ID CVE-2007-3762
Summary Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
References
Vulnerable Configurations
  • cpe:2.3:a:asterisk:asterisk:1.0
    cpe:2.3:a:asterisk:asterisk:1.0
  • cpe:2.3:a:asterisk:asterisk:1.0.10
    cpe:2.3:a:asterisk:asterisk:1.0.10
  • cpe:2.3:a:asterisk:asterisk:1.0.11
    cpe:2.3:a:asterisk:asterisk:1.0.11
  • cpe:2.3:a:asterisk:asterisk:1.0.12
    cpe:2.3:a:asterisk:asterisk:1.0.12
  • cpe:2.3:a:asterisk:asterisk:1.0.6
    cpe:2.3:a:asterisk:asterisk:1.0.6
  • cpe:2.3:a:asterisk:asterisk:1.0.7
    cpe:2.3:a:asterisk:asterisk:1.0.7
  • cpe:2.3:a:asterisk:asterisk:1.0.8
    cpe:2.3:a:asterisk:asterisk:1.0.8
  • cpe:2.3:a:asterisk:asterisk:1.0.9
    cpe:2.3:a:asterisk:asterisk:1.0.9
  • cpe:2.3:a:asterisk:asterisk:1.2.0_beta1
    cpe:2.3:a:asterisk:asterisk:1.2.0_beta1
  • cpe:2.3:a:asterisk:asterisk:1.2.0_beta2
    cpe:2.3:a:asterisk:asterisk:1.2.0_beta2
  • cpe:2.3:a:asterisk:asterisk:1.2.10
    cpe:2.3:a:asterisk:asterisk:1.2.10
  • cpe:2.3:a:asterisk:asterisk:1.2.11
    cpe:2.3:a:asterisk:asterisk:1.2.11
  • cpe:2.3:a:asterisk:asterisk:1.2.12
    cpe:2.3:a:asterisk:asterisk:1.2.12
  • cpe:2.3:a:asterisk:asterisk:1.2.13
    cpe:2.3:a:asterisk:asterisk:1.2.13
  • cpe:2.3:a:asterisk:asterisk:1.2.14
    cpe:2.3:a:asterisk:asterisk:1.2.14
  • cpe:2.3:a:asterisk:asterisk:1.2.15
    cpe:2.3:a:asterisk:asterisk:1.2.15
  • cpe:2.3:a:asterisk:asterisk:1.2.16
    cpe:2.3:a:asterisk:asterisk:1.2.16
  • cpe:2.3:a:asterisk:asterisk:1.2.17
    cpe:2.3:a:asterisk:asterisk:1.2.17
  • cpe:2.3:a:asterisk:asterisk:1.2.5
    cpe:2.3:a:asterisk:asterisk:1.2.5
  • cpe:2.3:a:asterisk:asterisk:1.2.6
    cpe:2.3:a:asterisk:asterisk:1.2.6
  • cpe:2.3:a:asterisk:asterisk:1.2.7
    cpe:2.3:a:asterisk:asterisk:1.2.7
  • cpe:2.3:a:asterisk:asterisk:1.2.8
    cpe:2.3:a:asterisk:asterisk:1.2.8
  • cpe:2.3:a:asterisk:asterisk:1.2.9
    cpe:2.3:a:asterisk:asterisk:1.2.9
  • cpe:2.3:a:asterisk:asterisk:1.4.1
    cpe:2.3:a:asterisk:asterisk:1.4.1
  • cpe:2.3:a:asterisk:asterisk:1.4.2
    cpe:2.3:a:asterisk:asterisk:1.4.2
  • cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27
    cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27
  • cpe:2.3:a:asterisk:asterisk:1.4_beta
    cpe:2.3:a:asterisk:asterisk:1.4_beta
  • cpe:2.3:a:asterisk:asterisk:a:-:business
    cpe:2.3:a:asterisk:asterisk:a:-:business
  • cpe:2.3:a:asterisk:asterisk:b.1.3.2:-:business
    cpe:2.3:a:asterisk:asterisk:b.1.3.2:-:business
  • cpe:2.3:a:asterisk:asterisk:b.1.3.3:-:business
    cpe:2.3:a:asterisk:asterisk:b.1.3.3:-:business
  • cpe:2.3:a:asterisk:asterisk:b.2.2.0:-:business
    cpe:2.3:a:asterisk:asterisk:b.2.2.0:-:business
  • cpe:2.3:a:asterisk:asterisknow:beta_5
    cpe:2.3:a:asterisk:asterisknow:beta_5
  • cpe:2.3:a:asterisk:asterisknow:beta_6
    cpe:2.3:a:asterisk:asterisknow:beta_6
  • cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4
    cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4
  • cpe:2.3:h:asterisk:s800i_appliance:1.0
    cpe:2.3:h:asterisk:s800i_appliance:1.0
  • cpe:2.3:h:asterisk:s800i_appliance:1.0.1
    cpe:2.3:h:asterisk:s800i_appliance:1.0.1
CVSS
Base: 9.3 (as of 19-07-2007 - 11:06)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200802-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-200802-11 (Asterisk: Multiple vulnerabilities) Multiple vulnerabilities have been found in Asterisk: Russel Bryant reported a stack-based buffer overflow in the IAX2 channel driver (chan_iax2) when bridging calls between chan_iax2 and any channel driver that uses RTP for media (CVE-2007-3762). Chris Clark and Zane Lackey (iSEC Partners) reported a NULL pointer dereference in the IAX2 channel driver (chan_iax2) (CVE-2007-3763). Will Drewry (Google Security) reported a vulnerability in the Skinny channel driver (chan_skinny), resulting in an overly large memcpy (CVE-2007-3764). Will Drewry (Google Security) reported a vulnerability in the IAX2 channel driver (chan_iax2), that does not correctly handle unauthenticated transactions using a 3-way handshake (CVE-2007-4103). Impact : By sending a long voice or video RTP frame, a remote attacker could possibly execute arbitrary code on the target machine. Sending specially crafted LAGRQ or LAGRP frames containing information elements of IAX frames, or a certain data length value in a crafted packet, or performing a flood of calls not completing a 3-way handshake, could result in a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 31294
    published 2008-02-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31294
    title GLSA-200802-11 : Asterisk: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1358.NASL
    description Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1306 'Mu Security' discovered that a NULL pointer dereference in the SIP implementation could lead to denial of service. - CVE-2007-1561 Inria Lorraine discovered that a programming error in the SIP implementation could lead to denial of service. - CVE-2007-2294 It was discovered that a NULL pointer dereference in the manager interface could lead to denial of service. - CVE-2007-2297 It was discovered that a programming error in the SIP implementation could lead to denial of service. - CVE-2007-2488 Tim Panton and Birgit Arkestein discovered that a programming error in the IAX2 implementation could lead to information disclosure. - CVE-2007-3762 Russell Bryant discovered that a buffer overflow in the IAX implementation could lead to the execution of arbitrary code. - CVE-2007-3763 Chris Clark and Zane Lackey discovered that several NULL pointer dereferences in the IAX2 implementation could lead to denial of service. - CVE-2007-3764 Will Drewry discovered that a programming error in the Skinny implementation could lead to denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25938
    published 2007-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25938
    title Debian DSA-1358-1 : asterisk - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ASTERISK-3977.NASL
    description This update fixes multiple bugs in asterisk that allowed remote attackers to crash the asterisk server or even execute arbitrary code (CVE-2007-3762, CVE-2007-3763, CVE-2007-3764).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27158
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27158
    title openSUSE 10 Security Update : asterisk (asterisk-3977)
refmap via4
bid 24949
confirm
debian DSA-1358
gentoo GLSA-200802-11
sectrack 1018407
secunia
  • 26099
  • 29051
suse SUSE-SR:2007:015
vupen ADV-2007-2563
xf asterisk-iax2channeldriver-bo(35466)
Last major update 07-03-2011 - 21:57
Published 18-07-2007 - 13:30
Last modified 28-07-2017 - 21:32
Back to Top