Vulnerabilities > CVE-2007-1306 - Unspecified vulnerability in Digium Asterisk
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.
Vulnerable Configurations
Exploit-Db
| description | Asterisk <= 1.2.15 / 1.4.0 pre-auth Remote Denial of Service Exploit. CVE-2007-1306. Dos exploits for multiple platform |
| id | EDB-ID:3407 |
| last seen | 2016-01-31 |
| modified | 2007-03-04 |
| published | 2007-03-04 |
| reporter | fbffff |
| source | https://www.exploit-db.com/download/3407/ |
| title | Asterisk <= 1.2.15 / 1.4.0 pre-auth Remote Denial of Service Exploit |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200703-14.NASL description The remote host is affected by the vulnerability described in GLSA-200703-14 (Asterisk: SIP Denial of Service) The MU Security Research Team discovered that Asterisk contains a NULL pointer dereferencing error in the SIP channel when handling request messages. Impact : A remote attacker could cause an Asterisk server listening for SIP messages to crash by sending a specially crafted SIP request message. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 24839 published 2007-03-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24839 title GLSA-200703-14 : Asterisk: SIP Denial of Service NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1358.NASL description Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1306 last seen 2020-06-01 modified 2020-06-02 plugin id 25938 published 2007-08-28 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25938 title Debian DSA-1358-1 : asterisk - several vulnerabilities
References
- http://asterisk.org/node/48319
- http://asterisk.org/node/48320
- http://www.kb.cert.org/vuls/id/228032
- http://www.securitytracker.com/id?1017723
- http://labs.musecurity.com/advisories/MU-200703-01.txt
- http://security.gentoo.org/glsa/glsa-200703-14.xml
- http://www.securityfocus.com/bid/22838
- http://secunia.com/advisories/24380
- http://secunia.com/advisories/24578
- http://www.osvdb.org/33888
- http://www.debian.org/security/2007/dsa-1358
- http://www.novell.com/linux/security/advisories/2007_34_asterisk.html
- http://secunia.com/advisories/25582
- http://www.vupen.com/english/advisories/2007/0830
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32830