Page 8 of 43 results (0.004 seconds)

CVSS: 7.8EPSS: 16%CPEs: 13EXPL: 0

CVE-2007-2297

https://notcve.org/view.php?id=CVE-2007-2297

The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash). El SIP channel driver (chan_sip) del Asterisk anterior al 1.2.18 y el 1.4.x anterior al 1.4.3 no analiza sintácticamente de forma correcta los paquetes SIP UDP que no contienen un código de respuesta válido, lo que permite a atacantes remotos provocar una denegación de servicio (caída). • http://bugs.digium.com/view.php?id=9313 http://secunia.com/advisories/25582 http://securityreason.com/securityalert/2644 http://www.asterisk.org/files/ASA-2007-011.pdf http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://www.securityfocus.com/archive/1/466882/100/0/threaded http://www.securityfocus.com/bid/24359 http://www.securitytracker.com/id?1017954 https://exchange.xforce.ibmcloud.com/vulnerabilities/3 •

CVSS: 7.8EPSS: 93%CPEs: 37EXPL: 0

CVE-2007-1594

https://notcve.org/view.php?id=CVE-2007-1594

The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet. La función handle_response en chan_sip.c de Asterisk before 1.2.17 y 1.4.x versiones anteriores a 1.4.2 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una respuesta SIP código 0 en un paquete SIP. • http://bugs.digium.com/view.php?id=9313 http://secunia.com/advisories/24579 http://secunia.com/advisories/24719 http://secunia.com/advisories/25582 http://security.gentoo.org/glsa/glsa-200704-01.xml http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907&r2=59038 http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html http://www.asterisk.org/node/48338 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://www.sec •

CVSS: 7.8EPSS: 95%CPEs: 18EXPL: 1

CVE-2007-1306 – Asterisk 1.2.15/1.4.0 - Remote Denial of Service

https://notcve.org/view.php?id=CVE-2007-1306

Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference. Asterisk versiones 1.4 anteriores a 1.4.1 y versiones 1.2 anteriores a 1.2.16, permite a atacantes remotos causar una denegación de servicio (bloqueo) enviando un paquete de Session Initiation Protocol (SIP) sin una URI y Encabezado SIP-version, lo que resulta en una desreferencia del puntero NULL. • https://www.exploit-db.com/exploits/3407 http://asterisk.org/node/48319 http://asterisk.org/node/48320 http://labs.musecurity.com/advisories/MU-200703-01.txt http://secunia.com/advisories/24380 http://secunia.com/advisories/24578 http://secunia.com/advisories/25582 http://security.gentoo.org/glsa/glsa-200703-14.xml http://www.debian.org/security/2007/dsa-1358 http://www.kb.cert.org/vuls/id/228032 http://www.novell.com/linux/security/advisories/2007_34_asterisk •

CVSS: 7.8EPSS: 84%CPEs: 13EXPL: 0

CVE-2006-5445

https://notcve.org/view.php?id=CVE-2006-5445

Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. Vulnerabilidad no especificada en el controlador de canal SIP (channels/chan_sip.c) en ASterisk 1.2.x anteriores a 1.2.13 y 1.4.x aneriores a 1.4.0-beta3 permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos) a través de vectores no especificados que resultan en la creación de una "estructura pvt real" que usa más recursos de los necesarios. • http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 http://secunia.com/advisories/22651 http://secunia.com/advisories/22979 http://www.asterisk.org/node/109 http://www.asterisk.org/node/110 http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml http://www.novell.com/linux/security/advisories/2006_69_asterisk.html http://www.osvdb.org/29973 http://www.securityfocus.com/archive/1/449183/100/0/threaded http://www.securityfocus.com/bid/20835 http: •

CVSS: 7.5EPSS: 96%CPEs: 26EXPL: 2

CVE-2006-5444 – Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)

https://notcve.org/view.php?id=CVE-2006-5444

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. Desbordamiento de entero en la función get_input en el controlador de canal Skinny (chan_skinny.c) en Asterisk 1.0.x anteriores a 1.0.12 y 1.2.x anteriores a 1.2.13, utilizados en los teléfonos Cisco SCCP, permite a atacantes remotos ejecutar código de su elección mediante un cierto valor dlen que pasa una comparación de entero con signo y lleva a un desbordamiento de búfer basado en montón. • https://www.exploit-db.com/exploits/2597 http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12 http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html http://secunia.com/advisories/22480 http://secunia.com/advisories/22651 http://secunia.com/advisories/22979 http://secunia.com/advisories/23212 http://securitytracker.com/id?1017089 http://www.asterisk.org/node/109 http://www.gent •