PT-2007-5004 · Digium+1 · Asterisk Appliance Developer Kit+4
Published
2007-07-18
·
Updated
2011-03-08
·
CVE-2007-3763
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Asterisk versions prior to 1.2.22
Asterisk versions 1.4.x prior to 1.4.8
Asterisk Business Edition versions prior to B.2.2.1
AsteriskNOW versions prior to beta7
Asterisk Appliance Developer Kit versions prior to 0.5.0
s800i versions prior to 1.0.2
Description
The issue allows remote attackers to cause a denial of service (crash) via a crafted frame that contains information elements of IAX frames, resulting in a NULL pointer dereference when the software does not properly set an associated variable. This can occur through a crafted (1) LAGRQ or (2) LAGRP frame.
Recommendations
For Asterisk versions prior to 1.2.22, update to version 1.2.22 or later.
For Asterisk versions 1.4.x prior to 1.4.8, update to version 1.4.8 or later.
For Asterisk Business Edition versions prior to B.2.2.1, update to version B.2.2.1 or later.
For AsteriskNOW versions prior to beta7, update to beta7 or later.
For Asterisk Appliance Developer Kit versions prior to 0.5.0, update to version 0.5.0 or later.
For s800i versions prior to 1.0.2, update to version 1.0.2 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Asterisk
Asterisk Appliance Developer Kit
Asterisk Business Edition
Asterisknow
S800I