Back to search
CVE-2007-2294
Published: Apr 26, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2007-1534
vdb-entry
x_refsource_VUPEN
1017955
vdb-entry
x_refsource_SECTRACK
SUSE-SA:2007:034
vendor-advisory
x_refsource_SUSE
35369
vdb-entry
x_refsource_OSVDB
2646
third-party-advisory
x_refsource_SREASON
25582
third-party-advisory
x_refsource_SECUNIA
asterisk-interface-dos(33886)
vdb-entry
x_refsource_XF
24977
third-party-advisory
x_refsource_SECUNIA
23649
vdb-entry
x_refsource_BID
DSA-1358
vendor-advisory
x_refsource_DEBIAN
20070425 ASA-2007-012: Remote Crash Vulnerability in Manager Interface
mailing-list
x_refsource_BUGTRAQ
http://www.asterisk.org/files/ASA-2007-012.pdf
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now