Vulnerabilities > CVE-2007-1306 - Remote Denial of Service vulnerability in Asterisk SIP Channel Driver

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
digium
nessus
exploit available

Summary

Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

Exploit-Db

descriptionAsterisk <= 1.2.15 / 1.4.0 pre-auth Remote Denial of Service Exploit. CVE-2007-1306. Dos exploits for multiple platform
idEDB-ID:3407
last seen2016-01-31
modified2007-03-04
published2007-03-04
reporterfbffff
sourcehttps://www.exploit-db.com/download/3407/
titleAsterisk <= 1.2.15 / 1.4.0 pre-auth Remote Denial of Service Exploit

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200703-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200703-14 (Asterisk: SIP Denial of Service) The MU Security Research Team discovered that Asterisk contains a NULL pointer dereferencing error in the SIP channel when handling request messages. Impact : A remote attacker could cause an Asterisk server listening for SIP messages to crash by sending a specially crafted SIP request message. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id24839
    published2007-03-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24839
    titleGLSA-200703-14 : Asterisk: SIP Denial of Service
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1358.NASL
    descriptionSeveral remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1306
    last seen2020-06-01
    modified2020-06-02
    plugin id25938
    published2007-08-28
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25938
    titleDebian DSA-1358-1 : asterisk - several vulnerabilities