|
|
CVE Reference: CVE-2007-4103 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-4103 |
|
|
Description: The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released. |
|
|
CVE Status: Candidate |
|
|
References: ST 1018472 SREASON http://securityreason.com/securityalert/2960 SAID Secunia Advisory: SA26274 Secunia Advisory: SA29051 OSVDB 38197 GENTOO http://security.gentoo.org/glsa/glsa-200802-11.xml CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=185713 http://ftp.digium.com/pub/asa/ASA-2007-018.pdf BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/475069/100/0/threaded BID 24950 |
|
| Return to the previous page. |
