Launchpad.net

CVE 2007-2294

The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.

Related bugs and status

CVE-2007-2294 (Candidate) is related to these bugs:

Bug #110066: Multiple security holes in Asterisk

		In	Importance	Status
110066	Multiple security holes in Asterisk	asterisk (Ubuntu)	High	Fix Released
110066	Multiple security holes in Asterisk	asterisk (Ubuntu Edgy)	High	Fix Released
110066	Multiple security holes in Asterisk	asterisk (Ubuntu Feisty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.asterisk.or...
SECTRACK: 1017955
SECUNIA: 24977
BID: 23649
SUSE: SUSE-SA:2007:034
SECUNIA: 25582
OSVDB: 35369
SREASON: 2646
DEBIAN: DSA-1358
VUPEN: ADV-2007-1534
XF: asterisk-interface-dos...
BUGTRAQ: 20070425 ASA-2007-012:...