Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2007-2297

The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).

Related bugs and status

CVE-2007-2297 (Candidate) is related to these bugs:

Bug #110066: Multiple security holes in Asterisk

		In	Importance	Status
110066	Multiple security holes in Asterisk	asterisk (Ubuntu)	High	Fix Released
110066	Multiple security holes in Asterisk	asterisk (Ubuntu Edgy)	High	Fix Released
110066	Multiple security holes in Asterisk	asterisk (Ubuntu Feisty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://bugs.digium.com...
CONFIRM: http://www.asterisk.or...
SECTRACK: 1017954
SUSE: SUSE-SA:2007:034
BID: 24359
SECUNIA: 25582
SREASON: 2644
DEBIAN: DSA-1358
XF: asterisk-sip-response-...
BUGTRAQ: 20070425 ASA-2007-011:...