CVE-2007-4103

2007-07-31T00:00:00
ID UB:CVE-2007-4103
Type ubuntucve
Reporter ubuntu.com
Modified 2007-07-31T00:00:00

Description

The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.

Notes

Author| Note
---|---
fujitsu | Only 1.2.20, 1.2.21, 1.2.21.1 and 1.2.22 are affected.