.org/node/109 http://www.asterisk.org/node/110
gentoo	GLSA-200610-15
openpkg	OpenPKG-SA-2006.024
osvdb	29973
secunia	22651 22979
suse	SUSE-SA:2006:069
vupen	ADV-2006-4098
xf	asterisk-channeldriver-dos(29664)

Last major update

17-10-2018 - 21:42

Published

23-10-2006 - 17:07

Last modified

17-10-2018 - 21:42