Denial of Service Vulnerability in Asterisk Open Source and Appliances
CVE-2007-4280

Currently unrated

Key Information:

Vendor
Asterisk
Status
S800i
Asterisk
Asterisk Appliance Developer Kit
Asterisknow
Vendor
CVE Published:
9 August 2007

Summary

The Skinny channel driver (chan_skinny) in various versions of Asterisk Open Source and its appliances allows authenticated remote users to trigger a denial of service. This occurs by sending a specially crafted CAPABILITIES_RES_MESSAGE packet that exceeds the allocated capabilities_res_message array, resulting in an application crash. Administrators should ensure that their Asterisk systems are updated to the latest versions to mitigate this vulnerability.

References

http://www.vupen.com/english/advisories/2007/2808
vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/26340
third-party-advisoryx_refsource_SECUNIA
http://downloads.digium.com/pub/asa/ASA-2007-019.pdf
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2007-4280 : Denial of Service Vulnerability in Asterisk Open Source and Appliances | SecurityVulnerability.io