Vulnerability CVE-2006-5445 - CERT Civis.Net

Vulnerability Name:

CVE-2006-5445 (CCN-29664)

Assigned:

2006-10-18

Published:

2006-10-18

Updated:

2018-10-17

Summary:

Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.
This vulnerability is addressed in the following product releases:
Digium, Asterisk, 1.4.0-beta2
Digium, Asterisk, 1.2.13

CVSS v3 Severity:

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2006-5445

Source: CONFIRM
Type: Patch
http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13

Source: SECUNIA
Type: UNKNOWN
22651

Source: SECUNIA
Type: UNKNOWN
22979

Source: CCN
Type: Asterisk Web site
Asterisk | The Open Source PBX

Source: CONFIRM
Type: Patch
http://www.asterisk.org/node/109

Source: CONFIRM
Type: Patch
http://www.asterisk.org/node/110

Source: CCN
Type: GLSA-200610-15
Asterisk: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200610-15

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:069

Source: OSVDB
Type: UNKNOWN
29973

Source: CCN
Type: OSVDB ID: 29973
Asterisk SIP Channel Driver (chan_sip) Unspecified Remote DoS

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2006.024

Source: BID
Type: UNKNOWN
20835

Source: CCN
Type: BID-20835
Asterisk Chan_Sip.c Unspecified Remote Denial of Service Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-4098

Source: XF
Type: UNKNOWN
asterisk-channeldriver-dos(29664)

Source: XF
Type: UNKNOWN
asterisk-channeldriver-dos(29664)

Source: SUSE
Type: SUSE-SA:2006:069
asterisk remote denial of service problem

Vulnerable Configuration:

Configuration 1:

cpe:/a:digium:asterisk:1.2.0_beta1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.0_beta2:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.6:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.7:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.8:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.9:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.10:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.11:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.12:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.0_beta1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.0_beta2:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:4.1.0:-:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20065445	V	CVE-2006-5445	2015-11-16