Vulnerability CVE-2007-3762

Vulnerability Name:

CVE-2007-3762 (CCN-35466)

Assigned:

2007-07-17

Published:

2007-07-17

Updated:

2017-07-29

Summary:

Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.

CVSS v3 Severity:

9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Full-Disclosure Mailing List, Tue Jul 17 2007 - 17:55:51 CDT
ASA-2007-014: Stack buffer overflow in IAX2 channel driver

Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=185713

Source: MITRE
Type: CNA
CVE-2007-3762

Source: CCN
Type: ASA-2007-014
Stack buffer overflow in IAX2 channel driver

Source: CONFIRM
Type: Patch
http://ftp.digium.com/pub/asa/ASA-2007-014.pdf

Source: CCN
Type: SA26099
Asterisk Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
26099

Source: SECUNIA
Type: UNKNOWN
29051

Source: GENTOO
Type: UNKNOWN
GLSA-200802-11

Source: CCN
Type: SECTRACK ID: 1018407
Asterisk STUN, Skinny Channel Driver, and IAX2 Channel Driver Bugs Let Remote Users Deny Service or Execute Arbitrary Code

Source: DEBIAN
Type: UNKNOWN
DSA-1358

Source: DEBIAN
Type: DSA-1358
asterisk -- several vulnerabilities

Source: CCN
Type: GLSA-200802-11
Asterisk: Multiple vulnerabilities

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:015

Source: CCN
Type: OSVDB ID: 38196
Asterisk IAX2 Channel Driver (chan_iax2) RTP Frame Handling Remote Overflow

Source: BID
Type: UNKNOWN
24949

Source: CCN
Type: BID-24949
Asterisk IAX2 Channel Driver IAX2_Write Function Remote Stack Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018407

Source: VUPEN
Type: UNKNOWN
ADV-2007-2563

Source: XF
Type: UNKNOWN
asterisk-iax2channeldriver-bo(35466)

Source: XF
Type: UNKNOWN
asterisk-iax2channeldriver-bo(35466)

Source: SUSE
Type: SUSE-SR:2007:015
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:asterisk:asterisk:1.0:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.0.9:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.0.10:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.0.11:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.0.12:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.2.0_beta1:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.2.0_beta2:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.2.5:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.2.6:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.2.7:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.2.8:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.2.9:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.2.10:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.2.11:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.2.12:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.2.13:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.2.14:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.2.15:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.2.17:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.4.4_2007-04-27:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:1.4_beta:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:a:*:business:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:b.1.3.2:*:business:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:b.1.3.3:*:business:*:*:*:*:*

OR cpe:/a:asterisk:asterisk:b.2.2.0:*:business:*:*:*:*:*

OR cpe:/a:asterisk:asterisk_appliance_developer_kit:*:*:*:*:*:*:*:* (Version <= 0.4)

OR cpe:/a:asterisk:asterisknow:beta_5:*:*:*:*:*:*:*

OR cpe:/a:asterisk:asterisknow:beta_6:*:*:*:*:*:*:*

Configuration 2:

cpe:/h:asterisk:s800i_appliance:1.0:*:*:*:*:*:*:*

OR cpe:/h:asterisk:s800i_appliance:1.0.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:digium:asterisknow_pre-release:beta6:*:*:*:*:*:*:*

AND

cpe:/o:suse:suse_linux:*:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*

OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20073762	V	CVE-2007-3762	2015-11-16
oval:org.mitre.oval:def:18250	P	DSA-1358-1 asterisk	2014-06-23
oval:org.debian:def:1358	V	several vulnerabilities	2007-08-26

BACK