ID CVE-2007-2297
Summary The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).
References
Vulnerable Configurations
  • cpe:2.3:a:asterisk:asterisk:1.2.0_beta1
    cpe:2.3:a:asterisk:asterisk:1.2.0_beta1
  • cpe:2.3:a:asterisk:asterisk:1.2.0_beta2
    cpe:2.3:a:asterisk:asterisk:1.2.0_beta2
  • cpe:2.3:a:asterisk:asterisk:1.2.10
    cpe:2.3:a:asterisk:asterisk:1.2.10
  • cpe:2.3:a:asterisk:asterisk:1.2.11
    cpe:2.3:a:asterisk:asterisk:1.2.11
  • cpe:2.3:a:asterisk:asterisk:1.2.12
    cpe:2.3:a:asterisk:asterisk:1.2.12
  • cpe:2.3:a:asterisk:asterisk:1.2.13
    cpe:2.3:a:asterisk:asterisk:1.2.13
  • cpe:2.3:a:asterisk:asterisk:1.2.14
    cpe:2.3:a:asterisk:asterisk:1.2.14
  • cpe:2.3:a:asterisk:asterisk:1.2.15
    cpe:2.3:a:asterisk:asterisk:1.2.15
  • cpe:2.3:a:asterisk:asterisk:1.2.16
    cpe:2.3:a:asterisk:asterisk:1.2.16
  • cpe:2.3:a:asterisk:asterisk:1.2.17
    cpe:2.3:a:asterisk:asterisk:1.2.17
  • cpe:2.3:a:asterisk:asterisk:1.4.1
    cpe:2.3:a:asterisk:asterisk:1.4.1
  • cpe:2.3:a:asterisk:asterisk:1.4.2
    cpe:2.3:a:asterisk:asterisk:1.4.2
  • cpe:2.3:a:asterisk:asterisk:1.4_beta
    cpe:2.3:a:asterisk:asterisk:1.4_beta
CVSS
Base: 7.8 (as of 27-04-2007 - 10:28)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ASTERISK-3543.NASL
    description This update fixes multiple bugs that allowed attackers to remotely crash asterisk or cause an information leak (CVE-2007-1561, CVE-2007-1594, CVE-2007-1595, CVE-2007-2297, CVE-2007-2488).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27157
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27157
    title openSUSE 10 Security Update : asterisk (asterisk-3543)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1358.NASL
    description Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1306 'Mu Security' discovered that a NULL pointer dereference in the SIP implementation could lead to denial of service. - CVE-2007-1561 Inria Lorraine discovered that a programming error in the SIP implementation could lead to denial of service. - CVE-2007-2294 It was discovered that a NULL pointer dereference in the manager interface could lead to denial of service. - CVE-2007-2297 It was discovered that a programming error in the SIP implementation could lead to denial of service. - CVE-2007-2488 Tim Panton and Birgit Arkestein discovered that a programming error in the IAX2 implementation could lead to information disclosure. - CVE-2007-3762 Russell Bryant discovered that a buffer overflow in the IAX implementation could lead to the execution of arbitrary code. - CVE-2007-3763 Chris Clark and Zane Lackey discovered that several NULL pointer dereferences in the IAX2 implementation could lead to denial of service. - CVE-2007-3764 Will Drewry discovered that a programming error in the Skinny implementation could lead to denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25938
    published 2007-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25938
    title Debian DSA-1358-1 : asterisk - several vulnerabilities
refmap via4
bid 24359
bugtraq 20070425 ASA-2007-011: Multiple problems in SIP channel parser handling response codes
confirm http://www.asterisk.org/files/ASA-2007-011.pdf
debian DSA-1358
misc http://bugs.digium.com/view.php?id=9313
sectrack 1017954
secunia 25582
sreason 2644
suse SUSE-SA:2007:034
xf asterisk-sip-response-dos(33892)
Last major update 05-09-2008 - 17:22
Published 26-04-2007 - 16:19
Last modified 16-10-2018 - 12:43
Back to Top