fkie_nvd - fkie_cve-2007-3765

fkie_cve-2007-3765

Vulnerability from fkie_nvd

Published

2007-07-18 17:30

Modified

2024-11-21 00:34

Severity ?

Summary

The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.

References

URL	Tags
cve@mitre.org	http://ftp.digium.com/pub/asa/ASA-2007-017.pdf	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/26099
cve@mitre.org	http://www.securityfocus.com/bid/24950
cve@mitre.org	http://www.securitytracker.com/id?1018407
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2563
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35480
af854a3a-2127-422b-91ae-364da2661108	http://ftp.digium.com/pub/asa/ASA-2007-017.pdf	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26099
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24950
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018407
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2563
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35480

Impacted products

Vendor	Product	Version
asterisk	asterisk	1.0
asterisk	asterisk	1.0.6
asterisk	asterisk	1.0.7
asterisk	asterisk	1.0.8
asterisk	asterisk	1.0.9
asterisk	asterisk	1.0.10
asterisk	asterisk	1.0.11
asterisk	asterisk	1.0.12
asterisk	asterisk	1.2.0_beta1
asterisk	asterisk	1.2.0_beta2
asterisk	asterisk	1.2.5
asterisk	asterisk	1.2.6
asterisk	asterisk	1.2.7
asterisk	asterisk	1.2.8
asterisk	asterisk	1.2.9
asterisk	asterisk	1.2.10
asterisk	asterisk	1.2.11
asterisk	asterisk	1.2.12
asterisk	asterisk	1.2.13
asterisk	asterisk	1.2.14
asterisk	asterisk	1.2.15
asterisk	asterisk	1.2.16
asterisk	asterisk	1.2.17
asterisk	asterisk	1.4.1
asterisk	asterisk	1.4.2
asterisk	asterisk	1.4.4_2007-04-27
asterisk	asterisk	1.4_beta
asterisk	asterisk	a
asterisk	asterisk	b.1.3.2
asterisk	asterisk	b.1.3.3
asterisk	asterisk	b.2.2.0
asterisk	asterisk_appliance_developer_kit	*
asterisk	asterisknow	beta_5
asterisk	asterisknow	beta_6
asterisk	s800i_appliance	1.0
asterisk	s800i_appliance	1.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54F50B72-EFB3-448F-A2B8-C2BE4D4BF341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "69BE50A7-FCA8-470A-B212-A516224306EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E306F943-ECA2-41C8-8C5D-F6A3D68ECE79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C309D90-24ED-4DC7-A770-783A7E28705F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B6DFD0D-86CE-4423-A0F4-C3581F916038",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "77255177-4EB2-47F5-8B3A-F6164C3C8173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2145ECD7-D734-4D58-8474-2F38DF9DB94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "38C3AAB7-EA93-40BA-8ADE-380DA3520747",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E97310AF-E163-4C4F-A0BE-2940A67C336B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A7A018-4EB6-4C15-9A22-E4299A6919C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7A7F90E-4600-4058-BB10-E39BE8F4968F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5722AD0B-B329-4DA3-A251-A18DD6EE505E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "18B8E66C-B2EB-4F1F-9226-07A957885D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD3CBC1-1371-440A-9EA1-7495A4FA2C49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B4841AD-96B7-4518-AC3E-3D23C88C083B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C89A173C-C64A-440F-BCC6-EDE692521171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "C716CAB8-5F2D-44DA-982B-3A47B3B59A1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FABB45-93A9-49BB-93DA-D13305E2FF84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F82331-A7C1-4166-AE45-A83BD7FC3D25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A10E99-3A8C-430A-8FB6-4A55E01A00E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5DF84B2-A104-4FA2-8B02-D243D76ACEE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4BA2270-DF93-48FB-A90F-DFBFED05F051",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4FE0264-95E4-4B75-8904-369035DEA2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "593AA737-5AF3-4F7C-B74B-D3F37701C435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D942B911-979A-4AC3-93D6-07E420171E77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4.4_2007-04-27:*:*:*:*:*:*:*",
              "matchCriteriaId": "465DB1C7-D5DD-4A2D-8506-8642AB8363C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "181C8E98-2138-4BFC-B6B0-1DA270AEE7F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*",
              "matchCriteriaId": "C6702046-43CF-4C84-9F76-24716C9F7D20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*",
              "matchCriteriaId": "524CF00B-1B36-4C1F-80B4-28349891669B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*",
              "matchCriteriaId": "2942FA48-42CE-4E67-A5BF-7852652EDE28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*",
              "matchCriteriaId": "4160A834-9194-474C-819B-60627E470D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C150564-406F-4B49-AEF8-0F2887738E4D",
              "versionEndIncluding": "0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B12A09BE-1EE0-46D5-B3F0-E8847409A49A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A5A734E-1DD3-4924-8AC1-97048FA3270F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9282AC42-E98A-4BC2-B46D-15B5776C961F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:asterisk:s800i_appliance:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83DBFD69-2500-46C1-827C-1493CF896F49",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n STUN en Asterisk 1.4.x anterior a 1.4.8, AsteriskNOW anterior a beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de una longitud de atributo manipulado STUN en un paquete STUN enviado a un puerto RTP."
    }
  ],
  "id": "CVE-2007-3765",
  "lastModified": "2024-11-21T00:34:00.980",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-18T17:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26099"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24950"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1018407"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2563"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://ftp.digium.com/pub/asa/ASA-2007-017.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35480"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2007-3765

Vulnerability from cvelistv5

Published

2007-07-18 17:00

Modified

2024-08-07 14:28