CVE-2007-1561 - The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause

CVE-2007-1561

Summary

The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.

References

Vulnerable Configurations

cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 16-10-2018 - 16:39)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	23031
bugtraq	20070321 Two new DoS Vulnerabilities in Asterisk Fixed
confirm	http://asterisk.org/node/48339 http://www.sineapps.com/news.php?rssid=1707
debian	DSA-1358
fulldisc	20070319 Asterisk SDP DOS vulnerability
gentoo	GLSA-200704-01
mlist	[VOIPSEC] 20070319 Asterisk SDP DOS vulnerability
osvdb	34479
sectrack	1017794
secunia	24564 24719 25582
suse	SUSE-SA:2007:034
vupen	ADV-2007-1039
xf	asterisk-sip-invite-dos(33068)

Last major update

16-10-2018 - 16:39

Published

21-03-2007 - 19:19

Last modified

16-10-2018 - 16:39