CVE-2007-2293
published 2007-04-26CVE-2007-2293: Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote…
PriorityP354high7.6CVSS 2.0
AVNACHAuNCCICAC
EXPLOIT
EPSS
23.88%
97.5th percentile
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asterisk | asterisk | — | — |
| asterisk | asterisk | — | — |
| asterisk | asterisk | — | — |
| asterisk | asterisk | >= 0 < 1:1.4.3~dfsg-1 | 1:1.4.3~dfsg-1 |
| debian | asterisk | < asterisk 1:1.4.3~dfsg-1 (bullseye) | asterisk 1:1.4.3~dfsg-1 (bullseye) |
CVSS provenance
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_debian7.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hrm2-xm5m-6mfh: Multiple stack-based buffer overflows in the process_sdp function in chan_sip
ghsa_unreviewed·2022-05-01
CVE-2007-2293 [HIGH] GHSA-hrm2-xm5m-6mfh: Multiple stack-based buffer overflows in the process_sdp function in chan_sip
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.
OSV
CVE-2007-2293: Multiple stack-based buffer overflows in the process_sdp function in chan_sip
osv·2007-04-26·CVSS 7.6
CVE-2007-2293 [HIGH] CVE-2007-2293: Multiple stack-based buffer overflows in the process_sdp function in chan_sip
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.
Debian
CVE-2007-2293: asterisk - Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c ...
vendor_debian·2007·CVSS 7.6
CVE-2007-2293 [HIGH] CVE-2007-2293: asterisk - Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c ...
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.
Scope: local
bullseye: resolved (fixed in 1:1.4.3~dfsg-1)
sid: resolved (fixed in 1:1.4.3~dfsg-1)
No detection rules found.
Exploit-DB
Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (2)
exploitdb·2007-03-21
CVE-2007-2293 Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (2)
Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (2)
---
source: https://www.securityfocus.com/bid/23648/info
Asterisk is prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.
Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause denial-of-service conditions.
Versions prior to Asterisk Open Source 1.4.3, AsteriskNOW Beta 6, and Asterisk Appliance Developer Kit 0.4.0 are vulnerable.
NOTE: These issues occur only when 't38 fax over SIP' is enabled in 'sip.conf'.
INVITE sip:[email protected] SIP/2.0
Date: Wed, 21 Mar 2007 4:20:09 GMT
CSeq: 1 INVITE
Via: SIP/2
Exploit-DB
Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (1)
exploitdb·2007-03-21
CVE-2007-2293 Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (1)
Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow (PoC) (1)
---
source: https://www.securityfocus.com/bid/23648/info
Asterisk is prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.
Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause denial-of-service conditions.
Versions prior to Asterisk Open Source 1.4.3, AsteriskNOW Beta 6, and Asterisk Appliance Developer Kit 0.4.0 are vulnerable.
NOTE: These issues occur only when 't38 fax over SIP' is enabled in 'sip.conf'.
INVITE sip:[email protected] SIP/2.0
Date: Wed, 21 Mar 2007 4:20:09 GMT
CSeq: 1 INVITE
Via: SIP/2
No writeups or analysis indexed.
http://secunia.com/advisories/24977http://securityreason.com/securityalert/2645http://www.asterisk.org/files/ASA-2007-010.pdfhttp://www.osvdb.org/35368http://www.securityfocus.com/archive/1/466883/100/0/threadedhttp://www.securityfocus.com/archive/1/472804/100/0/threadedhttp://www.securityfocus.com/bid/23648http://www.securitytracker.com/id?1017951http://www.securitytracker.com/id?1018337http://www.vupen.com/english/advisories/2007/1534https://exchange.xforce.ibmcloud.com/vulnerabilities/33895http://secunia.com/advisories/24977http://securityreason.com/securityalert/2645http://www.asterisk.org/files/ASA-2007-010.pdfhttp://www.osvdb.org/35368http://www.securityfocus.com/archive/1/466883/100/0/threadedhttp://www.securityfocus.com/archive/1/472804/100/0/threadedhttp://www.securityfocus.com/bid/23648http://www.securitytracker.com/id?1017951http://www.securitytracker.com/id?1018337http://www.vupen.com/english/advisories/2007/1534https://exchange.xforce.ibmcloud.com/vulnerabilities/33895
2007-04-26
Published