Vulnerabilities > CVE-2007-4521 - Remote Denial of Service vulnerability in Asterisk Malformed MIME Body

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

asterisk

NVD

Published: 2007-08-28

Updated: 2018-10-15

Summary

Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail.

Vulnerable Configurations

Part	Description	Count
Application	Asterisk Asterisk Asterisk 1.4.5 Asterisk Asterisk 1.4.6 Asterisk Asterisk 1.4.7 Asterisk Asterisk 1.4.8 Asterisk Asterisk 1.4.9 Asterisk Asterisk 1.4.10 Asterisk Asterisk 1.4.11	7

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 25438 CVE(CAN) ID: CVE-2007-4521 Asterisk是开放源码的软件PBX，支持各种VoIP协议和设备。 Asterisk在处理畸形格式的MIME数据时存在漏洞，远程攻击者可能利用此漏洞导致设备不可用。如果将Asterisk配置为使用IMAP做为其语音邮件的后端存储的话，则发送给用户的带有畸形MIME体的邮件会导致用户在使用电话听取语音邮件时Asterisk出现崩溃。 Asterisk Asterisk 1.4.5 - 1.4.11 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href="http://lists.digium.com/pipermail/asterisk-commits/2007-August/015743.html%7C" target="_blank">http://lists.digium.com/pipermail/asterisk-commits/2007-August/015743.html%7C</a>
id	SSV:2179
last seen	2017-11-19
modified	2007-08-29
published	2007-08-29
reporter	Root
title	Asterisk畸形MIME体远程拒绝服务漏洞

Summary

Vulnerable Configurations

Seebug

References