Launchpad.net

CVE 2007-1561

The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.

Related bugs and status

CVE-2007-1561 (Candidate) is related to these bugs:

Bug #94792: Asterisk 1.2.17 fixes SIP DoS vulnerability

		In	Importance	Status
94792	Asterisk 1.2.17 fixes SIP DoS vulnerability	asterisk (Ubuntu)	High	Fix Released
94792	Asterisk 1.2.17 fixes SIP DoS vulnerability	asterisk (Ubuntu Breezy)	Wishlist	Invalid
94792	Asterisk 1.2.17 fixes SIP DoS vulnerability	asterisk (Ubuntu Dapper)	High	Fix Released
94792	Asterisk 1.2.17 fixes SIP DoS vulnerability	asterisk (Ubuntu Edgy)	High	Fix Released
94792	Asterisk 1.2.17 fixes SIP DoS vulnerability	asterisk (Ubuntu Feisty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 23031
SECTRACK: 1017794
MLIST: [VOIPSEC] 20070319 Ast...
CONFIRM: http://asterisk.org/no...
CONFIRM: http://www.sineapps.co...
GENTOO: GLSA-200704-01
SECUNIA: 24719
OSVDB: 34479
SUSE: SUSE-SA:2007:034
SECUNIA: 25582
SECUNIA: 24564
DEBIAN: DSA-1358
VUPEN: ADV-2007-1039
FULLDISC: 20070319 Asterisk SDP ...
XF: asterisk-sip-invite-do...
BUGTRAQ: 20070321 Two new DoS V...