Denial of Service in Asterisk STUN Implementation by Digium
CVE-2007-3765

Currently unrated

Key Information:

Vendor: Asterisk
Status: Asterisk; Asterisknow; Asterisk Appliance Developer Kit
Vendor: CVE Published:; 18 July 2007

Summary

The STUN implementation in multiple versions of Asterisk, including Asterisk 1.4.x prior to 1.4.8 and other related products, allows remote attackers to trigger a denial of service by sending specially crafted STUN packets. This vulnerability could lead to crashes, impacting the availability of the affected systems and services.

References

http://secunia.com/advisories/26099

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/24950

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1018407

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jul 18, 2007
Vulnerability Reserved
Jul 13, 2007