CVE-2007-2293
Asterisk - Stack-Based Buffer Overflow in SIP Channel T.38 SDP Parser
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2007-2293. PoCs published by Barrie Dempster.
AI-analyzed exploit summary This exploit leverages a stack-based buffer overflow in Asterisk's SIP implementation when 't38 fax over SIP' is enabled. The malicious SIP INVITE packet contains an overly long 'T38FaxUdpEC' attribute to trigger the vulnerability, potentially allowing remote code execution or denial-of-service.
Description
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.
Exploits (2)
This exploit leverages a stack-based buffer overflow in Asterisk's SIP implementation when 't38 fax over SIP' is enabled. The malicious SIP INVITE packet contains an overly long 'T38FaxUdpEC' attribute to trigger the vulnerability, potentially allowing remote code execution or denial-of-service.
This exploit targets a stack-based buffer overflow in Asterisk's SIP implementation when T.38 fax is enabled. The PoC sends a malformed SIP INVITE with an overly long T38FaxRateManagement field to trigger the vulnerability.