ID CVE-2007-3762
Summary Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
References
Vulnerable Configurations
  • cpe:2.3:a:asterisk:asterisk:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*
  • cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*
    cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*
  • cpe:2.3:h:asterisk:s800i_appliance:1.0:*:*:*:*:*:*:*
    cpe:2.3:h:asterisk:s800i_appliance:1.0:*:*:*:*:*:*:*
  • cpe:2.3:h:asterisk:s800i_appliance:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:h:asterisk:s800i_appliance:1.0.1:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 24949
confirm
debian DSA-1358
gentoo GLSA-200802-11
sectrack 1018407
secunia
  • 26099
  • 29051
suse SUSE-SR:2007:015
vupen ADV-2007-2563
xf asterisk-iax2channeldriver-bo(35466)
Last major update 29-07-2017 - 01:32
Published 18-07-2007 - 17:30
Back to Top