Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в голосовом сервере Asterisk (multiple bugs)
Опубликовано:19 июля 2007 г.
Источник:
SecurityVulns ID:7943
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнение буфера и DoS при разборе IAX2, DoS при разборе протоколов Skinny и STUN.
Затронутые продукты:ASTERISK : Asterisk 1.2
 DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk s800i
CVE:CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.)
 CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy.")
 CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.)
 CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.)
Оригинальный текстdocumentASTERISK, ASA-2007-017: Remote Crash Vulnerability in STUN implementation (19.07.2007)
 documentASTERISK, ASA-2007-016: Remote crash vulnerability in Skinny channel driver (19.07.2007)
 documentASTERISK, ASA-2007-015: Remote Crash Vulnerability in IAX2 channel driver (19.07.2007)
 documentASTERISK, ASA-2007-014: Stack buffer overflow in IAX2 channel driver (19.07.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород