Vulnerability Name:
CVE-2007-1594 (CCN-33168)
Assigned:
2007-03-18
Published:
2007-03-18
Updated:
2018-10-16
Summary:
The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet.
CVSS v3 Severity:
7.5 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
High
CVSS v2 Severity:
7.8 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
)
5.8 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Complete
7.8 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
)
5.8 Medium
(CCN Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Complete
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Denial of Service
References:
Source: CCN
Type: BugTraq Mailing List, Wed Mar 21 2007 - 16:30:15 CDT
Two new DoS Vulnerabilities in Asterisk Fixed
Source: CCN
Type: Asterisk Web site
Asterisk- Downloads
Source: CCN
Type: Digium Issue Tracker ID 0009313
Asterisk segfaults upon receipt of a certain SIP packet (SIP Response code 0)
Source: MISC
Type: Vendor Advisory
http://bugs.digium.com/view.php?id=9313
Source: MITRE
Type: CNA
CVE-2007-1594
Source: CCN
Type: SA24579
Asterisk SIP Response Code Denial of Service
Source: SECUNIA
Type: Patch, Vendor Advisory
24579
Source: SECUNIA
Type: UNKNOWN
24719
Source: SECUNIA
Type: UNKNOWN
25582
Source: GENTOO
Type: UNKNOWN
GLSA-200704-01
Source: CCN
Type: SECTRACK ID: 1017809
Asterisk Can Be Crashed By Remote Users With an Unexpected SIP Response Code
Source: MISC
Type: UNKNOWN
http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907&r2=59038
Source: MLIST
Type: Vendor Advisory
[VOIPSEC] 20070319 Asterisk SDP DOS vulnerability
Source: CONFIRM
Type: UNKNOWN
http://www.asterisk.org/node/48338
Source: CCN
Type: GLSA-200704-01
Asterisk: Two SIP Denial of Service vulnerabilities
Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:034
Source: CCN
Type: OSVDB ID: 34478
Asterisk Crafted SIP Response Code handle_response Function DoS
Source: BUGTRAQ
Type: UNKNOWN
20070321 Two new DoS Vulnerabilities in Asterisk Fixed
Source: BID
Type: UNKNOWN
23093
Source: CCN
Type: BID-23093
Asterisk SIP Channel Driver Response Code Zero Remote Denial of Service Vulnerability
Source: SECTRACK
Type: UNKNOWN
1017809
Source: CONFIRM
Type: Vendor Advisory
http://www.sineapps.com/news.php?rssid=1707
Source: VUPEN
Type: UNKNOWN
ADV-2007-1077
Source: XF
Type: UNKNOWN
asterisk-sipchannel-dos(33168)
Source: SUSE
Type: SUSE-SA:2007:034
Asterisk security update
Vulnerable Configuration:
Configuration 1
:
cpe:/a:asterisk:asterisk:0.1.7:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:0.1.8:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:0.1.9:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:0.1.9_1:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:0.1.11:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:0.2:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:0.3:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:0.4:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:0.7.0:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:0.7.1:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:0.7.2:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:0.9.0:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.0:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.0.6:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.0.7:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.0.8:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.0.9:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.0.10:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.0.11:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.0.12:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*
OR
cpe:/a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:org.opensuse.security:def:20071594
V
CVE-2007-1594
2015-11-16
BACK
asterisk
asterisk 0.1.7
asterisk
asterisk 0.1.8
asterisk
asterisk 0.1.9
asterisk
asterisk 0.1.9_1
asterisk
asterisk 0.1.11
asterisk
asterisk 0.2
asterisk
asterisk 0.3
asterisk
asterisk 0.4
asterisk
asterisk 0.7.0
asterisk
asterisk 0.7.1
asterisk
asterisk 0.7.2
asterisk
asterisk 0.9.0
asterisk
asterisk 1.0
asterisk
asterisk 1.0.6
asterisk
asterisk 1.0.7
asterisk
asterisk 1.0.8
asterisk
asterisk 1.0.9
asterisk
asterisk 1.0.10
asterisk
asterisk 1.0.11
asterisk
asterisk 1.0.12
asterisk
asterisk 1.2.0_beta1
asterisk
asterisk 1.2.0_beta2
asterisk
asterisk 1.2.5
asterisk
asterisk 1.2.6
asterisk
asterisk 1.2.7
asterisk
asterisk 1.2.8
asterisk
asterisk 1.2.9
asterisk
asterisk 1.2.10
asterisk
asterisk 1.2.11
asterisk
asterisk 1.2.12
asterisk
asterisk 1.2.13
asterisk
asterisk 1.2.14
asterisk
asterisk 1.2.15
asterisk
asterisk 1.2.16
asterisk
asterisk 1.2.17
asterisk
asterisk 1.4.1
asterisk
asterisk 1.4_beta
Denotes that component is vulnerable