Vulnerabilities > CVE-2007-2297 - Unspecified vulnerability in Asterisk
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN asterisk
nessus
Summary
The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_ASTERISK-3543.NASL description This update fixes multiple bugs that allowed attackers to remotely crash asterisk or cause an information leak (CVE-2007-1561, CVE-2007-1594, CVE-2007-1595, CVE-2007-2297, CVE-2007-2488). last seen 2020-06-01 modified 2020-06-02 plugin id 27157 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27157 title openSUSE 10 Security Update : asterisk (asterisk-3543) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update asterisk-3543. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27157); script_version ("1.13"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2007-1561", "CVE-2007-1594", "CVE-2007-1595", "CVE-2007-2297", "CVE-2007-2488"); script_name(english:"openSUSE 10 Security Update : asterisk (asterisk-3543)"); script_summary(english:"Check for the asterisk-3543 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes multiple bugs that allowed attackers to remotely crash asterisk or cause an information leak (CVE-2007-1561, CVE-2007-1594, CVE-2007-1595, CVE-2007-2297, CVE-2007-2488)." ); script_set_attribute( attribute:"solution", value:"Update the affected asterisk package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:asterisk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"asterisk-1.2.5-12.12") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"asterisk-1.2.13-23") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "asterisk"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1358.NASL description Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1306 last seen 2020-06-01 modified 2020-06-02 plugin id 25938 published 2007-08-28 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25938 title Debian DSA-1358-1 : asterisk - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1358. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(25938); script_version("1.22"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2007-1306", "CVE-2007-1561", "CVE-2007-2294", "CVE-2007-2297", "CVE-2007-2488", "CVE-2007-3762", "CVE-2007-3763", "CVE-2007-3764"); script_xref(name:"DSA", value:"1358"); script_name(english:"Debian DSA-1358-1 : asterisk - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1306 'Mu Security' discovered that a NULL pointer dereference in the SIP implementation could lead to denial of service. - CVE-2007-1561 Inria Lorraine discovered that a programming error in the SIP implementation could lead to denial of service. - CVE-2007-2294 It was discovered that a NULL pointer dereference in the manager interface could lead to denial of service. - CVE-2007-2297 It was discovered that a programming error in the SIP implementation could lead to denial of service. - CVE-2007-2488 Tim Panton and Birgit Arkestein discovered that a programming error in the IAX2 implementation could lead to information disclosure. - CVE-2007-3762 Russell Bryant discovered that a buffer overflow in the IAX implementation could lead to the execution of arbitrary code. - CVE-2007-3763 Chris Clark and Zane Lackey discovered that several NULL pointer dereferences in the IAX2 implementation could lead to denial of service. - CVE-2007-3764 Will Drewry discovered that a programming error in the Skinny implementation could lead to denial of service." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-1306" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-1561" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-2294" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-2297" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-2488" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3762" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3763" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3764" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2007/dsa-1358" ); script_set_attribute( attribute:"solution", value: "Upgrade the Asterisk packages. For the oldstable distribution (sarge) these problems have been fixed in version 1.0.7.dfsg.1-2sarge5. For the stable distribution (etch) these problems have been fixed in version 1:1.2.13~dfsg-2etch1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2007/08/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/08/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"asterisk", reference:"1.0.7.dfsg.1-2sarge5")) flag++; if (deb_check(release:"3.1", prefix:"asterisk-config", reference:"1.0.7.dfsg.1-2sarge5")) flag++; if (deb_check(release:"3.1", prefix:"asterisk-dev", reference:"1.0.7.dfsg.1-2sarge5")) flag++; if (deb_check(release:"3.1", prefix:"asterisk-doc", reference:"1.0.7.dfsg.1-2sarge5")) flag++; if (deb_check(release:"3.1", prefix:"asterisk-gtk-console", reference:"1.0.7.dfsg.1-2sarge5")) flag++; if (deb_check(release:"3.1", prefix:"asterisk-h323", reference:"1.0.7.dfsg.1-2sarge5")) flag++; if (deb_check(release:"3.1", prefix:"asterisk-sounds-main", reference:"1.0.7.dfsg.1-2sarge5")) flag++; if (deb_check(release:"3.1", prefix:"asterisk-web-vmail", reference:"1.0.7.dfsg.1-2sarge5")) flag++; if (deb_check(release:"4.0", prefix:"asterisk", reference:"1:1.2.13~dfsg-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"asterisk-bristuff", reference:"1:1.2.13~dfsg-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"asterisk-classic", reference:"1:1.2.13~dfsg-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"asterisk-config", reference:"1:1.2.13~dfsg-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"asterisk-dev", reference:"1:1.2.13~dfsg-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"asterisk-doc", reference:"1:1.2.13~dfsg-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"asterisk-h323", reference:"1:1.2.13~dfsg-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"asterisk-sounds-main", reference:"1:1.2.13~dfsg-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"asterisk-web-vmail", reference:"1:1.2.13~dfsg-2etch1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://bugs.digium.com/view.php?id=9313
- http://bugs.digium.com/view.php?id=9313
- http://secunia.com/advisories/25582
- http://secunia.com/advisories/25582
- http://securityreason.com/securityalert/2644
- http://securityreason.com/securityalert/2644
- http://www.asterisk.org/files/ASA-2007-011.pdf
- http://www.asterisk.org/files/ASA-2007-011.pdf
- http://www.debian.org/security/2007/dsa-1358
- http://www.debian.org/security/2007/dsa-1358
- http://www.novell.com/linux/security/advisories/2007_34_asterisk.html
- http://www.novell.com/linux/security/advisories/2007_34_asterisk.html
- http://www.securityfocus.com/archive/1/466882/100/0/threaded
- http://www.securityfocus.com/archive/1/466882/100/0/threaded
- http://www.securityfocus.com/bid/24359
- http://www.securityfocus.com/bid/24359
- http://www.securitytracker.com/id?1017954
- http://www.securitytracker.com/id?1017954
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33892
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33892