Asterisk Project Security Advisory - The IAX2 protocol uses a call number to associate messages with the call that they belong to. However, the protocol defines the call number field in messages as a fixed size 15 bit field. So, if all call numbers are in use, no additional sessions can be handled. A call number gets created at the start of an IAX2 message exchange. So, an attacker can send a large number of messages and consume the call number space. The attack is also possible using spoofed source IP addresses as no handshake is required before a call number is assigned.
b9b863efb0b85644076d3c974b98ce74f39e463464e8e6c41b443200a78dd088Asterisk Project Security Advisory - Multiple buffer overflows were discovered due to the use of sprintf in Asterisk's IMAP-specific voicemail code.
5e6beed403d366c145b69ef187cb6e89c970ef02a7ab577a2744fdfb90213dccAsterisk Project Security Advisory - Asterisk suffers from a resource exhaustion vulnerability in the SIP channel driver.
9f1bbe7d514f8f84edf352d9addf36a922ec1472cdf8c0f4f013f1fc70f7480fAsterisk Project Security Advisory - The IAX2 channel driver in Asterisk is vulnerable to a denial of service attack when configured to allow unauthenticated calls.
a0b5106b8836479565cb2062ecc245c6c9ec7e134d97b1a2dc470e13cb1d6bc4Asterisk Project Security Advisory - The Asterisk IAX2 channel driver, chan_iax2, has a remotely exploitable crash vulnerability. A NULL pointer exception can occur when Asterisk receives a LAGRQ or LAGRP frame that is part of a valid session and includes information elements. The session used to exploit this issue does not have to be authenticated. It can simply be a NEW packet sent with an invalid username. The code that parses the incoming frame correctly parses the information elements of IAX frames. It then sets a pointer to NULL to indicate that there is not a raw data payload associated with this frame. However, it does not set the variable that indicates the number of bytes in the raw payload back to zero. Since the raw data length is non-zero, the code handling LAGRQ and LAGRP frames tries to copy data from a NULL pointer, causing a crash.
82005035f0af5942ecb9961ae6e9407bfeadba79e2de888767b6b9905cdf838fAsterisk Project Security Advisory - The Asterisk IAX2 channel driver, chan_iax2, has a remotely exploitable stack buffer overflow vulnerability. It occurs when chan_iax2 is passed a voice or video frame with a data payload larger than 4 kB. This is exploitable by sending a very large RTP frame to an active RTP port number used by Asterisk when the other end of the call is an IAX2 channel. Exploiting this issue can cause a crash or allow arbitrary code execution on a remote machine.
e4dc71a2fe12119c9e203636d801c336673cd5417bd25d738fda712d34d52222
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed