CVE-2007-4103
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.
El controlador de canal IAX2 (chan_iax2) de Asterisk Open 1.2.x anterior a 1.2.23, 1.4.x anterior a 1.4.9, y Asterisk Appliance Developer Kit anterior a 0.6.0, cuando está configurado para permitir llamadas no autenticadas, permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos) mediante una inundación de llamadas que no completan la negociación de 3 pasos, lo cual provoca que se reserve un canal ast_channel pero no se libere.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-07-30 CVE Reserved
- 2007-07-31 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-772: Missing Release of Resource after Effective Lifetime
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://osvdb.org/38197 | Broken Link | |
http://secunia.com/advisories/29051 | Broken Link | |
http://securityreason.com/securityalert/2960 | Broken Link | |
http://www.securityfocus.com/archive/1/475069/100/0/threaded | Broken Link | |
http://www.securityfocus.com/bid/24950 | Broken Link | |
http://www.securitytracker.com/id?1018472 | Broken Link | |
http://www.vupen.com/english/advisories/2007/2701 | Broken Link |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://bugs.gentoo.org/show_bug.cgi?id=185713 | 2024-02-08 | |
http://ftp.digium.com/pub/asa/ASA-2007-018.pdf | 2024-02-08 | |
http://secunia.com/advisories/26274 | 2024-02-08 |
URL | Date | SRC |
---|---|---|
http://security.gentoo.org/glsa/glsa-200802-11.xml | 2024-02-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | >= 1.2.20 < 1.2.23 Search vendor "Digium" for product "Asterisk" and version " >= 1.2.20 < 1.2.23" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Search vendor "Digium" for product "Asterisk" | >= 1.4.0 < 1.4.9 Search vendor "Digium" for product "Asterisk" and version " >= 1.4.0 < 1.4.9" | - |
Affected
| ||||||
Digium Search vendor "Digium" | Asterisk Appliance Developer Kit Search vendor "Digium" for product "Asterisk Appliance Developer Kit" | < 0.6.0 Search vendor "Digium" for product "Asterisk Appliance Developer Kit" and version " < 0.6.0" | - |
Affected
|