Asterisk IAX2 Text Frame Information Disclosure Vulnerability
BID:23824
Info
Asterisk IAX2 Text Frame Information Disclosure Vulnerability
| Bugtraq ID: | 23824 |
| Class: | Design Error |
| CVE: |
CVE-2007-2488 |
| Remote: | Yes |
| Local: | No |
| Published: | May 04 2007 12:00AM |
| Updated: | Aug 28 2007 11:02PM |
| Credit: | Tim Panton is credited with the discovery of this vulnerability |
| Vulnerable: |
SuSE Linux 10.1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Asterisk AsteriskNow Beta 5 Asterisk Asterisk 1.4.3 Asterisk Asterisk 1.4.2 Asterisk Asterisk 1.4.1 Asterisk Asterisk 1.2.18 Asterisk Asterisk 1.2.17 Asterisk Asterisk 1.2.16 Asterisk Asterisk 1.2.15 Asterisk Asterisk 1.2.14 Asterisk Asterisk 1.2.13 Asterisk Asterisk 1.2.11 Asterisk Asterisk 1.2.11 Asterisk Asterisk 1.2.10 Asterisk Asterisk 1.2.9 Asterisk Asterisk 1.2.8 Asterisk Asterisk 1.2.7 Asterisk Asterisk 1.2.6 Asterisk Asterisk 1.2.5 Asterisk Asterisk 1.2 .0-beta2 Asterisk Asterisk 1.2 .0-beta1 Asterisk Asterisk 1.0.12 Asterisk Asterisk 1.0.11 Asterisk Asterisk 1.0.10 Asterisk Asterisk 1.0.9 Asterisk Asterisk 1.0.8 Asterisk Asterisk 1.0.7 Asterisk Asterisk 1.0.6 Asterisk Asterisk 1.0 Asterisk Asterisk 0.9 .0 Asterisk Asterisk 0.7.2 Asterisk Asterisk 0.7.1 Asterisk Asterisk 0.7 .0 Asterisk Asterisk 0.4 Asterisk Asterisk 0.3 Asterisk Asterisk 0.2 Asterisk Asterisk 0.1.11 Asterisk Asterisk 0.1.9 -1 Asterisk Asterisk 0.1.9 Asterisk Asterisk 0.1.8 Asterisk Asterisk 0.1.7 Asterisk Asterisk 1.4 Beta |
| Not Vulnerable: |
Asterisk AsteriskNow Beta 6 Asterisk Asterisk 1.4.4 Asterisk Asterisk 1.2.19 Asterisk Asterisk 0.4.1 Asterisk Asterisk B.2.1 |
Discussion
Asterisk IAX2 Text Frame Information Disclosure Vulnerability
Asterisk is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to access sensitive information that may lead to further attacks. This issue may also result in a segmentation fault.
Asterisk is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to access sensitive information that may lead to further attacks. This issue may also result in a segmentation fault.
Exploit / POC
Asterisk IAX2 Text Frame Information Disclosure Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Asterisk IAX2 Text Frame Information Disclosure Vulnerability
Solution:
The vendor released updates to address this issue. Please see the references for more information.
Solution:
The vendor released updates to address this issue. Please see the references for more information.
References
Asterisk IAX2 Text Frame Information Disclosure Vulnerability
References:
References: