FKIE_CVE-2006-5445

Vulnerability from fkie_nvd - Published: 2006-10-23 17:07 - Updated: 2026-04-23 00:35
Severity
Summary
Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.
References
cve@mitre.orghttp://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13Patch
cve@mitre.orghttp://secunia.com/advisories/22651
cve@mitre.orghttp://secunia.com/advisories/22979
cve@mitre.orghttp://www.asterisk.org/node/109Patch
cve@mitre.orghttp://www.asterisk.org/node/110Patch
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200610-15.xml
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_69_asterisk.html
cve@mitre.orghttp://www.osvdb.org/29973
cve@mitre.orghttp://www.securityfocus.com/archive/1/449183/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/20835
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/4098
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/29664
af854a3a-2127-422b-91ae-364da2661108http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22651
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22979
af854a3a-2127-422b-91ae-364da2661108http://www.asterisk.org/node/109Patch
af854a3a-2127-422b-91ae-364da2661108http://www.asterisk.org/node/110Patch
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_69_asterisk.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/29973
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/449183/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/20835
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4098
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/29664
Impacted products
Vendor Product Version
digium asterisk 1.2.0_beta1
digium asterisk 1.2.0_beta2
digium asterisk 1.2.6
digium asterisk 1.2.7
digium asterisk 1.2.8
digium asterisk 1.2.9
digium asterisk 1.2.10
digium asterisk 1.2.11
digium asterisk 1.2.12
digium asterisk 1.2.12.1
digium asterisk 1.4.0
digium asterisk 1.4.0_beta1
digium asterisk 1.4.0_beta2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4042CC21-F3CB-4C77-9E60-AF8AA9A191C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C656168D-7D6A-4E84-9196-A8B170E1F7CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C619138A-557F-419E-9832-D0FB0E9042C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6656EA0-4D4F-4251-A30F-48375C5CE3E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AAD9104-BA4A-478F-9B56-195E0F9A7DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F06C361-D7DF-474B-A835-BA8886C11A80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "175954A5-E712-41B8-BC11-4F999343063D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DF9E41E-8FE6-4396-A5D4-D4568600FE03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4457486F-E9B4-46B8-A05D-3B32F8B639A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69417F54-D92F-46FB-9BFA-995211279C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E56DB29-571D-4615-B347-38CF4590E463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B909947-44E3-463E-9FAD-76C8E21A54E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:digium:asterisk:1.4.0_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB2F8AA-B70B-4280-BDBD-023037C16D70",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of \"a real pvt structure\" that uses more resources than necessary."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en el controlador de canal SIP  (channels/chan_sip.c) en ASterisk 1.2.x anteriores a 1.2.13 y 1.4.x aneriores a 1.4.0-beta3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de recursos) a trav\u00e9s de vectores no especificados que resultan en la creaci\u00f3n de una \"estructura pvt real\" que usa m\u00e1s recursos de los necesarios."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nDigium, Asterisk, 1.4.0-beta2\r\nDigium, Asterisk, 1.2.13",
  "id": "CVE-2006-5445",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-10-23T17:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22651"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22979"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.asterisk.org/node/109"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.asterisk.org/node/110"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/29973"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/20835"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4098"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.asterisk.org/node/109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.asterisk.org/node/110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_69_asterisk.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/29973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/449183/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/20835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29664"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.