Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4521

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4521
Last Modified 07 Mar 2011 09:58:42
Published 27 Aug 2007 09:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4521

Summary

Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail.

Vulnerable Systems

Application

  • Asterisk 1.4.10

  • Asterisk 1.4.11

  • Asterisk 1.4.5

  • Asterisk 1.4.6

  • Asterisk 1.4.7

  • Asterisk 1.4.8

  • Asterisk 1.4.9


References

VUPEN - ADV-2007-2978

SECTRACK - 1018606

BID - 25438

BUGTRAQ - 20070824 AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage

SECUNIA - 26602

SECUNIA - 26601

CONFIRM - http://downloads.digium.com/pub/asa/AST-2007-021.html

XF - asterisk-mime-body-dos(36261)

SREASON - 3065


Last Updated: 27 May 2016 10:45:53