what you don't know can hurt you
Showing 1 - 20 of 20 RSS Feed

Files from Mark Michelson

Email addressmmichelson at digium.com
First Active2007-08-25
Last Active2017-05-20
Asterisk Project Security Advisory - AST-2017-003
Posted May 20, 2017
Authored by Sandro Gauci, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - The multi-part body parser in PJSIP contains a logical error that can make certain multi-part body parts attempt to read memory from outside the allowed boundaries. A specially-crafted packet can trigger these invalid reads and potentially induce a crash.

tags | advisory
MD5 | 5d5f432509eeeda7e91ab03884de7373
Asterisk Project Security Advisory - AST-2017-002
Posted May 20, 2017
Authored by Sandro Gauci, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By overrunning the buffer, the memory allocation table becomes corrupted, leading to an eventual crash.

tags | advisory, remote, overflow
MD5 | 240c6d5fde628507bc1d2076fe921b45
Asterisk Project Security Advisory - AST-2016-009
Posted Dec 8, 2016
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace.

tags | advisory
MD5 | 3eff38af2829992765d75d647b6b0698
Asterisk Project Security Advisory - AST-2016-006
Posted Sep 9, 2016
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Asterisk can be crashed remotely by sending an ACK to it from an endpoint username that Asterisk does not recognize. Most SIP request types result in an "artificial" endpoint being looked up, but ACKs bypass this lookup. The resulting NULL pointer results in a crash when attempting to determine if ACLs should be applied. This issue was introduced in the Asterisk 13.10 release and only affects that release.

tags | advisory
MD5 | 26c0c8d748f1c9752e605ab3456a75b8
Asterisk Project Security Advisory - AST-2016-005
Posted Apr 14, 2016
Authored by Mark Michelson, George Joseph | Site asterisk.org

Asterisk Project Security Advisory - PJProject has a limit on the number of TCP connections that it can accept. Furthermore, PJProject does not close TCP connections it accepts. By default, this value is approximately 60. An attacker can deplete the number of allowed TCP connections by opening TCP connections and sending no data to Asterisk. If PJProject has been compiled in debug mode, then once the number of allowed TCP connections has been depleted, the next attempted TCP connection to Asterisk will crash due to an assertion in PJProject. If PJProject has not been compiled in debug mode, then any further TCP connection attempts will be rejected. This makes Asterisk unable to process TCP SIP traffic. Note that this only affects TCP/TLS, since UDP is connectionless. Also note that this does not affect chan_sip.

tags | advisory, udp, tcp
MD5 | 026e4e632f5b124c8f698629af722616
Asterisk Project Security Advisory - AST-2016-004
Posted Apr 14, 2016
Authored by Mark Michelson, George Joseph | Site asterisk.org

Asterisk Project Security Advisory - Asterisk may crash when processing an incoming REGISTER request if that REGISTER contains a Contact header with a lengthy URI. This crash will only happen for requests that pass authentication. Unauthenticated REGISTER requests will not result in a crash occurring. This vulnerability only affects Asterisk when using PJSIP as its SIP stack. The chan_sip module does not have this problem.

tags | advisory
MD5 | e359007a7da13be531dbe7c2837f3a46
Asterisk Project Security Advisory - AST-2015-002
Posted Jan 29, 2015
Authored by Mark Michelson, Olle Johansson | Site asterisk.org

Asterisk Project Security Advisory - CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL() dialplan function), as well as its res_config_curl.so (cURL realtime backend) modules. Since Asterisk may be configured to allow for user-supplied URLs to be passed to libcURL, it is possible that an attacker could use Asterisk as an attack vector to inject unauthorized HTTP requests if the version of libcURL installed on the Asterisk server is affected by CVE-2014-8150.

tags | advisory, web
advisories | CVE-2014-8150
MD5 | 40713dbc27a6fb8e51bb53765591ef4e
Asterisk Project Security Advisory - AST-2015-001
Posted Jan 29, 2015
Authored by Mark Michelson, Y Ateya | Site asterisk.org

Asterisk Project Security Advisory - Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP ports that are allocated in the process are not reclaimed. This issue only affects the PJSIP channel driver in Asterisk. Users of the chan_sip channel driver are not affected. As the resources are allocated after authentication, this issue only affects communications with authenticated endpoints.

tags | advisory
MD5 | b700c0e717e1ace4e886b2f4400800f0
Asterisk Project Security Advisory - AST-2014-009
Posted Sep 18, 2014
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - It is possible to trigger a crash in Asterisk by sending a SIP SUBSCRIBE request with unexpected mixes of headers for a given event package. The crash occurs because Asterisk allocates data of one type at one layer and then interprets the data as a separate type at a different layer. The crash requires that the SUBSCRIBE be sent from a configured endpoint, and the SUBSCRIBE must pass any authentication that has been configured. Note that this crash is Asterisk's PJSIP-based res_pjsip_pubsub module and not in the old chan_sip module.

tags | advisory
MD5 | 7ce4cdb7ad305b8527772e29666abf3a
Asterisk Project Security Advisory - AST-2014-008
Posted Jun 13, 2014
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - When a SIP transaction timeout caused a subscription to be terminated, the action taken by Asterisk was guaranteed to deadlock the thread on which SIP requests are serviced. Note that this behavior could only happen on established subscriptions, meaning that this could only be exploited if an attacker bypassed authentication and successfully subscribed to a real resource on the Asterisk server.

tags | advisory
advisories | CVE-2014-4048
MD5 | e7f4e447ff2973429204f7f14511596c
Asterisk Project Security Advisory - AST-2014-004
Posted Mar 11, 2014
Authored by Mark Michelson, Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the PJSIP channel driver's handling of SUBSCRIBE requests. If a SUBSCRIBE request is received for the presence Event, and that request has no Accept headers, Asterisk will attempt to access an invalid pointer to the header location. Note that this issue was fixed during a re-architecture of the res_pjsip_pubsub module in Asterisk 12.1.0. As such, this issue has already been resolved in a released version of Asterisk. This notification is being released for users of Asterisk 12.0.0.

tags | advisory
advisories | CVE-2014-2289
MD5 | f9984c9c3245f1133638fada061a2940
Asterisk Project Security Advisory - AST-2013-002
Posted Mar 28, 2013
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - AST-2012-014, fixed in January of this year, contained a fix for Asterisk's HTTP server since it was susceptible to a remotely-triggered crash. The fix put in place fixed the possibility for the crash to be triggered, but a possible denial of service still exists if an attacker sends one or more HTTP POST requests with very large Content-Length values.

tags | advisory, web, denial of service
advisories | CVE-2013-2686
MD5 | ae7f44d97919b080bfab8ac0fefe27d5
Asterisk Project Security Advisory - AST-2012-014
Posted Jan 3, 2013
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Asterisk has several places where messages received over various network transports may be copied in a single stack allocation. In the case of TCP, since multiple packets in a stream may be concatenated together, this can lead to large allocations that overflow the stack. In the case of SIP, it is possible to do this before a session is established. Keep in mind that SIP over UDP is not affected by this vulnerability. With HTTP and XMPP, a session must first be established before the vulnerability may be exploited. The XMPP vulnerability exists both in the res_jabber.so module in Asterisk 1.8, 10, and 11 as well as the res_xmpp.so module in Asterisk 11.

tags | advisory, web, overflow, udp, tcp
advisories | CVE-2012-5976
MD5 | 68dd819158d6e063193df6cbe87aeadb
Asterisk Project Security Advisory - AST-2010-003
Posted Feb 26, 2010
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Host access rules using permit= and deny= configurations behave unpredictably if the CIDR notation /0 is used. Depending on the system's behavior, this may act as desired, but in other cases it might not, thereby allowing access from hosts that should be denied.

tags | advisory
MD5 | 96b5d56898cb42ff746d93184ad1b2cd
Asterisk Project Security Advisory 2009-004
Posted Aug 6, 2009
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - An attacker can cause Asterisk to crash remotely by sending malformed RTP text frames. While the attacker can cause Asterisk to crash, he cannot execute arbitrary remote code with this exploit.

tags | advisory, remote, arbitrary
MD5 | 01dbbb6d626e8bb48f5d6eb853040a82
Asterisk Project Security Advisory - AST-2008-012
Posted Dec 12, 2008
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - There is a possibility to remotely crash an Asterisk server if the server is configured to use realtime IAX2 users. The issue occurs if either an unknown user attempts to authenticate or if a user that uses hostname matching attempts to authenticate.

tags | advisory
MD5 | c8867af76416fe3ee34bee920d4c8ec2
AST-2008-007.txt
Posted May 22, 2008
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Asterisk installations using cryptographic keys generated by Debian-based systems may be using a vulnerable implementation of OpenSSL.

tags | advisory
systems | linux, debian
advisories | CVE-2008-0166
MD5 | b24f77b75cf9e5ce1ac37b7e1a6eb6e4
AST-2007-024.txt
Posted Nov 8, 2007
Authored by Michal Bucko, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - This advisory is a response to a false security vulnerability published in several places on the Internet. Had Asterisk's developers been notified prior to its publication, there would be no need for this. There is a potential for a buffer overflow in the sethdlc application; however, running this application requires root access to the server, which means that exploiting this vulnerability gains the attacker no more advantage than what he already has. As such, this is a bug, not a security vulnerability.

tags | advisory, overflow, root
advisories | CVE-2007-5690
MD5 | 4e70e810f66fe1da827e00a4ea82b022
AST-2007-022.txt
Posted Oct 11, 2007
Authored by Russell Bryant, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Multiple buffer overflows were discovered due to the use of sprintf in Asterisk's IMAP-specific voicemail code.

tags | advisory, overflow, imap
MD5 | dbf2beb4f3b1674e28ae247e6dcc91f6
AST-2007-021.txt
Posted Aug 25, 2007
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Asterisk suffers from a crash vulnerability when passed invalid MIME bodies when using voicemail with IMAP storage.

tags | advisory, imap
advisories | CVE-2007-4521
MD5 | 93014d535c4f78e94d23d6c9ee447326
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close