CVE-2007-1693

Sažetak

The SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using an incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header without a purpose parameter.

Reference

http://securityreason.com/securityalert/2716
http://voip.null.ro/cgi-bin/cvsweb.cgi/yate/modules/ysipchan.cpp
http://www.securityfocus.com/archive/1/467289/100/200/threaded
http://www.securityfocus.com/bid/23746

CVSS

Base:	7.8
Impact:	6.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

29-11-2018 - 15:46

Objavljeno

17-05-2007 - 20:30