CVE-2007-4103

Name of the Vulnerable Software and Affected Versions Asterisk Open versions 1.2.x through 1.2.22 Asterisk Open versions 1.4.x through 1.4.8 Asterisk Appliance Developer Kit versions prior to 0.6.0

Description The issue allows remote attackers to cause a denial of service, resulting in resource exhaustion. This occurs when the IAX2 channel driver is configured to allow unauthenticated calls and is flooded with calls that do not complete a 3-way handshake, causing an ast channel to be allocated but not released.

Recommendations For Asterisk Open versions 1.2.x through 1.2.22, update to version 1.2.23 or later. For Asterisk Open versions 1.4.x through 1.4.8, update to version 1.4.9 or later. For Asterisk Appliance Developer Kit versions prior to 0.6.0, update to version 0.6.0 or later.