exploit the possibilities
Showing 1 - 6 of 6 RSS Feed

Files from Russell Bryant

Email addressrussell at digium.com
First Active2007-07-18
Last Active2009-09-04
Asterisk Project Security Advisory - AST-2009-006
Posted Sep 4, 2009
Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - The IAX2 protocol uses a call number to associate messages with the call that they belong to. However, the protocol defines the call number field in messages as a fixed size 15 bit field. So, if all call numbers are in use, no additional sessions can be handled. A call number gets created at the start of an IAX2 message exchange. So, an attacker can send a large number of messages and consume the call number space. The attack is also possible using spoofed source IP addresses as no handshake is required before a call number is assigned.

tags | advisory, spoof, protocol
advisories | CVE-2009-2346
MD5 | 0912cf05493bc73748727f4d8ca64471
AST-2007-022.txt
Posted Oct 11, 2007
Authored by Russell Bryant, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Multiple buffer overflows were discovered due to the use of sprintf in Asterisk's IMAP-specific voicemail code.

tags | advisory, overflow, imap
MD5 | dbf2beb4f3b1674e28ae247e6dcc91f6
AST-2007-020.txt
Posted Aug 22, 2007
Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - Asterisk suffers from a resource exhaustion vulnerability in the SIP channel driver.

tags | advisory
advisories | CVE-2007-4455
MD5 | c24cedea8b524fefe65082260d74444e
ASA-2007-018.txt
Posted Jul 31, 2007
Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - The IAX2 channel driver in Asterisk is vulnerable to a denial of service attack when configured to allow unauthenticated calls.

tags | advisory, denial of service
MD5 | f10161aaa11ac16f83b440be2b06f0c7
ASA-2007-015.txt
Posted Jul 18, 2007
Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk IAX2 channel driver, chan_iax2, has a remotely exploitable crash vulnerability. A NULL pointer exception can occur when Asterisk receives a LAGRQ or LAGRP frame that is part of a valid session and includes information elements. The session used to exploit this issue does not have to be authenticated. It can simply be a NEW packet sent with an invalid username. The code that parses the incoming frame correctly parses the information elements of IAX frames. It then sets a pointer to NULL to indicate that there is not a raw data payload associated with this frame. However, it does not set the variable that indicates the number of bytes in the raw payload back to zero. Since the raw data length is non-zero, the code handling LAGRQ and LAGRP frames tries to copy data from a NULL pointer, causing a crash.

tags | advisory
advisories | CVE-2007-3763
MD5 | 099b772e3a144709929f99b4de56abb1
ASA-2007-014.txt
Posted Jul 18, 2007
Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk IAX2 channel driver, chan_iax2, has a remotely exploitable stack buffer overflow vulnerability. It occurs when chan_iax2 is passed a voice or video frame with a data payload larger than 4 kB. This is exploitable by sending a very large RTP frame to an active RTP port number used by Asterisk when the other end of the call is an IAX2 channel. Exploiting this issue can cause a crash or allow arbitrary code execution on a remote machine.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2007-3762
MD5 | 174e0e345f1492e575b88202751de7ef
Page 1 of 1
Back1Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    1 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    21 Files
  • 27
    Jul 27th
    8 Files
  • 28
    Jul 28th
    9 Files
  • 29
    Jul 29th
    12 Files
  • 30
    Jul 30th
    9 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close