CVE-2007-3762: Buffer Overflow
First published: Wed Jul 18 2007(Updated: )
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asterisk Asterisk | =1.0.11 | |
| Asterisk Asterisk | =1.2.14 | |
| Asterisk Asterisk | =1.2.16 | |
| Asterisk Asterisk | =1.2.5 | |
| Asterisk Asterisk | =b.1.3.3 | |
| Asterisk Asterisknow | =beta_6 | |
| Asterisk Asterisk | =1.0.8 | |
| Asterisk Asterisknow | =beta_5 | |
| Asterisk Asterisk | =1.4_beta | |
| Asterisk Asterisk | =1.2.6 | |
| Asterisk Asterisk | =1.2.7 | |
| Asterisk Asterisk | =1.2.0_beta1 | |
| Asterisk Asterisk | =1.0.12 | |
| Asterisk Asterisk | =b.2.2.0 | |
| Asterisk Asterisk | =1.2.8 | |
| Asterisk Asterisk | =1.4.2 | |
| Asterisk Asterisk | =1.2.15 | |
| Asterisk Asterisk Appliance Developer Kit | <=0.4 | |
| Asterisk Asterisk | =1.2.17 | |
| Asterisk Asterisk | =1.2.11 | |
| Asterisk Asterisk | =1.2.12 | |
| Asterisk Asterisk | =1.0.6 | |
| Asterisk Asterisk | =1.0.9 | |
| Asterisk Asterisk | =b.1.3.2 | |
| Asterisk Asterisk | =1.2.10 | |
| Asterisk Asterisk | =1.2.9 | |
| Asterisk Asterisk | =1.0.7 | |
| Asterisk Asterisk | =1.2.13 | |
| Asterisk Asterisk | =1.2.0_beta2 | |
| Asterisk Asterisk | =1.0 | |
| Asterisk Asterisk | =1.4.1 | |
| Asterisk Asterisk | =1.4.4_2007-04-27 | |
| Asterisk Asterisk | =1.0.10 | |
| Asterisk Asterisk | =a | |
| Asterisk S800i Appliance | =1.0 | |
| Asterisk S800i Appliance | =1.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://ftp.digium.com/pub/asa/ASA-2007-014.pdf
- http://www.debian.org/security/2007/dsa-1358
- http://www.novell.com/linux/security/advisories/2007_15_sr.html
- http://www.securityfocus.com/bid/24949
- http://www.securitytracker.com/id?1018407
- http://secunia.com/advisories/26099
- http://bugs.gentoo.org/show_bug.cgi?id=185713
- http://security.gentoo.org/glsa/glsa-200802-11.xml
- http://secunia.com/advisories/29051
- http://www.vupen.com/english/advisories/2007/2563
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35466
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/asterisk
- canonical/asterisk asterisk
- version/asterisk asterisk/1.0.11
- version/asterisk asterisk/1.2.14
- version/asterisk asterisk/1.2.16
- version/asterisk asterisk/1.2.5
- version/asterisk asterisk/b.1.3.3
- canonical/asterisk asterisknow
- version/asterisk asterisknow/beta_6
- version/asterisk asterisk/1.0.8
- version/asterisk asterisknow/beta_5
- version/asterisk asterisk/1.4_beta
- version/asterisk asterisk/1.2.6
- version/asterisk asterisk/1.2.7
- version/asterisk asterisk/1.2.0_beta1
- version/asterisk asterisk/1.0.12
- version/asterisk asterisk/b.2.2.0
- version/asterisk asterisk/1.2.8
- version/asterisk asterisk/1.4.2
- version/asterisk asterisk/1.2.15
- canonical/asterisk asterisk appliance developer kit
- version/asterisk asterisk appliance developer kit/0.4
- version/asterisk asterisk/1.2.17
- version/asterisk asterisk/1.2.11
- version/asterisk asterisk/1.2.12
- version/asterisk asterisk/1.0.6
- version/asterisk asterisk/1.0.9
- version/asterisk asterisk/b.1.3.2
- version/asterisk asterisk/1.2.10
- version/asterisk asterisk/1.2.9
- version/asterisk asterisk/1.0.7
- version/asterisk asterisk/1.2.13
- version/asterisk asterisk/1.2.0_beta2
- version/asterisk asterisk/1.0
- version/asterisk asterisk/1.4.1
- version/asterisk asterisk/1.4.4_2007-04-27
- version/asterisk asterisk/1.0.10
- version/asterisk asterisk/a
- canonical/asterisk s800i appliance
- version/asterisk s800i appliance/1.0
- version/asterisk s800i appliance/1.0.1