what you don't know can hurt you
Showing 1 - 12 of 12 RSS Feed

Files from Kevin Harwell

Email addresskharwell at digium.com
First Active2014-06-13
Last Active2021-02-19
Asterisk Project Security Advisory - AST-2021-002
Posted Feb 19, 2021
Authored by Kevin Harwell, Gregory Massel | Site asterisk.org

When re-negotiating for T.38 if the initial remote response was delayed just enough Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream then Asterisk would crash.

tags | advisory, remote
advisories | CVE-2021-26717
MD5 | 393c91771be975cf6c93cae48baaac28
Asterisk Project Security Advisory - AST-2020-004
Posted Dec 23, 2020
Authored by Kevin Harwell, Mikhail Ivanov | Site asterisk.org

Asterisk Project Security Advisory - A crash can occur in Asterisk when a SIP 181 response is received that has a Diversion header, which contains a tel-uri.

tags | advisory
MD5 | 0b17669792f94478ab39dea3f00ba745
Asterisk Project Security Advisory - AST-2020-003
Posted Dec 23, 2020
Authored by Kevin Harwell, Torrey Searle | Site asterisk.org

Asterisk Project Security Advisory - A crash can occur in Asterisk when a SIP message is received that has a History-Info header, which contains a tel-uri. Note, the remote client must be authenticated, or Asterisk must be configured for anonymous calling in order for this problem to manifest.

tags | advisory, remote
MD5 | 867a17b7983791085f3cbf5b7f504239
Asterisk Project Security Advisory - AST-2020-001
Posted Nov 6, 2020
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending upon some off nominal circumstances, and timing it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects were de-referenced, or accessed next by the initial creation thread.

tags | advisory
MD5 | 517d938072991f01f5558229c6259077
Asterisk Project Security Advisory - AST-2018-003
Posted Feb 23, 2018
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to check if fmtp value is empty (set empty if previously parsed as invalid). The severity of this vulnerability is lessened since an endpoint must be authenticated prior to reaching the crash point, or it's configured with no authentication.

tags | advisory
MD5 | 73cf5406ac133164b0fdab2716de6feb
Asterisk Project Security Advisory - AST-2018-002
Posted Feb 21, 2018
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. The severity of this vulnerability is lessened since an endpoint must be authenticated prior to reaching the crash point, or it's configured with no authentication.

tags | advisory
MD5 | 6b23e91da16ff09e58f7e2691ced6883
Asterisk Project Security Advisory - AST-2017-014
Posted Dec 23, 2017
Authored by Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and using the PJSIP channel driver, it would cause Asterisk to crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled a user would have to first be authorized before reaching the crash point.

tags | advisory
MD5 | bbce50ebf2f3a0684b4f2df1c6254db1
Asterisk Project Security Advisory - AST-2017-011
Posted Nov 8, 2017
Authored by Kevin Harwell, Corey Farrell | Site asterisk.org

Asterisk Project Security Advisory - A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed.

tags | advisory, memory leak
MD5 | 31ccd7ef2019e7e8198027889428d92f
Asterisk Project Security Advisory - AST-2017-001
Posted Apr 6, 2017
Authored by Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - No size checking is done when setting the user field on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. This allows the possibility of remote code injection.

tags | advisory, remote
MD5 | 846effee380705e0cfaa9ddc9c3ff479
Asterisk Project Security Advisory - AST-2014-018
Posted Nov 21, 2014
Authored by Kevin Harwell, Gareth Palmer | Site asterisk.org

Asterisk Project Security Advisory - The DB dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation.

tags | advisory, protocol
MD5 | 5f3ebc9cf9f2fb17c6c2dc4f44aba39e
Asterisk Project Security Advisory - AST-2014-017
Posted Nov 21, 2014
Authored by Kevin Harwell, Gareth Palmer | Site asterisk.org

Asterisk Project Security Advisory - The CONFBRIDGE dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation. Also, the AMI action "ConfbridgeStartRecord" could also be used to execute arbitrary system commands without first checking for system access.

tags | advisory, arbitrary, protocol
MD5 | 6d75a797b464251b1e32034bc2191a06
Asterisk Project Security Advisory - AST-2014-005
Posted Jun 13, 2014
Authored by John Bigelow, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the PJSIP channel driver's pub/sub framework. If an attempt is made to unsubscribe when not currently subscribed and the endpoint's "sub_min_expiry" is set to zero, Asterisk tries to create an expiration timer with zero seconds, which is not allowed, so an assertion raised.

tags | advisory
advisories | CVE-2014-4045
MD5 | 7918265ad799a0a1292fa023cd1e3c3b
Page 1 of 1
Back1Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close