exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files from Kevin Harwell

Email addresskharwell at digium.com
First Active2014-06-13
Last Active2022-03-07
Asterisk Project Security Advisory - AST-2022-006
Posted Mar 7, 2022
Authored by Kevin Harwell, Sauw Ming | Site asterisk.org

If an incoming SIP message contains a malformed multi-part body an out-of-bounds read access may occur, which can result in undefined behavior. Note, it is currently uncertain if there is any externally exploitable vector within Asterisk for this issue, but they are providing this as a security issue out of caution.

tags | advisory
advisories | CVE-2022-21723
SHA-256 | 97b8999a7c776bc25667d248af8128d9089bb735a74f21b5e8602a90fb5d57dc
Asterisk Project Security Advisory - AST-2022-005
Posted Mar 7, 2022
Authored by Kevin Harwell, Sauw Ming | Site asterisk.org

When acting as a UAC, and when placing an outgoing call to a target that then forks, Asterisk may experience undefined behavior after a dialog set is prematurely freed.

tags | advisory
advisories | CVE-2022-23608
SHA-256 | caf0098653c4aa078aff32dd6a697ddb405273dec27531e5365356d26193b7fe
Asterisk Project Security Advisory - AST-2022-004
Posted Mar 7, 2022
Authored by Kevin Harwell, Sauw Ming | Site asterisk.org

The header length on incoming STUN messages that contain an ERROR-CODE attribute is not properly checked. This can result in an integer underflow. Note, this requires ICE or WebRTC support to be in use with a malicious remote party.

tags | advisory, remote
advisories | CVE-2021-37706
SHA-256 | b4d958ee6e32f6f622c4ae3b0cd99a1c00dcde4578e8d8eca299633634cfec4c
Asterisk Project Security Advisory - AST-2021-009
Posted Jul 22, 2021
Authored by Kevin Harwell, Andrew Yager | Site asterisk.org

Depending on the timing, it is possible for Asterisk to crash when using a TLS connection if the underlying socket parent/listener gets destroyed during the handshake.

tags | advisory
advisories | CVE-2021-32686
SHA-256 | f908e37fa6bf92ff245d1f52190b304b3ef6738cc22397a7a0ad4665b63b3f39
Asterisk Project Security Advisory - AST-2021-008
Posted Jul 22, 2021
Authored by Kevin Harwell, Michael Welk | Site asterisk.org

If the IAX2 channel driver receives a packet that contains an unsupported media format it can cause a crash to occur in Asterisk.

tags | advisory
advisories | CVE-2021-32558
SHA-256 | 4b4013dde28ebd85bf26ab9c3fd8cf604c2de2c7aacef317b575436966ddf0a0
Asterisk Project Security Advisory - AST-2021-002
Posted Feb 19, 2021
Authored by Kevin Harwell, Gregory Massel | Site asterisk.org

When re-negotiating for T.38 if the initial remote response was delayed just enough Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream then Asterisk would crash.

tags | advisory, remote
advisories | CVE-2021-26717
SHA-256 | 2a9795115e2a46d96ffa9cb29f66fab90c91d64bdafcfd927d79e02c48f5c8b5
Asterisk Project Security Advisory - AST-2020-004
Posted Dec 23, 2020
Authored by Kevin Harwell, Mikhail Ivanov | Site asterisk.org

Asterisk Project Security Advisory - A crash can occur in Asterisk when a SIP 181 response is received that has a Diversion header, which contains a tel-uri.

tags | advisory
SHA-256 | a26dc337f57530d82d427354073f347e972800a041eeb38f8141eeefd479f86b
Asterisk Project Security Advisory - AST-2020-003
Posted Dec 23, 2020
Authored by Kevin Harwell, Torrey Searle | Site asterisk.org

Asterisk Project Security Advisory - A crash can occur in Asterisk when a SIP message is received that has a History-Info header, which contains a tel-uri. Note, the remote client must be authenticated, or Asterisk must be configured for anonymous calling in order for this problem to manifest.

tags | advisory, remote
SHA-256 | 48af91212546e76d006116dba7b12815d843a845495623b78255f9379d3b2484
Asterisk Project Security Advisory - AST-2020-001
Posted Nov 6, 2020
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending upon some off nominal circumstances, and timing it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects were de-referenced, or accessed next by the initial creation thread.

tags | advisory
SHA-256 | 0ffdabc3873921af089a27d73efac1246b61b827d0d4706a0053ec41b4494fd6
Asterisk Project Security Advisory - AST-2018-003
Posted Feb 23, 2018
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to check if fmtp value is empty (set empty if previously parsed as invalid). The severity of this vulnerability is lessened since an endpoint must be authenticated prior to reaching the crash point, or it's configured with no authentication.

tags | advisory
SHA-256 | 9b8ed54f40c2eeeb8b0438fcc1f181112a56783842de914688edfeee94da5652
Asterisk Project Security Advisory - AST-2018-002
Posted Feb 21, 2018
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. The severity of this vulnerability is lessened since an endpoint must be authenticated prior to reaching the crash point, or it's configured with no authentication.

tags | advisory
SHA-256 | 891c0434dd5c6146ed9c01205891569b4cbbd6cb0ddddb9c96165c020a8fe6ab
Asterisk Project Security Advisory - AST-2017-014
Posted Dec 23, 2017
Authored by Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and using the PJSIP channel driver, it would cause Asterisk to crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled a user would have to first be authorized before reaching the crash point.

tags | advisory
SHA-256 | ed053308e894898a480e92d5016c992527cc685883fe08d5de10e9577ba6d611
Asterisk Project Security Advisory - AST-2017-011
Posted Nov 8, 2017
Authored by Kevin Harwell, Corey Farrell | Site asterisk.org

Asterisk Project Security Advisory - A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed.

tags | advisory, memory leak
SHA-256 | ef9c2364c68055df7468805ee829f6e50bad41d1db4ebba8c6ed3c73a1f0c1ac
Asterisk Project Security Advisory - AST-2017-001
Posted Apr 6, 2017
Authored by Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - No size checking is done when setting the user field on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. This allows the possibility of remote code injection.

tags | advisory, remote
SHA-256 | 4f394dc143a808e8b1929549291dac026ba69e8dc9fd92c43b3dff47220e1290
Asterisk Project Security Advisory - AST-2014-018
Posted Nov 21, 2014
Authored by Kevin Harwell, Gareth Palmer | Site asterisk.org

Asterisk Project Security Advisory - The DB dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation.

tags | advisory, protocol
SHA-256 | 5f6de459bd80960c973e40d53339c46b02b67d9db5559130f299530051f16340
Asterisk Project Security Advisory - AST-2014-017
Posted Nov 21, 2014
Authored by Kevin Harwell, Gareth Palmer | Site asterisk.org

Asterisk Project Security Advisory - The CONFBRIDGE dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation. Also, the AMI action "ConfbridgeStartRecord" could also be used to execute arbitrary system commands without first checking for system access.

tags | advisory, arbitrary, protocol
SHA-256 | eebc8eabd10dc9e3b8bc9523e239a9374c0d69bf823e68db757ae0b2b1368d33
Asterisk Project Security Advisory - AST-2014-005
Posted Jun 13, 2014
Authored by John Bigelow, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the PJSIP channel driver's pub/sub framework. If an attempt is made to unsubscribe when not currently subscribed and the endpoint's "sub_min_expiry" is set to zero, Asterisk tries to create an expiration timer with zero seconds, which is not allowed, so an assertion raised.

tags | advisory
advisories | CVE-2014-4045
SHA-256 | 6b85765fc735a00c686484dac76731431461bf16a925d2e52ab0d28b8d4331fe
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close