Executive Summary

Informations
NameCVE-2007-4103First vendor Publication2007-07-31
VendorCveLast vendor Modification2018-10-15

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score7.8Attack RangeNetwork
Cvss Impact Score6.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4103

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-2Inducing Account Lockout
CAPEC-82Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-147XML Ping of Death
CAPEC-228Resource Depletion through DTD Injection in a SOAP Message

CWE : Common Weakness Enumeration

%idName

CPE : Common Platform Enumeration

TypeDescriptionCount
Application8
Application1
Application1

OpenVAS Exploits

DateDescription
2008-09-24Name : Gentoo Security Advisory GLSA 200802-11 (asterisk)
File : nvt/glsa_200802_11.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
38197Asterisk IAX2 Channel Driver (chan_iax2) Incomplete Connection Saturation Rem...

Nessus® Vulnerability Scanner

DateDescription
2008-02-27Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200802-11.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/24950
BUGTRAQ http://www.securityfocus.com/archive/1/475069/100/0/threaded
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=185713
http://ftp.digium.com/pub/asa/ASA-2007-018.pdf
GENTOO http://security.gentoo.org/glsa/glsa-200802-11.xml
SECTRACK http://www.securitytracker.com/id?1018472
SREASON http://securityreason.com/securityalert/2960
VUPEN http://www.vupen.com/english/advisories/2007/2701

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
DateInformations
2018-10-16 00:19:11
  • Multiple Updates
2016-06-28 16:47:42
  • Multiple Updates
2016-04-26 16:26:19
  • Multiple Updates
2014-02-17 10:41:10
  • Multiple Updates
2013-05-11 10:33:09
  • Multiple Updates