CVSS: 7.8EPSS: 16%CPEs: 18EXPL: 0CVE-2007-2294
https://notcve.org/view.php?id=CVE-2007-2294
The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference. El Manager Interface en Asterisk anterior a 1.2.18 y 1.4.x anterior a 1.4.3 permite a atacantes remotos provocar denegación de servicio (caida) utilizando validación MD5 para validar a un usuario que no tiene definida una contraseña en manager.conf, dando como resultado un puntero no referencia NULL. • http://secunia.com/advisories/24977 http://secunia.com/advisories/25582 http://securityreason.com/securityalert/2646 http://www.asterisk.org/files/ASA-2007-012.pdf http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://www.osvdb.org/35369 http://www.securityfocus.com/archive/1/466911/100/0/threaded http://www.securityfocus.com/bid/23649 http://www.securitytracker.com/id?1017955 http://www.vupen.com/ •
CVSS: 7.6EPSS: 95%CPEs: 3EXPL: 3CVE-2007-2293 – Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-2293
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE. Múltiples desbordamientos de búfer basados en pila en la función process_sdp del chan_sip.c en el en el analizador sintáctico SIP channel T.38 del Asterisk, anterior al 1.4.3. permiten a atacantes remotos ejecutar código de su elección mediante un parámetro largo (1) T38FaxRateManagement o (2) T38FaxUdpEC SDP en el mensaje SIP, como lo demostrado usando SIP INVITE. • https://www.exploit-db.com/exploits/29900 https://www.exploit-db.com/exploits/29901 http://secunia.com/advisories/24977 http://securityreason.com/securityalert/2645 http://www.asterisk.org/files/ASA-2007-010.pdf http://www.osvdb.org/35368 http://www.securityfocus.com/archive/1/466883/100/0/threaded http://www.securityfocus.com/archive/1/472804/100/0/threaded http://www.securityfocus.com/bid/23648 http://www.securitytracker.com/id?1017951 http://www.securitytracker.com •
CVSS: 7.8EPSS: 93%CPEs: 37EXPL: 0CVE-2007-1594
https://notcve.org/view.php?id=CVE-2007-1594
The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet. La función handle_response en chan_sip.c de Asterisk before 1.2.17 y 1.4.x versiones anteriores a 1.4.2 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una respuesta SIP código 0 en un paquete SIP. • http://bugs.digium.com/view.php?id=9313 http://secunia.com/advisories/24579 http://secunia.com/advisories/24719 http://secunia.com/advisories/25582 http://security.gentoo.org/glsa/glsa-200704-01.xml http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907&r2=59038 http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html http://www.asterisk.org/node/48338 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://www.sec •