CVE-2006-5445

Asterisk Denial of Service

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.

Vulnerabilidad no especificada en el controlador de canal SIP (channels/chan_sip.c) en ASterisk 1.2.x anteriores a 1.2.13 y 1.4.x aneriores a 1.4.0-beta3 permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos) a través de vectores no especificados que resultan en la creación de una "estructura pvt real" que usa más recursos de los necesarios.

A vulnerability exists in the SIP channel driver (channels/chan_sip.c) in all versions of Asterisk prior to 1.2.13. Local and remote attackers are able to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-10-23 CVE Reserved
2006-10-23 CVE Published
2024-08-07 CVE Updated
2025-06-11 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (12)

URL	Tag	Source
http://secunia.com/advisories/22651	Third Party Advisory
http://secunia.com/advisories/22979	Third Party Advisory
http://www.osvdb.org/29973	Vdb Entry
http://www.securityfocus.com/bid/20835	Vdb Entry
http://www.vupen.com/english/advisories/2006/4098	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/29664	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13	2018-10-17
http://www.asterisk.org/node/109	2018-10-17
http://www.asterisk.org/node/110	2018-10-17

URL	Date	SRC
http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml	2018-10-17
http://www.novell.com/linux/security/advisories/2006_69_asterisk.html	2018-10-17
http://www.securityfocus.com/archive/1/449183/100/0/threaded	2018-10-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Digium Search vendor "Digium"		Asterisk Search vendor "Digium" for product "Asterisk"				1.2.0_beta1 Search vendor "Digium" for product "Asterisk" and version "1.2.0_beta1"		-		Affected
Digium Search vendor "Digium"		Asterisk Search vendor "Digium" for product "Asterisk"				1.2.0_beta2 Search vendor "Digium" for product "Asterisk" and version "1.2.0_beta2"		-		Affected
Digium Search vendor "Digium"		Asterisk Search vendor "Digium" for product "Asterisk"				1.2.6 Search vendor "Digium" for product "Asterisk" and version "1.2.6"		-		Affected
Digium Search vendor "Digium"		Asterisk Search vendor "Digium" for product "Asterisk"				1.2.7 Search vendor "Digium" for product "Asterisk" and version "1.2.7"		-		Affected
Digium Search vendor "Digium"		Asterisk Search vendor "Digium" for product "Asterisk"				1.2.8 Search vendor "Digium" for product "Asterisk" and version "1.2.8"		-		Affected
Digium Search vendor "Digium"		Asterisk Search vendor "Digium" for product "Asterisk"				1.2.9 Search vendor "Digium" for product "Asterisk" and version "1.2.9"		-		Affected
Digium Search vendor "Digium"		Asterisk Search vendor "Digium" for product "Asterisk"				1.2.10 Search vendor "Digium" for product "Asterisk" and version "1.2.10"		-		Affected
Digium Search vendor "Digium"		Asterisk Search vendor "Digium" for product "Asterisk"				1.2.11 Search vendor "Digium" for product "Asterisk" and version "1.2.11"		-		Affected
Digium Search vendor "Digium"		Asterisk Search vendor "Digium" for product "Asterisk"				1.2.12 Search vendor "Digium" for product "Asterisk" and version "1.2.12"		-		Affected
Digium Search vendor "Digium"		Asterisk Search vendor "Digium" for product "Asterisk"				1.2.12.1 Search vendor "Digium" for product "Asterisk" and version "1.2.12.1"		-		Affected
Digium Search vendor "Digium"		Asterisk Search vendor "Digium" for product "Asterisk"				1.4.0 Search vendor "Digium" for product "Asterisk" and version "1.4.0"		-		Affected
Digium Search vendor "Digium"		Asterisk Search vendor "Digium" for product "Asterisk"				1.4.0_beta1 Search vendor "Digium" for product "Asterisk" and version "1.4.0_beta1"		-		Affected
Digium Search vendor "Digium"		Asterisk Search vendor "Digium" for product "Asterisk"				1.4.0_beta2 Search vendor "Digium" for product "Asterisk" and version "1.4.0_beta2"		-		Affected