Search
Find a vulnerability
Search criteria
26 vulnerabilities found for asterisk_appliance_developer_kit by asterisk
CVE-2008-3264 (GCVE-0-2008-3264)
Vulnerability from nvd – Published: 2008-07-24 15:18 – Updated: 2024-08-07 09:28
VLAI
Summary
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1020536 | vdb-entryx_refsource_SECTRACK |
| http://security.gentoo.org/glsa/glsa-200905-01.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/31194 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/2168… | vdb-entryx_refsource_VUPEN |
| http://downloads.digium.com/pub/security/AST-2008… | x_refsource_CONFIRM |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/31178 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/30350 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/494676/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/34982 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020536"
},
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "31194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31194"
},
{
"name": "ADV-2008-2168",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
},
{
"name": "FEDORA-2008-6676",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
},
{
"name": "31178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31178"
},
{
"name": "asterisk-downloadprotocol-dos(43955)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
},
{
"name": "30350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30350"
},
{
"name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020536"
},
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "31194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31194"
},
{
"name": "ADV-2008-2168",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
},
{
"name": "FEDORA-2008-6676",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
},
{
"name": "31178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31178"
},
{
"name": "asterisk-downloadprotocol-dos(43955)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
},
{
"name": "30350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30350"
},
{
"name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020536",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020536"
},
{
"name": "GLSA-200905-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "31194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31194"
},
{
"name": "ADV-2008-2168",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-011.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
},
{
"name": "FEDORA-2008-6676",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
},
{
"name": "31178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31178"
},
{
"name": "asterisk-downloadprotocol-dos(43955)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
},
{
"name": "30350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30350"
},
{
"name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
},
{
"name": "34982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3264",
"datePublished": "2008-07-24T15:18:00.000Z",
"dateReserved": "2008-07-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:28:41.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1897 (GCVE-0-2008-1897)
Vulnerability from nvd – Published: 2008-04-23 00:00 – Updated: 2024-08-07 08:40
VLAI
Summary
The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
27 references
Date Public
2008-04-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "29927",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/29927"
},
{
"name": "asterisk-iax2protocol-ack-dos(41966)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966"
},
{
"name": "28901",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28901"
},
{
"name": "30010",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/30010"
},
{
"name": "ADV-2008-1324",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1324"
},
{
"tags": [
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://bugs.digium.com/view.php?id=10078"
},
{
"name": "FEDORA-2008-3390",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html"
},
{
"name": "20080422 AST-2008-006 - 3-way handshake in IAX2 incomplete",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491220/100/0/threaded"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=2"
},
{
"name": "30042",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/30042"
},
{
"name": "DSA-1563",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1563"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/34982"
},
{
"name": "1019918",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019918"
},
{
"name": "FEDORA-2008-3365",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2008-006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server\u0027s reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T02:02:11.362Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "29927",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/29927"
},
{
"name": "asterisk-iax2protocol-ack-dos(41966)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966"
},
{
"name": "28901",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/28901"
},
{
"name": "30010",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/30010"
},
{
"name": "ADV-2008-1324",
"tags": [
"vdb-entry"
],
"url": "http://www.vupen.com/english/advisories/2008/1324"
},
{
"url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
},
{
"url": "http://bugs.digium.com/view.php?id=10078"
},
{
"name": "FEDORA-2008-3390",
"tags": [
"vendor-advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html"
},
{
"name": "20080422 AST-2008-006 - 3-way handshake in IAX2 incomplete",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/491220/100/0/threaded"
},
{
"url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=2"
},
{
"name": "30042",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/30042"
},
{
"name": "DSA-1563",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1563"
},
{
"name": "34982",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/34982"
},
{
"name": "1019918",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id?1019918"
},
{
"name": "FEDORA-2008-3365",
"tags": [
"vendor-advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2008-006.html"
},
{
"url": "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83"
},
{
"url": "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2"
},
{
"url": "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a"
},
{
"url": "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90"
},
{
"url": "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6"
},
{
"url": "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e"
},
{
"url": "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b"
},
{
"url": "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7"
},
{
"url": "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb"
},
{
"url": "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1897",
"datePublished": "2008-04-23T00:00:00.000Z",
"dateReserved": "2008-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:40:59.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1923 (GCVE-0-2008-1923)
Vulnerability from nvd – Published: 2008-04-23 16:00 – Updated: 2024-08-07 08:41
VLAI
Summary
The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://downloads.digium.com/pub/security/AST-2008… | x_refsource_CONFIRM |
| http://bugs.digium.com/view.php?id=10078 | x_refsource_CONFIRM |
| http://www.altsci.com/concepts/page.php?s=asteri&p=1 | x_refsource_MISC |
Date Public
2008-04-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asterisk-new-dos(42049)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.digium.com/view.php?id=10078"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asterisk-new-dos(42049)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.digium.com/view.php?id=10078"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asterisk-new-dos(42049)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-006.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
},
{
"name": "http://bugs.digium.com/view.php?id=10078",
"refsource": "CONFIRM",
"url": "http://bugs.digium.com/view.php?id=10078"
},
{
"name": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1",
"refsource": "MISC",
"url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1923",
"datePublished": "2008-04-23T16:00:00.000Z",
"dateReserved": "2008-04-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:41:00.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1289 (GCVE-0-2008-1289)
Vulnerability from nvd – Published: 2008-03-24 17:00 – Updated: 2024-08-07 08:17
VLAI
Summary
Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2008-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28308",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28308"
},
{
"name": "3763",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3763"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
},
{
"name": "asterisk-rtp-codecpayload-bo(41305)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
},
{
"name": "1019628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019628"
},
{
"name": "29426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29426"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asterisk.org/node/48466"
},
{
"name": "FEDORA-2008-2554",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
},
{
"name": "ADV-2008-0928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
},
{
"name": "FEDORA-2008-2620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "asterisk-rtppayload-bo(41302)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
},
{
"name": "29470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28308",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28308"
},
{
"name": "3763",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3763"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
},
{
"name": "asterisk-rtp-codecpayload-bo(41305)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
},
{
"name": "1019628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019628"
},
{
"name": "29426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29426"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asterisk.org/node/48466"
},
{
"name": "FEDORA-2008-2554",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
},
{
"name": "ADV-2008-0928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
},
{
"name": "FEDORA-2008-2620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "asterisk-rtppayload-bo(41302)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
},
{
"name": "29470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28308"
},
{
"name": "3763",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3763"
},
{
"name": "http://labs.musecurity.com/advisories/MU-200803-01.txt",
"refsource": "MISC",
"url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
},
{
"name": "asterisk-rtp-codecpayload-bo(41305)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
},
{
"name": "1019628",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019628"
},
{
"name": "29426",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29426"
},
{
"name": "http://www.asterisk.org/node/48466",
"refsource": "CONFIRM",
"url": "http://www.asterisk.org/node/48466"
},
{
"name": "FEDORA-2008-2554",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
},
{
"name": "ADV-2008-0928",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
},
{
"name": "FEDORA-2008-2620",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "asterisk-rtppayload-bo(41302)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
},
{
"name": "29470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1289",
"datePublished": "2008-03-24T17:00:00.000Z",
"dateReserved": "2008-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:34.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1390 (GCVE-0-2008-1390)
Vulnerability from nvd – Published: 2008-03-24 17:00 – Updated: 2024-08-07 08:17
VLAI
Summary
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3764 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/28316 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/489819/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/29449 | third-party-advisoryx_refsource_SECUNIA |
| http://downloads.digium.com/pub/security/AST-2008… | x_refsource_CONFIRM |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.securitytracker.com/id?1019679 | vdb-entryx_refsource_SECTRACK |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/29470 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3764",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3764"
},
{
"name": "28316",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28316"
},
{
"name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
},
{
"name": "asterisk-httpmanagerid-weak-security(41304)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
},
{
"name": "29449",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29449"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
},
{
"name": "FEDORA-2008-2554",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019679"
},
{
"name": "FEDORA-2008-2620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3764",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3764"
},
{
"name": "28316",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28316"
},
{
"name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
},
{
"name": "asterisk-httpmanagerid-weak-security(41304)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
},
{
"name": "29449",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29449"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
},
{
"name": "FEDORA-2008-2554",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019679"
},
{
"name": "FEDORA-2008-2620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3764",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3764"
},
{
"name": "28316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28316"
},
{
"name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
},
{
"name": "asterisk-httpmanagerid-weak-security(41304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
},
{
"name": "29449",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29449"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
},
{
"name": "FEDORA-2008-2554",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019679",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019679"
},
{
"name": "FEDORA-2008-2620",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1390",
"datePublished": "2008-03-24T17:00:00.000Z",
"dateReserved": "2008-03-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:34.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1332 (GCVE-0-2008-1332)
Vulnerability from nvd – Published: 2008-03-20 00:00 – Updated: 2024-08-07 08:17
VLAI
Summary
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2008-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"name": "29782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29782"
},
{
"name": "GLSA-200804-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
},
{
"name": "28310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28310"
},
{
"name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
},
{
"name": "DSA-1525",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1525"
},
{
"name": "29426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29426"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asterisk.org/node/48466"
},
{
"name": "FEDORA-2008-2554",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019629",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019629"
},
{
"name": "asterisk-sip-security-bypass(41308)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
},
{
"name": "ADV-2008-0928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"name": "FEDORA-2008-2620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29957"
},
{
"name": "29456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29456"
},
{
"name": "29470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"name": "29782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29782"
},
{
"name": "GLSA-200804-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
},
{
"name": "28310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28310"
},
{
"name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
},
{
"name": "DSA-1525",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1525"
},
{
"name": "29426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29426"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asterisk.org/node/48466"
},
{
"name": "FEDORA-2008-2554",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019629",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019629"
},
{
"name": "asterisk-sip-security-bypass(41308)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
},
{
"name": "ADV-2008-0928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"name": "FEDORA-2008-2620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29957"
},
{
"name": "29456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29456"
},
{
"name": "29470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"name": "29782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29782"
},
{
"name": "GLSA-200804-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
},
{
"name": "28310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28310"
},
{
"name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
},
{
"name": "DSA-1525",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1525"
},
{
"name": "29426",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29426"
},
{
"name": "http://www.asterisk.org/node/48466",
"refsource": "CONFIRM",
"url": "http://www.asterisk.org/node/48466"
},
{
"name": "FEDORA-2008-2554",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019629",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019629"
},
{
"name": "asterisk-sip-security-bypass(41308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
},
{
"name": "ADV-2008-0928",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"name": "FEDORA-2008-2620",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29957"
},
{
"name": "29456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29456"
},
{
"name": "29470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1332",
"datePublished": "2008-03-20T00:00:00.000Z",
"dateReserved": "2008-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:34.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0095 (GCVE-0-2008-0095)
Vulnerability from nvd – Published: 2008-01-08 02:00 – Updated: 2024-08-07 07:32
VLAI
Summary
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/27110 | vdb-entryx_refsource_BID |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.vupen.com/english/advisories/2008/0019 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/485727/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/3520 | third-party-advisoryx_refsource_SREASON |
| http://bugs.digium.com/view.php?id=11637 | x_refsource_MISC |
| http://secunia.com/advisories/28312 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1019152 | vdb-entryx_refsource_SECTRACK |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://downloads.digium.com/pub/security/AST-2008… | x_refsource_CONFIRM |
| http://secunia.com/advisories/28299 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-01-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27110",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27110"
},
{
"name": "FEDORA-2008-0199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
},
{
"name": "ADV-2008-0019",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0019"
},
{
"name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
},
{
"name": "asterisk-bye-also-dos(39361)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
},
{
"name": "3520",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3520"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.digium.com/view.php?id=11637"
},
{
"name": "28312",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28312"
},
{
"name": "1019152",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019152"
},
{
"name": "FEDORA-2008-0198",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
},
{
"name": "28299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27110",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27110"
},
{
"name": "FEDORA-2008-0199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
},
{
"name": "ADV-2008-0019",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0019"
},
{
"name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
},
{
"name": "asterisk-bye-also-dos(39361)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
},
{
"name": "3520",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3520"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.digium.com/view.php?id=11637"
},
{
"name": "28312",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28312"
},
{
"name": "1019152",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019152"
},
{
"name": "FEDORA-2008-0198",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
},
{
"name": "28299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27110",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27110"
},
{
"name": "FEDORA-2008-0199",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
},
{
"name": "ADV-2008-0019",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0019"
},
{
"name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
},
{
"name": "asterisk-bye-also-dos(39361)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
},
{
"name": "3520",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3520"
},
{
"name": "http://bugs.digium.com/view.php?id=11637",
"refsource": "MISC",
"url": "http://bugs.digium.com/view.php?id=11637"
},
{
"name": "28312",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28312"
},
{
"name": "1019152",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019152"
},
{
"name": "FEDORA-2008-0198",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
},
{
"name": "28299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0095",
"datePublished": "2008-01-08T02:00:00.000Z",
"dateReserved": "2008-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:32:23.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4455 (GCVE-0-2007-4455)
Vulnerability from nvd – Published: 2007-08-22 01:00 – Updated: 2024-08-07 14:53
VLAI
Summary
The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3047 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2007/2953 | vdb-entryx_refsource_VUPEN |
| http://downloads.digium.com/pub/asa/AST-2007-020.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/25392 | vdb-entryx_refsource_BID |
| http://seclists.org/fulldisclosure/2007/Aug/0393.html | mailing-listx_refsource_FULLDISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/26553 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1018595 | vdb-entryx_refsource_SECTRACK |
Date Public
2007-08-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3047",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3047"
},
{
"name": "ADV-2007-2953",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2953"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/asa/AST-2007-020.html"
},
{
"name": "25392",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25392"
},
{
"name": "20070821 AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2007/Aug/0393.html"
},
{
"name": "asterisk-sip-dialoghistory-dos(36145)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36145"
},
{
"name": "26553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26553"
},
{
"name": "1018595",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018595"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3047",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3047"
},
{
"name": "ADV-2007-2953",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2953"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/asa/AST-2007-020.html"
},
{
"name": "25392",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25392"
},
{
"name": "20070821 AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2007/Aug/0393.html"
},
{
"name": "asterisk-sip-dialoghistory-dos(36145)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36145"
},
{
"name": "26553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26553"
},
{
"name": "1018595",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018595"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3047",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3047"
},
{
"name": "ADV-2007-2953",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2953"
},
{
"name": "http://downloads.digium.com/pub/asa/AST-2007-020.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/asa/AST-2007-020.html"
},
{
"name": "25392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25392"
},
{
"name": "20070821 AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2007/Aug/0393.html"
},
{
"name": "asterisk-sip-dialoghistory-dos(36145)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36145"
},
{
"name": "26553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26553"
},
{
"name": "1018595",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018595"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4455",
"datePublished": "2007-08-22T01:00:00.000Z",
"dateReserved": "2007-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:53:55.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4280 (GCVE-0-2007-4280)
Vulnerability from nvd – Published: 2007-08-09 21:00 – Updated: 2024-08-07 14:46
VLAI
Summary
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2007/2808 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/26340 | third-party-advisoryx_refsource_SECUNIA |
| http://downloads.digium.com/pub/asa/ASA-2007-019.pdf | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/25228 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1018536 | vdb-entryx_refsource_SECTRACK |
Date Public
2007-08-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2808",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2808"
},
{
"name": "26340",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26340"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
},
{
"name": "asterisk-skinny-channel-dos(35870)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
},
{
"name": "25228",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25228"
},
{
"name": "1018536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2808",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2808"
},
{
"name": "26340",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26340"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
},
{
"name": "asterisk-skinny-channel-dos(35870)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
},
{
"name": "25228",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25228"
},
{
"name": "1018536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2808",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2808"
},
{
"name": "26340",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26340"
},
{
"name": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
},
{
"name": "asterisk-skinny-channel-dos(35870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
},
{
"name": "25228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25228"
},
{
"name": "1018536",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4280",
"datePublished": "2007-08-09T21:00:00.000Z",
"dateReserved": "2007-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:46:39.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3762 (GCVE-0-2007-3762)
Vulnerability from nvd – Published: 2007-07-18 17:00 – Updated: 2024-08-07 14:28
VLAI
Summary
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/26099 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1018407 | vdb-entryx_refsource_SECTRACK |
| http://security.gentoo.org/glsa/glsa-200802-11.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/29051 | third-party-advisoryx_refsource_SECUNIA |
| http://bugs.gentoo.org/show_bug.cgi?id=185713 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/2563 | vdb-entryx_refsource_VUPEN |
| http://www.debian.org/security/2007/dsa-1358 | vendor-advisoryx_refsource_DEBIAN |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
| http://ftp.digium.com/pub/asa/ASA-2007-014.pdf | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/24949 | vdb-entryx_refsource_BID |
Date Public
2007-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asterisk-iax2channeldriver-bo(35466)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
},
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
},
{
"name": "24949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asterisk-iax2channeldriver-bo(35466)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
},
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
},
{
"name": "24949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asterisk-iax2channeldriver-bo(35466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
},
{
"name": "26099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26099"
},
{
"name": "1018407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29051"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=185713",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
},
{
"name": "24949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3762",
"datePublished": "2007-07-18T17:00:00.000Z",
"dateReserved": "2007-07-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:28:52.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3764 (GCVE-0-2007-3764)
Vulnerability from nvd – Published: 2007-07-18 17:00 – Updated: 2024-08-07 14:28
VLAI
Summary
The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/26099 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/24950 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1018407 | vdb-entryx_refsource_SECTRACK |
| http://security.gentoo.org/glsa/glsa-200802-11.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/29051 | third-party-advisoryx_refsource_SECUNIA |
| http://bugs.gentoo.org/show_bug.cgi?id=185713 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2007/2563 | vdb-entryx_refsource_VUPEN |
| http://ftp.digium.com/pub/asa/ASA-2007-016.pdf | x_refsource_CONFIRM |
| http://www.debian.org/security/2007/dsa-1358 | vendor-advisoryx_refsource_DEBIAN |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
Date Public
2007-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "asterisk-skinny-driver-dos(35478)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35478"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an \"overly large memcpy.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "asterisk-skinny-driver-dos(35478)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35478"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an \"overly large memcpy.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29051"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=185713",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "asterisk-skinny-driver-dos(35478)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35478"
},
{
"name": "ADV-2007-2563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf"
},
{
"name": "DSA-1358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3764",
"datePublished": "2007-07-18T17:00:00.000Z",
"dateReserved": "2007-07-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:28:52.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3765 (GCVE-0-2007-3765)
Vulnerability from nvd – Published: 2007-07-18 17:00 – Updated: 2024-08-07 14:28
VLAI
Summary
The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/26099 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/24950 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1018407 | vdb-entryx_refsource_SECTRACK |
| http://ftp.digium.com/pub/asa/ASA-2007-017.pdf | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2007/2563 | vdb-entryx_refsource_VUPEN |
Date Public
2007-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
},
{
"name": "asterisk-stun-dos(35480)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
},
{
"name": "asterisk-stun-dos(35480)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
},
{
"name": "asterisk-stun-dos(35480)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
},
{
"name": "ADV-2007-2563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3765",
"datePublished": "2007-07-18T17:00:00.000Z",
"dateReserved": "2007-07-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:28:52.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3763 (GCVE-0-2007-3763)
Vulnerability from nvd – Published: 2007-07-18 17:00 – Updated: 2024-08-07 14:28
VLAI
Summary
The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://ftp.digium.com/pub/asa/ASA-2007-015.pdf | x_refsource_CONFIRM |
| http://secunia.com/advisories/26099 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/24950 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1018407 | vdb-entryx_refsource_SECTRACK |
| http://security.gentoo.org/glsa/glsa-200802-11.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/29051 | third-party-advisoryx_refsource_SECUNIA |
| http://bugs.gentoo.org/show_bug.cgi?id=185713 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/2563 | vdb-entryx_refsource_VUPEN |
| http://www.debian.org/security/2007/dsa-1358 | vendor-advisoryx_refsource_DEBIAN |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
Date Public
2007-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf"
},
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-27T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf"
},
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf"
},
{
"name": "26099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29051"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=185713",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3763",
"datePublished": "2007-07-18T17:00:00.000Z",
"dateReserved": "2007-07-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:28:52.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3264 (GCVE-0-2008-3264)
Vulnerability from cvelistv5 – Published: 2008-07-24 15:18 – Updated: 2024-08-07 09:28
VLAI
Summary
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id?1020536 | vdb-entryx_refsource_SECTRACK |
| http://security.gentoo.org/glsa/glsa-200905-01.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/31194 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/2168… | vdb-entryx_refsource_VUPEN |
| http://downloads.digium.com/pub/security/AST-2008… | x_refsource_CONFIRM |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/31178 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/30350 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/494676/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/34982 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020536"
},
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "31194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31194"
},
{
"name": "ADV-2008-2168",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
},
{
"name": "FEDORA-2008-6676",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
},
{
"name": "31178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31178"
},
{
"name": "asterisk-downloadprotocol-dos(43955)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
},
{
"name": "30350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30350"
},
{
"name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020536"
},
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "31194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31194"
},
{
"name": "ADV-2008-2168",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
},
{
"name": "FEDORA-2008-6676",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
},
{
"name": "31178",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31178"
},
{
"name": "asterisk-downloadprotocol-dos(43955)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
},
{
"name": "30350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30350"
},
{
"name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020536",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020536"
},
{
"name": "GLSA-200905-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "31194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31194"
},
{
"name": "ADV-2008-2168",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2168/references"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-011.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-011.html"
},
{
"name": "FEDORA-2008-6676",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html"
},
{
"name": "31178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31178"
},
{
"name": "asterisk-downloadprotocol-dos(43955)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43955"
},
{
"name": "30350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30350"
},
{
"name": "20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494676/100/0/threaded"
},
{
"name": "34982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3264",
"datePublished": "2008-07-24T15:18:00.000Z",
"dateReserved": "2008-07-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:28:41.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1923 (GCVE-0-2008-1923)
Vulnerability from cvelistv5 – Published: 2008-04-23 16:00 – Updated: 2024-08-07 08:41
VLAI
Summary
The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://downloads.digium.com/pub/security/AST-2008… | x_refsource_CONFIRM |
| http://bugs.digium.com/view.php?id=10078 | x_refsource_CONFIRM |
| http://www.altsci.com/concepts/page.php?s=asteri&p=1 | x_refsource_MISC |
Date Public
2008-04-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asterisk-new-dos(42049)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.digium.com/view.php?id=10078"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asterisk-new-dos(42049)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.digium.com/view.php?id=10078"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asterisk-new-dos(42049)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42049"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-006.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
},
{
"name": "http://bugs.digium.com/view.php?id=10078",
"refsource": "CONFIRM",
"url": "http://bugs.digium.com/view.php?id=10078"
},
{
"name": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1",
"refsource": "MISC",
"url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1923",
"datePublished": "2008-04-23T16:00:00.000Z",
"dateReserved": "2008-04-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:41:00.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1897 (GCVE-0-2008-1897)
Vulnerability from cvelistv5 – Published: 2008-04-23 00:00 – Updated: 2024-08-07 08:40
VLAI
Summary
The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
27 references
Date Public
2008-04-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "29927",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/29927"
},
{
"name": "asterisk-iax2protocol-ack-dos(41966)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966"
},
{
"name": "28901",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28901"
},
{
"name": "30010",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/30010"
},
{
"name": "ADV-2008-1324",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1324"
},
{
"tags": [
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://bugs.digium.com/view.php?id=10078"
},
{
"name": "FEDORA-2008-3390",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html"
},
{
"name": "20080422 AST-2008-006 - 3-way handshake in IAX2 incomplete",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491220/100/0/threaded"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=2"
},
{
"name": "30042",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/30042"
},
{
"name": "DSA-1563",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1563"
},
{
"name": "34982",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/34982"
},
{
"name": "1019918",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019918"
},
{
"name": "FEDORA-2008-3365",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://downloads.asterisk.org/pub/security/AST-2008-006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server\u0027s reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T02:02:11.362Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200905-01",
"tags": [
"vendor-advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml"
},
{
"name": "29927",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/29927"
},
{
"name": "asterisk-iax2protocol-ack-dos(41966)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966"
},
{
"name": "28901",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/28901"
},
{
"name": "30010",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/30010"
},
{
"name": "ADV-2008-1324",
"tags": [
"vdb-entry"
],
"url": "http://www.vupen.com/english/advisories/2008/1324"
},
{
"url": "http://downloads.digium.com/pub/security/AST-2008-006.html"
},
{
"url": "http://bugs.digium.com/view.php?id=10078"
},
{
"name": "FEDORA-2008-3390",
"tags": [
"vendor-advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html"
},
{
"name": "20080422 AST-2008-006 - 3-way handshake in IAX2 incomplete",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/491220/100/0/threaded"
},
{
"url": "http://www.altsci.com/concepts/page.php?s=asteri\u0026p=2"
},
{
"name": "30042",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/30042"
},
{
"name": "DSA-1563",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1563"
},
{
"name": "34982",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/34982"
},
{
"name": "1019918",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id?1019918"
},
{
"name": "FEDORA-2008-3365",
"tags": [
"vendor-advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html"
},
{
"url": "https://downloads.asterisk.org/pub/security/AST-2008-006.html"
},
{
"url": "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83"
},
{
"url": "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2"
},
{
"url": "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a"
},
{
"url": "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90"
},
{
"url": "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6"
},
{
"url": "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e"
},
{
"url": "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b"
},
{
"url": "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7"
},
{
"url": "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb"
},
{
"url": "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1897",
"datePublished": "2008-04-23T00:00:00.000Z",
"dateReserved": "2008-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:40:59.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1289 (GCVE-0-2008-1289)
Vulnerability from cvelistv5 – Published: 2008-03-24 17:00 – Updated: 2024-08-07 08:17
VLAI
Summary
Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2008-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28308",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28308"
},
{
"name": "3763",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3763"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
},
{
"name": "asterisk-rtp-codecpayload-bo(41305)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
},
{
"name": "1019628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019628"
},
{
"name": "29426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29426"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asterisk.org/node/48466"
},
{
"name": "FEDORA-2008-2554",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
},
{
"name": "ADV-2008-0928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
},
{
"name": "FEDORA-2008-2620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "asterisk-rtppayload-bo(41302)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
},
{
"name": "29470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28308",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28308"
},
{
"name": "3763",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3763"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
},
{
"name": "asterisk-rtp-codecpayload-bo(41305)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
},
{
"name": "1019628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019628"
},
{
"name": "29426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29426"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asterisk.org/node/48466"
},
{
"name": "FEDORA-2008-2554",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
},
{
"name": "ADV-2008-0928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
},
{
"name": "FEDORA-2008-2620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "asterisk-rtppayload-bo(41302)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
},
{
"name": "29470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28308"
},
{
"name": "3763",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3763"
},
{
"name": "http://labs.musecurity.com/advisories/MU-200803-01.txt",
"refsource": "MISC",
"url": "http://labs.musecurity.com/advisories/MU-200803-01.txt"
},
{
"name": "asterisk-rtp-codecpayload-bo(41305)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41305"
},
{
"name": "1019628",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019628"
},
{
"name": "29426",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29426"
},
{
"name": "http://www.asterisk.org/node/48466",
"refsource": "CONFIRM",
"url": "http://www.asterisk.org/node/48466"
},
{
"name": "FEDORA-2008-2554",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "20080318 AST-2008-002: Two buffer overflows in RTP Codec Payload Handling",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489817/100/0/threaded"
},
{
"name": "ADV-2008-0928",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-002.html"
},
{
"name": "FEDORA-2008-2620",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "asterisk-rtppayload-bo(41302)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41302"
},
{
"name": "29470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1289",
"datePublished": "2008-03-24T17:00:00.000Z",
"dateReserved": "2008-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:34.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1390 (GCVE-0-2008-1390)
Vulnerability from cvelistv5 – Published: 2008-03-24 17:00 – Updated: 2024-08-07 08:17
VLAI
Summary
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3764 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/28316 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/489819/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/29449 | third-party-advisoryx_refsource_SECUNIA |
| http://downloads.digium.com/pub/security/AST-2008… | x_refsource_CONFIRM |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.securitytracker.com/id?1019679 | vdb-entryx_refsource_SECTRACK |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/29470 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3764",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3764"
},
{
"name": "28316",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28316"
},
{
"name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
},
{
"name": "asterisk-httpmanagerid-weak-security(41304)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
},
{
"name": "29449",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29449"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
},
{
"name": "FEDORA-2008-2554",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019679"
},
{
"name": "FEDORA-2008-2620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3764",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3764"
},
{
"name": "28316",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28316"
},
{
"name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
},
{
"name": "asterisk-httpmanagerid-weak-security(41304)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
},
{
"name": "29449",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29449"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
},
{
"name": "FEDORA-2008-2554",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019679",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019679"
},
{
"name": "FEDORA-2008-2620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3764",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3764"
},
{
"name": "28316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28316"
},
{
"name": "20080318 AST-2008-005: HTTP Manager ID is predictable",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489819/100/0/threaded"
},
{
"name": "asterisk-httpmanagerid-weak-security(41304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41304"
},
{
"name": "29449",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29449"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-005.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-005.html"
},
{
"name": "FEDORA-2008-2554",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019679",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019679"
},
{
"name": "FEDORA-2008-2620",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1390",
"datePublished": "2008-03-24T17:00:00.000Z",
"dateReserved": "2008-03-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:34.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1332 (GCVE-0-2008-1332)
Vulnerability from cvelistv5 – Published: 2008-03-20 00:00 – Updated: 2024-08-07 08:17
VLAI
Summary
Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2008-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"name": "29782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29782"
},
{
"name": "GLSA-200804-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
},
{
"name": "28310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28310"
},
{
"name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
},
{
"name": "DSA-1525",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1525"
},
{
"name": "29426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29426"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asterisk.org/node/48466"
},
{
"name": "FEDORA-2008-2554",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019629",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019629"
},
{
"name": "asterisk-sip-security-bypass(41308)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
},
{
"name": "ADV-2008-0928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"name": "FEDORA-2008-2620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29957"
},
{
"name": "29456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29456"
},
{
"name": "29470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"name": "29782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29782"
},
{
"name": "GLSA-200804-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
},
{
"name": "28310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28310"
},
{
"name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
},
{
"name": "DSA-1525",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1525"
},
{
"name": "29426",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29426"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asterisk.org/node/48466"
},
{
"name": "FEDORA-2008-2554",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019629",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019629"
},
{
"name": "asterisk-sip-security-bypass(41308)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
},
{
"name": "ADV-2008-0928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"name": "FEDORA-2008-2620",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29957",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29957"
},
{
"name": "29456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29456"
},
{
"name": "29470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html"
},
{
"name": "29782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29782"
},
{
"name": "GLSA-200804-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-13.xml"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-003.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-003.html"
},
{
"name": "28310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28310"
},
{
"name": "20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489818/100/0/threaded"
},
{
"name": "DSA-1525",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1525"
},
{
"name": "29426",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29426"
},
{
"name": "http://www.asterisk.org/node/48466",
"refsource": "CONFIRM",
"url": "http://www.asterisk.org/node/48466"
},
{
"name": "FEDORA-2008-2554",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html"
},
{
"name": "1019629",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019629"
},
{
"name": "asterisk-sip-security-bypass(41308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41308"
},
{
"name": "ADV-2008-0928",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0928"
},
{
"name": "FEDORA-2008-2620",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html"
},
{
"name": "29957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29957"
},
{
"name": "29456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29456"
},
{
"name": "29470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1332",
"datePublished": "2008-03-20T00:00:00.000Z",
"dateReserved": "2008-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:34.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0095 (GCVE-0-2008-0095)
Vulnerability from cvelistv5 – Published: 2008-01-08 02:00 – Updated: 2024-08-07 07:32
VLAI
Summary
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/27110 | vdb-entryx_refsource_BID |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://www.vupen.com/english/advisories/2008/0019 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/485727/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/3520 | third-party-advisoryx_refsource_SREASON |
| http://bugs.digium.com/view.php?id=11637 | x_refsource_MISC |
| http://secunia.com/advisories/28312 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1019152 | vdb-entryx_refsource_SECTRACK |
| https://www.redhat.com/archives/fedora-package-an… | vendor-advisoryx_refsource_FEDORA |
| http://downloads.digium.com/pub/security/AST-2008… | x_refsource_CONFIRM |
| http://secunia.com/advisories/28299 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-01-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27110",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27110"
},
{
"name": "FEDORA-2008-0199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
},
{
"name": "ADV-2008-0019",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0019"
},
{
"name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
},
{
"name": "asterisk-bye-also-dos(39361)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
},
{
"name": "3520",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3520"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.digium.com/view.php?id=11637"
},
{
"name": "28312",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28312"
},
{
"name": "1019152",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019152"
},
{
"name": "FEDORA-2008-0198",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
},
{
"name": "28299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27110",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27110"
},
{
"name": "FEDORA-2008-0199",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
},
{
"name": "ADV-2008-0019",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0019"
},
{
"name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
},
{
"name": "asterisk-bye-also-dos(39361)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
},
{
"name": "3520",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3520"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.digium.com/view.php?id=11637"
},
{
"name": "28312",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28312"
},
{
"name": "1019152",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019152"
},
{
"name": "FEDORA-2008-0198",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
},
{
"name": "28299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27110",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27110"
},
{
"name": "FEDORA-2008-0199",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00167.html"
},
{
"name": "ADV-2008-0019",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0019"
},
{
"name": "20080102 AST-2008-001: Crash from transfer using BYE with Also header",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485727/100/0/threaded"
},
{
"name": "asterisk-bye-also-dos(39361)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39361"
},
{
"name": "3520",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3520"
},
{
"name": "http://bugs.digium.com/view.php?id=11637",
"refsource": "MISC",
"url": "http://bugs.digium.com/view.php?id=11637"
},
{
"name": "28312",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28312"
},
{
"name": "1019152",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019152"
},
{
"name": "FEDORA-2008-0198",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html"
},
{
"name": "http://downloads.digium.com/pub/security/AST-2008-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/security/AST-2008-001.html"
},
{
"name": "28299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0095",
"datePublished": "2008-01-08T02:00:00.000Z",
"dateReserved": "2008-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:32:23.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4455 (GCVE-0-2007-4455)
Vulnerability from cvelistv5 – Published: 2007-08-22 01:00 – Updated: 2024-08-07 14:53
VLAI
Summary
The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3047 | third-party-advisoryx_refsource_SREASON |
| http://www.vupen.com/english/advisories/2007/2953 | vdb-entryx_refsource_VUPEN |
| http://downloads.digium.com/pub/asa/AST-2007-020.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/25392 | vdb-entryx_refsource_BID |
| http://seclists.org/fulldisclosure/2007/Aug/0393.html | mailing-listx_refsource_FULLDISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/26553 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1018595 | vdb-entryx_refsource_SECTRACK |
Date Public
2007-08-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3047",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3047"
},
{
"name": "ADV-2007-2953",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2953"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/asa/AST-2007-020.html"
},
{
"name": "25392",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25392"
},
{
"name": "20070821 AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2007/Aug/0393.html"
},
{
"name": "asterisk-sip-dialoghistory-dos(36145)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36145"
},
{
"name": "26553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26553"
},
{
"name": "1018595",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018595"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3047",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3047"
},
{
"name": "ADV-2007-2953",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2953"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/asa/AST-2007-020.html"
},
{
"name": "25392",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25392"
},
{
"name": "20070821 AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2007/Aug/0393.html"
},
{
"name": "asterisk-sip-dialoghistory-dos(36145)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36145"
},
{
"name": "26553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26553"
},
{
"name": "1018595",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018595"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3047",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3047"
},
{
"name": "ADV-2007-2953",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2953"
},
{
"name": "http://downloads.digium.com/pub/asa/AST-2007-020.html",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/asa/AST-2007-020.html"
},
{
"name": "25392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25392"
},
{
"name": "20070821 AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2007/Aug/0393.html"
},
{
"name": "asterisk-sip-dialoghistory-dos(36145)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36145"
},
{
"name": "26553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26553"
},
{
"name": "1018595",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018595"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4455",
"datePublished": "2007-08-22T01:00:00.000Z",
"dateReserved": "2007-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:53:55.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4280 (GCVE-0-2007-4280)
Vulnerability from cvelistv5 – Published: 2007-08-09 21:00 – Updated: 2024-08-07 14:46
VLAI
Summary
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2007/2808 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/26340 | third-party-advisoryx_refsource_SECUNIA |
| http://downloads.digium.com/pub/asa/ASA-2007-019.pdf | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/25228 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1018536 | vdb-entryx_refsource_SECTRACK |
Date Public
2007-08-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:39.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2808",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2808"
},
{
"name": "26340",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26340"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
},
{
"name": "asterisk-skinny-channel-dos(35870)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
},
{
"name": "25228",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25228"
},
{
"name": "1018536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2808",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2808"
},
{
"name": "26340",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26340"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
},
{
"name": "asterisk-skinny-channel-dos(35870)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
},
{
"name": "25228",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25228"
},
{
"name": "1018536",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2808",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2808"
},
{
"name": "26340",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26340"
},
{
"name": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf",
"refsource": "CONFIRM",
"url": "http://downloads.digium.com/pub/asa/ASA-2007-019.pdf"
},
{
"name": "asterisk-skinny-channel-dos(35870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35870"
},
{
"name": "25228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25228"
},
{
"name": "1018536",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4280",
"datePublished": "2007-08-09T21:00:00.000Z",
"dateReserved": "2007-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:46:39.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3762 (GCVE-0-2007-3762)
Vulnerability from cvelistv5 – Published: 2007-07-18 17:00 – Updated: 2024-08-07 14:28
VLAI
Summary
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/26099 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securitytracker.com/id?1018407 | vdb-entryx_refsource_SECTRACK |
| http://security.gentoo.org/glsa/glsa-200802-11.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/29051 | third-party-advisoryx_refsource_SECUNIA |
| http://bugs.gentoo.org/show_bug.cgi?id=185713 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/2563 | vdb-entryx_refsource_VUPEN |
| http://www.debian.org/security/2007/dsa-1358 | vendor-advisoryx_refsource_DEBIAN |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
| http://ftp.digium.com/pub/asa/ASA-2007-014.pdf | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/24949 | vdb-entryx_refsource_BID |
Date Public
2007-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "asterisk-iax2channeldriver-bo(35466)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
},
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
},
{
"name": "24949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "asterisk-iax2channeldriver-bo(35466)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
},
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
},
{
"name": "24949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "asterisk-iax2channeldriver-bo(35466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35466"
},
{
"name": "26099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26099"
},
{
"name": "1018407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29051"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=185713",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-014.pdf"
},
{
"name": "24949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3762",
"datePublished": "2007-07-18T17:00:00.000Z",
"dateReserved": "2007-07-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:28:52.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3764 (GCVE-0-2007-3764)
Vulnerability from cvelistv5 – Published: 2007-07-18 17:00 – Updated: 2024-08-07 14:28
VLAI
Summary
The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/26099 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/24950 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1018407 | vdb-entryx_refsource_SECTRACK |
| http://security.gentoo.org/glsa/glsa-200802-11.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/29051 | third-party-advisoryx_refsource_SECUNIA |
| http://bugs.gentoo.org/show_bug.cgi?id=185713 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2007/2563 | vdb-entryx_refsource_VUPEN |
| http://ftp.digium.com/pub/asa/ASA-2007-016.pdf | x_refsource_CONFIRM |
| http://www.debian.org/security/2007/dsa-1358 | vendor-advisoryx_refsource_DEBIAN |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
Date Public
2007-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "asterisk-skinny-driver-dos(35478)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35478"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an \"overly large memcpy.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "asterisk-skinny-driver-dos(35478)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35478"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an \"overly large memcpy.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29051"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=185713",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "asterisk-skinny-driver-dos(35478)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35478"
},
{
"name": "ADV-2007-2563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-016.pdf"
},
{
"name": "DSA-1358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3764",
"datePublished": "2007-07-18T17:00:00.000Z",
"dateReserved": "2007-07-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:28:52.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3765 (GCVE-0-2007-3765)
Vulnerability from cvelistv5 – Published: 2007-07-18 17:00 – Updated: 2024-08-07 14:28
VLAI
Summary
The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/26099 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/24950 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1018407 | vdb-entryx_refsource_SECTRACK |
| http://ftp.digium.com/pub/asa/ASA-2007-017.pdf | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2007/2563 | vdb-entryx_refsource_VUPEN |
Date Public
2007-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
},
{
"name": "asterisk-stun-dos(35480)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
},
{
"name": "asterisk-stun-dos(35480)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
},
{
"name": "asterisk-stun-dos(35480)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
},
{
"name": "ADV-2007-2563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3765",
"datePublished": "2007-07-18T17:00:00.000Z",
"dateReserved": "2007-07-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:28:52.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3763 (GCVE-0-2007-3763)
Vulnerability from cvelistv5 – Published: 2007-07-18 17:00 – Updated: 2024-08-07 14:28
VLAI
Summary
The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://ftp.digium.com/pub/asa/ASA-2007-015.pdf | x_refsource_CONFIRM |
| http://secunia.com/advisories/26099 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/24950 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1018407 | vdb-entryx_refsource_SECTRACK |
| http://security.gentoo.org/glsa/glsa-200802-11.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/29051 | third-party-advisoryx_refsource_SECUNIA |
| http://bugs.gentoo.org/show_bug.cgi?id=185713 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/2563 | vdb-entryx_refsource_VUPEN |
| http://www.debian.org/security/2007/dsa-1358 | vendor-advisoryx_refsource_DEBIAN |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
Date Public
2007-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf"
},
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-07-27T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf"
},
{
"name": "26099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf",
"refsource": "CONFIRM",
"url": "http://ftp.digium.com/pub/asa/ASA-2007-015.pdf"
},
{
"name": "26099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26099"
},
{
"name": "24950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24950"
},
{
"name": "1018407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018407"
},
{
"name": "GLSA-200802-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-11.xml"
},
{
"name": "29051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29051"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=185713",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=185713"
},
{
"name": "ADV-2007-2563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2563"
},
{
"name": "DSA-1358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1358"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3763",
"datePublished": "2007-07-18T17:00:00.000Z",
"dateReserved": "2007-07-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:28:52.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}