CVE-2007-2488

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-2488
The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://ftp.digium.com/pub/asa/ASA-2007-013.pdf
http://osvdb.org/35769
http://secunia.com/advisories/25134
http://secunia.com/advisories/25582
http://www.debian.org/security/2007/dsa-1358
http://www.novell.com/linux/security/advisories/2007_34_asterisk.html
http://www.securityfocus.com/bid/23824
http://www.vupen.com/english/advisories/2007/1661
https://exchange.xforce.ibmcloud.com/vulnerabilities/34085
http://ftp.digium.com/pub/asa/ASA-2007-013.pdf
http://osvdb.org/35769
http://secunia.com/advisories/25134
http://secunia.com/advisories/25582
http://www.debian.org/security/2007/dsa-1358
http://www.novell.com/linux/security/advisories/2007_34_asterisk.html
http://www.securityfocus.com/bid/23824
http://www.vupen.com/english/advisories/2007/1661
https://exchange.xforce.ibmcloud.com/vulnerabilities/34085
Configurations

Configuration 1 (hide)

cpe:2.3:a:asterisk:asterisk:*:*:*:*:*:*:*:*
History

21 Nov 2024, 00:30

Type Values Removed Values Added
References () http://ftp.digium.com/pub/asa/ASA-2007-013.pdf - () http://ftp.digium.com/pub/asa/ASA-2007-013.pdf -
References () http://osvdb.org/35769 - () http://osvdb.org/35769 -
References () http://secunia.com/advisories/25134 - () http://secunia.com/advisories/25134 -
References () http://secunia.com/advisories/25582 - () http://secunia.com/advisories/25582 -
References () http://www.debian.org/security/2007/dsa-1358 - () http://www.debian.org/security/2007/dsa-1358 -
References () http://www.novell.com/linux/security/advisories/2007_34_asterisk.html - () http://www.novell.com/linux/security/advisories/2007_34_asterisk.html -
References () http://www.securityfocus.com/bid/23824 - () http://www.securityfocus.com/bid/23824 -
References () http://www.vupen.com/english/advisories/2007/1661 - () http://www.vupen.com/english/advisories/2007/1661 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/34085 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/34085 -
Information

Published : 2007-05-07 19:19

Updated : 2024-11-21 00:30

NVD link : CVE-2007-2488

Mitre link : CVE-2007-2488

CVE.ORG link : CVE-2007-2488

JSON object : View

Products Affected

asterisk

  • asterisk
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024