CVE-2007-2293 – Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-2293
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE. Múltiples desbordamientos de búfer basados en pila en la función process_sdp del chan_sip.c en el en el analizador sintáctico SIP channel T.38 del Asterisk, anterior al 1.4.3. permiten a atacantes remotos ejecutar código de su elección mediante un parámetro largo (1) T38FaxRateManagement o (2) T38FaxUdpEC SDP en el mensaje SIP, como lo demostrado usando SIP INVITE. • https://www.exploit-db.com/exploits/29900 https://www.exploit-db.com/exploits/29901 http://secunia.com/advisories/24977 http://securityreason.com/securityalert/2645 http://www.asterisk.org/files/ASA-2007-010.pdf http://www.osvdb.org/35368 http://www.securityfocus.com/archive/1/466883/100/0/threaded http://www.securityfocus.com/archive/1/472804/100/0/threaded http://www.securityfocus.com/bid/23648 http://www.securitytracker.com/id?1017951 http://www.securitytracker.com •
CVE-2007-2297
https://notcve.org/view.php?id=CVE-2007-2297
The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash). El SIP channel driver (chan_sip) del Asterisk anterior al 1.2.18 y el 1.4.x anterior al 1.4.3 no analiza sintácticamente de forma correcta los paquetes SIP UDP que no contienen un código de respuesta válido, lo que permite a atacantes remotos provocar una denegación de servicio (caída). • http://bugs.digium.com/view.php?id=9313 http://secunia.com/advisories/25582 http://securityreason.com/securityalert/2644 http://www.asterisk.org/files/ASA-2007-011.pdf http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://www.securityfocus.com/archive/1/466882/100/0/threaded http://www.securityfocus.com/bid/24359 http://www.securitytracker.com/id?1017954 https://exchange.xforce.ibmcloud.com/vulnerabilities/3 •
CVE-2007-1594
https://notcve.org/view.php?id=CVE-2007-1594
The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet. La función handle_response en chan_sip.c de Asterisk before 1.2.17 y 1.4.x versiones anteriores a 1.4.2 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una respuesta SIP código 0 en un paquete SIP. • http://bugs.digium.com/view.php?id=9313 http://secunia.com/advisories/24579 http://secunia.com/advisories/24719 http://secunia.com/advisories/25582 http://security.gentoo.org/glsa/glsa-200704-01.xml http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907&r2=59038 http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html http://www.asterisk.org/node/48338 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://www.sec •