Lucene search

[email protected]CVE-2007-2293

HistoryApr 26, 2007 - 8:19 p.m.

CVE-2007-2293

2007-04-2620:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2293

asterisk

sip

buffer overflow

code execution

nvd

7.9 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.956 High

EPSS

Percentile

99.4%

JSON

Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.

CPENameOperatorVersion
asterisk:asteriskasteriskeq1.4_beta
asterisk:asteriskasteriskeq1.4.2
asterisk:asteriskasteriskeq1.4.1

CPE	Name	Operator	Version
asterisk:asterisk	asterisk	eq	1.4_beta
asterisk:asterisk	asterisk	eq	1.4.2
asterisk:asterisk	asterisk	eq	1.4.1

References

secunia.com/advisories/24977

securityreason.com/securityalert/2645

www.asterisk.org/files/ASA-2007-010.pdf

www.osvdb.org/35368

www.securityfocus.com/archive/1/466883/100/0/threaded

www.securityfocus.com/archive/1/472804/100/0/threaded

www.securityfocus.com/bid/23648

www.securitytracker.com/id?1017951

www.securitytracker.com/id?1018337

www.vupen.com/english/advisories/2007/1534

exchange.xforce.ibmcloud.com/vulnerabilities/33895

7.9 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.956 High

EPSS

Percentile

99.4%

JSON

Related for CVE-2007-2293

nessus1 prion1 ubuntucve1 debiancve1