Vulnerability Description
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Asterisk | Asterisk | <= 1.4.9 |
| Asterisk | Asterisk Appliance Developer Kit | <= 0.6.0 |
| Asterisk | Asterisknow | <= beta_6 |
| Asterisk | S800I | <= 1.0.2 |
References
- http://downloads.digium.com/pub/asa/ASA-2007-019.pdfPatch
- http://secunia.com/advisories/26340PatchVendor Advisory
- http://www.securityfocus.com/bid/25228Patch
- http://www.securitytracker.com/id?1018536
- http://www.vupen.com/english/advisories/2007/2808
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35870
- http://downloads.digium.com/pub/asa/ASA-2007-019.pdfPatch
- http://secunia.com/advisories/26340PatchVendor Advisory
- http://www.securityfocus.com/bid/25228Patch
- http://www.securitytracker.com/id?1018536
- http://www.vupen.com/english/advisories/2007/2808
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35870
FAQ
What is CVE-2007-4280?
CVE-2007-4280 is a vulnerability with a CVSS score of 3.5 (LOW). The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authentica...
How severe is CVE-2007-4280?
CVE-2007-4280 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4280?
Check the references section above for vendor advisories and patch information. Affected products include: Asterisk Asterisk, Asterisk Asterisk Appliance Developer Kit, Asterisk Asterisknow, Asterisk S800I.