PT-2007-5006 · Digium+1 · Asterisknow+3
Published
2007-07-18
·
Updated
2017-07-29
·
CVE-2007-3765
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Asterisk versions 1.4.x through 1.4.7
AsteriskNOW versions prior to beta7
Appliance Developer Kit versions prior to 0.5.0
s800i versions prior to 1.0.2
Description
The issue allows remote attackers to cause a denial of service, resulting in a crash. This is achieved by sending a crafted STUN packet with a malicious STUN length attribute on an RTP port.
Recommendations
For Asterisk versions 1.4.x through 1.4.7, update to version 1.4.8 or later.
For AsteriskNOW versions prior to beta7, update to beta7 or later.
For Appliance Developer Kit versions prior to 0.5.0, update to version 0.5.0 or later.
For s800i versions prior to 1.0.2, update to version 1.0.2 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Appliance Developer Kit
Asterisk
Asterisknow
S800I