Vulnerability CVE-2007-3762
Published: 2007-07-18   Modified: 2012-02-12

Description:
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Asterisk -> Asterisk 
Asterisk -> Asterisk appliance developer kit 
Asterisk -> Asterisknow 
Asterisk -> S800i appliance 

 References:
http://ftp.digium.com/pub/asa/ASA-2007-014.pdf
http://www.vupen.com/english/advisories/2007/2563
http://xforce.iss.net/xforce/xfdb/35466
http://www.securitytracker.com/id?1018407
http://www.securityfocus.com/bid/24949
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://www.debian.org/security/2007/dsa-1358
http://security.gentoo.org/glsa/glsa-200802-11.xml
http://secunia.com/advisories/29051
http://secunia.com/advisories/26099
http://bugs.gentoo.org/show_bug.cgi?id=185713
Copyright 2024, cxsecurity.com

 

Back to Top