Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2006-2898

Опубликовано: 07 июн. 2006
Источник: ubuntu
Приоритет: medium
CVSS2: 7.5

Описание

The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.

РелизСтатусПримечание
dapper

released

1.2.7.1.dfsg-2ubuntu3.4
devel

released

1.4.11~dfsg-1
edgy

released

1.2.12.1.dfsg-1ubuntu1.4
feisty

released

1.2.16~dfsg-1ubuntu3.1
gutsy

released

1.4.11~dfsg-1
hardy

released

1.4.11~dfsg-1
intrepid

released

1.4.11~dfsg-1
jaunty

released

1.4.11~dfsg-1
karmic

released

1.4.11~dfsg-1
upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

ignored

end of life
devel

DNE

edgy

released

1.2.8.dfsg-1
feisty

released

1.2.8.dfsg-1
gutsy

released

1.2.8.dfsg-1
hardy

released

1.2.8.dfsg-1
intrepid

released

1.2.8.dfsg-1
jaunty

released

1.2.8.dfsg-1
karmic

released

1.2.8.dfsg-1
upstream

needs-triage

Показывать по

Ссылки на источники

7.5 High

CVSS2

Связанные уязвимости

nvd логотип

CVE-2006-2898

nvd
около 19 лет назад

The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.

debian логотип

CVE-2006-2898

debian
около 19 лет назад

The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 an ...

github логотип

GHSA-4f9c-vvfw-m8rr

github
больше 3 лет назад

The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.

7.5 High

CVSS2