CVE-2007-3762: Buffer Overflow
First published: Wed Jul 18 2007(Updated: )
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asterisk | =1.0.11 | |
| Asterisk | =1.2.14 | |
| Asterisk | =1.2.16 | |
| Asterisk | =1.2.5 | |
| Asterisk | =b.1.3.3 | |
| Digium AsteriskNOW | =beta_6 | |
| Asterisk | =1.0.8 | |
| Digium AsteriskNOW | =beta_5 | |
| Asterisk | =1.4_beta | |
| Asterisk | =1.2.6 | |
| Asterisk | =1.2.7 | |
| Asterisk | =1.2.0_beta1 | |
| Asterisk | =1.0.12 | |
| Asterisk | =b.2.2.0 | |
| Asterisk | =1.2.8 | |
| Asterisk | =1.4.2 | |
| Asterisk | =1.2.15 | |
| Digium Asterisk Appliance Developer Kit | <=0.4 | |
| Asterisk | =1.2.17 | |
| Asterisk | =1.2.11 | |
| Asterisk | =1.2.12 | |
| Asterisk | =1.0.6 | |
| Asterisk | =1.0.9 | |
| Asterisk | =b.1.3.2 | |
| Asterisk | =1.2.10 | |
| Asterisk | =1.2.9 | |
| Asterisk | =1.0.7 | |
| Asterisk | =1.2.13 | |
| Asterisk | =1.2.0_beta2 | |
| Asterisk | =1.0 | |
| Asterisk | =1.4.1 | |
| Asterisk | =1.4.4_2007-04-27 | |
| Asterisk | =1.0.10 | |
| Asterisk | =a | |
| Digium Asterisk s800i Appliance | =1.0 | |
| Digium Asterisk s800i Appliance | =1.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://ftp.digium.com/pub/asa/ASA-2007-014.pdf
- http://www.debian.org/security/2007/dsa-1358
- http://www.novell.com/linux/security/advisories/2007_15_sr.html
- http://www.securityfocus.com/bid/24949
- http://www.securitytracker.com/id?1018407
- http://secunia.com/advisories/26099
- http://bugs.gentoo.org/show_bug.cgi?id=185713
- http://security.gentoo.org/glsa/glsa-200802-11.xml
- http://secunia.com/advisories/29051
- http://www.vupen.com/english/advisories/2007/2563
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35466
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/remedy
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/asterisk
- canonical/asterisk
- version/asterisk/1.0.11
- version/asterisk/1.2.14
- version/asterisk/1.2.16
- version/asterisk/1.2.5
- version/asterisk/b.1.3.3
- canonical/digium asterisknow
- version/digium asterisknow/beta_6
- version/asterisk/1.0.8
- version/digium asterisknow/beta_5
- version/asterisk/1.4_beta
- version/asterisk/1.2.6
- version/asterisk/1.2.7
- version/asterisk/1.2.0_beta1
- version/asterisk/1.0.12
- version/asterisk/b.2.2.0
- version/asterisk/1.2.8
- version/asterisk/1.4.2
- version/asterisk/1.2.15
- canonical/digium asterisk appliance developer kit
- version/digium asterisk appliance developer kit/0.4
- version/asterisk/1.2.17
- version/asterisk/1.2.11
- version/asterisk/1.2.12
- version/asterisk/1.0.6
- version/asterisk/1.0.9
- version/asterisk/b.1.3.2
- version/asterisk/1.2.10
- version/asterisk/1.2.9
- version/asterisk/1.0.7
- version/asterisk/1.2.13
- version/asterisk/1.2.0_beta2
- version/asterisk/1.0
- version/asterisk/1.4.1
- version/asterisk/1.4.4_2007-04-27
- version/asterisk/1.0.10
- version/asterisk/a
- canonical/digium asterisk s800i appliance
- version/digium asterisk s800i appliance/1.0
- version/digium asterisk s800i appliance/1.0.1