ID CVE-2007-3763
Summary The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.
References
Vulnerable Configurations
  • cpe:2.3:a:asterisk:asterisk:1.0
    cpe:2.3:a:asterisk:asterisk:1.0
  • cpe:2.3:a:asterisk:asterisk:1.0.10
    cpe:2.3:a:asterisk:asterisk:1.0.10
  • cpe:2.3:a:asterisk:asterisk:1.0.11
    cpe:2.3:a:asterisk:asterisk:1.0.11
  • cpe:2.3:a:asterisk:asterisk:1.0.12
    cpe:2.3:a:asterisk:asterisk:1.0.12
  • cpe:2.3:a:asterisk:asterisk:1.0.6
    cpe:2.3:a:asterisk:asterisk:1.0.6
  • cpe:2.3:a:asterisk:asterisk:1.0.7
    cpe:2.3:a:asterisk:asterisk:1.0.7
  • cpe:2.3:a:asterisk:asterisk:1.0.8
    cpe:2.3:a:asterisk:asterisk:1.0.8
  • cpe:2.3:a:asterisk:asterisk:1.0.9
    cpe:2.3:a:asterisk:asterisk:1.0.9
  • cpe:2.3:a:asterisk:asterisk:1.2.0_beta1
    cpe:2.3:a:asterisk:asterisk:1.2.0_beta1
  • cpe:2.3:a:asterisk:asterisk:1.2.0_beta2
    cpe:2.3:a:asterisk:asterisk:1.2.0_beta2
  • cpe:2.3:a:asterisk:asterisk:1.2.10
    cpe:2.3:a:asterisk:asterisk:1.2.10
  • cpe:2.3:a:asterisk:asterisk:1.2.11
    cpe:2.3:a:asterisk:asterisk:1.2.11
  • cpe:2.3:a:asterisk:asterisk:1.2.12
    cpe:2.3:a:asterisk:asterisk:1.2.12
  • cpe:2.3:a:asterisk:asterisk:1.2.13
    cpe:2.3:a:asterisk:asterisk:1.2.13
  • cpe:2.3:a:asterisk:asterisk:1.2.14
    cpe:2.3:a:asterisk:asterisk:1.2.14
  • cpe:2.3:a:asterisk:asterisk:1.2.15
    cpe:2.3:a:asterisk:asterisk:1.2.15
  • cpe:2.3:a:asterisk:asterisk:1.2.16
    cpe:2.3:a:asterisk:asterisk:1.2.16
  • cpe:2.3:a:asterisk:asterisk:1.2.17
    cpe:2.3:a:asterisk:asterisk:1.2.17
  • cpe:2.3:a:asterisk:asterisk:1.2.5
    cpe:2.3:a:asterisk:asterisk:1.2.5
  • cpe:2.3:a:asterisk:asterisk:1.2.6
    cpe:2.3:a:asterisk:asterisk:1.2.6
  • cpe:2.3:a:asterisk:asterisk:1.2.7
    cpe:2.3:a:asterisk:asterisk:1.2.7
  • cpe:2.3:a:asterisk:asterisk:1.2.8
    cpe:2.3:a:asterisk:asterisk:1.2.8
  • cpe:2.3:a:asterisk:asterisk:1.2.9
    cpe:2.3:a:asterisk:asterisk:1.2.9
  • cpe:2.3:a:asterisk:asterisk:1.4.1
    cpe:2.3:a:asterisk:asterisk:1.4.1
  • cpe:2.3:a:asterisk:asterisk:1.4.2
    cpe:2.3:a:asterisk:asterisk:1.4.2
  • cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27
    cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27
  • cpe:2.3:a:asterisk:asterisk:1.4_beta
    cpe:2.3:a:asterisk:asterisk:1.4_beta
  • cpe:2.3:a:asterisk:asterisk:a:-:business
    cpe:2.3:a:asterisk:asterisk:a:-:business
  • cpe:2.3:a:asterisk:asterisk:b.1.3.2:-:business
    cpe:2.3:a:asterisk:asterisk:b.1.3.2:-:business
  • cpe:2.3:a:asterisk:asterisk:b.1.3.3:-:business
    cpe:2.3:a:asterisk:asterisk:b.1.3.3:-:business
  • cpe:2.3:a:asterisk:asterisk:b.2.2.0:-:business
    cpe:2.3:a:asterisk:asterisk:b.2.2.0:-:business
  • cpe:2.3:a:asterisk:asterisknow:beta_5
    cpe:2.3:a:asterisk:asterisknow:beta_5
  • cpe:2.3:a:asterisk:asterisknow:beta_6
    cpe:2.3:a:asterisk:asterisknow:beta_6
  • cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4
    cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:0.4
  • cpe:2.3:h:asterisk:s800i_appliance:1.0
    cpe:2.3:h:asterisk:s800i_appliance:1.0
  • cpe:2.3:h:asterisk:s800i_appliance:1.0.1
    cpe:2.3:h:asterisk:s800i_appliance:1.0.1
CVSS
Base: 5.0 (as of 19-07-2007 - 11:33)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200802-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-200802-11 (Asterisk: Multiple vulnerabilities) Multiple vulnerabilities have been found in Asterisk: Russel Bryant reported a stack-based buffer overflow in the IAX2 channel driver (chan_iax2) when bridging calls between chan_iax2 and any channel driver that uses RTP for media (CVE-2007-3762). Chris Clark and Zane Lackey (iSEC Partners) reported a NULL pointer dereference in the IAX2 channel driver (chan_iax2) (CVE-2007-3763). Will Drewry (Google Security) reported a vulnerability in the Skinny channel driver (chan_skinny), resulting in an overly large memcpy (CVE-2007-3764). Will Drewry (Google Security) reported a vulnerability in the IAX2 channel driver (chan_iax2), that does not correctly handle unauthenticated transactions using a 3-way handshake (CVE-2007-4103). Impact : By sending a long voice or video RTP frame, a remote attacker could possibly execute arbitrary code on the target machine. Sending specially crafted LAGRQ or LAGRP frames containing information elements of IAX frames, or a certain data length value in a crafted packet, or performing a flood of calls not completing a 3-way handshake, could result in a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 31294
    published 2008-02-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31294
    title GLSA-200802-11 : Asterisk: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1358.NASL
    description Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1306 'Mu Security' discovered that a NULL pointer dereference in the SIP implementation could lead to denial of service. - CVE-2007-1561 Inria Lorraine discovered that a programming error in the SIP implementation could lead to denial of service. - CVE-2007-2294 It was discovered that a NULL pointer dereference in the manager interface could lead to denial of service. - CVE-2007-2297 It was discovered that a programming error in the SIP implementation could lead to denial of service. - CVE-2007-2488 Tim Panton and Birgit Arkestein discovered that a programming error in the IAX2 implementation could lead to information disclosure. - CVE-2007-3762 Russell Bryant discovered that a buffer overflow in the IAX implementation could lead to the execution of arbitrary code. - CVE-2007-3763 Chris Clark and Zane Lackey discovered that several NULL pointer dereferences in the IAX2 implementation could lead to denial of service. - CVE-2007-3764 Will Drewry discovered that a programming error in the Skinny implementation could lead to denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25938
    published 2007-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25938
    title Debian DSA-1358-1 : asterisk - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ASTERISK-3977.NASL
    description This update fixes multiple bugs in asterisk that allowed remote attackers to crash the asterisk server or even execute arbitrary code (CVE-2007-3762, CVE-2007-3763, CVE-2007-3764).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27158
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27158
    title openSUSE 10 Security Update : asterisk (asterisk-3977)
packetstorm via4
data source https://packetstormsecurity.com/files/download/58211/asa-2007-015.rb.txt
id PACKETSTORM:58211
last seen 2016-12-05
published 2007-08-01
reporter tenkei_ev
source https://packetstormsecurity.com/files/58211/asa-2007-015.rb.txt.html
title asa-2007-015.rb.txt
refmap via4
bid 24950
confirm
debian DSA-1358
gentoo GLSA-200802-11
sectrack 1018407
secunia
  • 26099
  • 29051
suse SUSE-SR:2007:015
vupen ADV-2007-2563
Last major update 07-03-2011 - 21:57
Published 18-07-2007 - 13:30
Back to Top