Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:24307
[Rus]
Version
2
Class
patch
ALTXid
157784
Language
English
Severity
NotAvailable
Title
SUSE-SA:2007:034 -- SUSE Security Announcement: asterisk
Description
The Open Source PBX software Asterisk was updated to fix several security related bugs that allowed attackers to remotely
crash asterisk or cause information leaks.
Family
unix
Platform
openSUSE 10.2
Product
asterisk
Reference
VENDOR: SUSE-SA:2007:034
VENDOR: SUSE-SA:2007:034
Id:
SUSE-SA:2007:034
Reference:
http://lists.opensuse.org/opensuse-security-announce/2007-06/msg00000.html
CVE: CVE-2007-1306
CVE: CVE-2007-1306
Id:
CVE-2007-1306
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1306
Comment
: Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE:
CWE-Other ()
References:
http://asterisk.org/node/48319 (CONFIRM)
http://asterisk.org/node/48320 (CONFIRM)
http://labs.musecurity.com/advisories/MU-200703-01.txt (MISC)
24380 (SECUNIA)
24578 (SECUNIA)
25582 (SECUNIA)
GLSA-200703-14 (GENTOO)
DSA-1358 (DEBIAN)
VU#228032 (CERT-VN)
SUSE-SA:2007:034 (SUSE)
33888 (OSVDB)
22838 (BID)
1017723 (SECTRACK)
ADV-2007-0830 (VUPEN)
asterisk-sip-channeldriver-dos(32830) (XF)
CVE: CVE-2007-1561
CVE: CVE-2007-1561
Id:
CVE-2007-1561
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1561
Comment
: The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE:
CWE-Other ()
References:
http://asterisk.org/node/48339 (CONFIRM)
20070319 Asterisk SDP DOS vulnerability (FULLDISC)
24564 (SECUNIA)
24719 (SECUNIA)
25582 (SECUNIA)
GLSA-200704-01 (GENTOO)
[VOIPSEC] 20070319 Asterisk SDP DOS vulnerability (MLIST)
DSA-1358 (DEBIAN)
SUSE-SA:2007:034 (SUSE)
34479 (OSVDB)
20070321 Two new DoS Vulnerabilities in Asterisk Fixed (BUGTRAQ)
23031 (BID)
1017794 (SECTRACK)
http://www.sineapps.com/news.php?rssid=1707 (CONFIRM)
ADV-2007-1039 (VUPEN)
asterisk-sip-invite-dos(33068) (XF)
CVE: CVE-2007-1594
CVE: CVE-2007-1594
Id:
CVE-2007-1594
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1594
Comment
: The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE:
CWE-Other ()
References:
http://bugs.digium.com/view.php?id=9313 (MISC)
24579 (SECUNIA)
24719 (SECUNIA)
25582 (SECUNIA)
GLSA-200704-01 (GENTOO)
http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907&r2=59038 (MISC)
[VOIPSEC] 20070319 Asterisk SDP DOS vulnerability (MLIST)
http://www.asterisk.org/node/48338 (CONFIRM)
SUSE-SA:2007:034 (SUSE)
20070321 Two new DoS Vulnerabilities in Asterisk Fixed (BUGTRAQ)
23093 (BID)
1017809 (SECTRACK)
http://www.sineapps.com/news.php?rssid=1707 (CONFIRM)
ADV-2007-1077 (VUPEN)
CVE: CVE-2007-1595
CVE: CVE-2007-1595
Id:
CVE-2007-1595
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1595
Comment
: The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
http://bugs.digium.com/view.php?id=9316 (MISC)
24694 (SECUNIA)
25582 (SECUNIA)
http://svn.digium.com/view/asterisk?rev=59073&view=rev (CONFIRM)
SUSE-SA:2007:034 (SUSE)
23155 (BID)
ADV-2007-1123 (VUPEN)
CVE: CVE-2007-2294
CVE: CVE-2007-2294
Id:
CVE-2007-2294
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2294
Comment
: The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE:
CWE-Other ()
References:
24977 (SECUNIA)
25582 (SECUNIA)
2646 (SREASON)
http://www.asterisk.org/files/ASA-2007-012.pdf (CONFIRM)
DSA-1358 (DEBIAN)
SUSE-SA:2007:034 (SUSE)
35369 (OSVDB)
20070425 ASA-2007-012: Remote Crash Vulnerability in Manager Interface (BUGTRAQ)
23649 (BID)
1017955 (SECTRACK)
ADV-2007-1534 (VUPEN)
asterisk-interface-dos(33886) (XF)
CVE: CVE-2007-2297
CVE: CVE-2007-2297
Id:
CVE-2007-2297
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2297
Comment
: The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE:
CWE-Other ()
References:
http://bugs.digium.com/view.php?id=9313 (MISC)
25582 (SECUNIA)
2644 (SREASON)
http://www.asterisk.org/files/ASA-2007-011.pdf (CONFIRM)
DSA-1358 (DEBIAN)
SUSE-SA:2007:034 (SUSE)
20070425 ASA-2007-011: Multiple problems in SIP channel parser handling response codes (BUGTRAQ)
24359 (BID)
1017954 (SECTRACK)
asterisk-sip-response-dos(33892) (XF)
CVE: CVE-2007-2488
CVE: CVE-2007-2488
Id:
CVE-2007-2488
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2488
Comment
: The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE:
CWE-Other ()
References:
http://ftp.digium.com/pub/asa/ASA-2007-013.pdf (CONFIRM)
35769 (OSVDB)
25134 (SECUNIA)
25582 (SECUNIA)
DSA-1358 (DEBIAN)
SUSE-SA:2007:034 (SUSE)
23824 (BID)
ADV-2007-1661 (VUPEN)
asterisk-iax2-information-disclosure(34085) (XF)
Content available only for registered users!
ovaldb@altx-soft.com