CVE-2007-4103

Publication date 31 July 2007

Last updated 17 July 2025

Ubuntu priority

Cvss 3 Severity Score

Description

The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
asterisk	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

Notes

fujitsu

Only 1.2.20, 1.2.21, 1.2.21.1 and 1.2.22 are affected.

Severity score breakdown

Parameter	Value
Base score	7.5 · High
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Other references

https://www.cve.org/CVERecord?id=CVE-2007-4103