Asterisk Project Security Advisory - A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed.
ef9c2364c68055df7468805ee829f6e50bad41d1db4ebba8c6ed3c73a1f0c1acAsterisk Project Security Advisory - The app_minivm module has an externnotify program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.
f609d7792da894fb6c1fb0ade8daec8f16def1711e4528d9c0115ae784979027Asterisk Project Security Advisory - Manager users can execute arbitrary shell commands with the MixMonitor manager action. Asterisk does not require system class authorization for a manager user to use the MixMonitor action, so any manager user who is permitted to use manager commands can potentially execute shell commands as the user executing the Asterisk process.
930cf84fa176bf5c4db20b34cce8c5d33a35ed70742265a86ef2b9f3ab699974
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed