Lucene search

Ubuntu.comUB:CVE-2007-4103

HistoryJul 31, 2007 - 12:00 a.m.

CVE-2007-4103

2007-07-3100:00:00

ubuntu.com

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.241

Percentile

96.7%

JSON

The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23,
1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when
configured to allow unauthenticated calls, allows remote attackers to cause
a denial of service (resource exhaustion) via a flood of calls that do not
complete a 3-way handshake, which causes an ast_channel to be allocated but
not released.

Notes

Author	Note
fujitsu	Only 1.2.20, 1.2.21, 1.2.21.1 and 1.2.22 are affected.

References

launchpad.net/bugs/cve/CVE-2007-4103

nvd.nist.gov/vuln/detail/CVE-2007-4103

security-tracker.debian.org/tracker/CVE-2007-4103

www.cve.org/CVERecord?id=CVE-2007-4103

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.241

Percentile

96.7%

JSON

Related for UB:CVE-2007-4103