PT-2007-5471 · Digium · Asterisknow+3

Published

2007-08-09

Updated

2017-07-29

CVE-2007-4280

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions prior to 1.4.10 AsteriskNOW versions prior to beta7 Appliance Developer Kit versions prior to 0.7.0 Appliance s800i versions prior to 1.0.3

Description The issue allows remote authenticated users to cause a denial of service, resulting in an application crash. This is achieved by sending a CAPABILITIES RES MESSAGE packet with a capabilities count larger than the capabilities res message array population.

Recommendations For Asterisk Open Source versions prior to 1.4.10, update to version 1.4.10 or later. For AsteriskNOW versions prior to beta7, update to beta7 or later. For Appliance Developer Kit versions prior to 0.7.0, update to version 0.7.0 or later. For Appliance s800i versions prior to 1.0.3, update to version 1.0.3 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4280

Affected Products

Appliance Developer Kit

Appliance S800I

Asterisk Open Source

Asterisknow

PT-2007-5471 · Digium · Asterisknow+3

CVE-2007-4280

Related Identifiers

Affected Products

References · 11