Asterisk Project Security Advisory - On certain implementations of libc, the scanf family of functions uses an unbounded amount of stack memory to repeatedly allocate string buffers prior to conversion to the target type. Coupled with Asterisk's allocation of thread stack sizes that are smaller than the default, an attacker may exhaust stack memory in the SIP stack network thread by presenting excessively long numeric strings in various fields.
b1dc46b65ba0899d179d5df802c216ac411cd9b7c37c701cd854541313c4d1e2Asterisk Project Security Advisory - The Asterisk maintainers have made it so that a scan for valid SIP usernames always returns with the same response.
ee9968f99acb80ce4acfeaba744f770db13f2fda8eef9ea61b86c99b6e3eaa8fAsterisk Project Security Advisory - IAX2 provides a different response during authentication when a user does not exist, as compared to when the password is merely wrong. This allows an attacker to scan a host to find specific users on which to concentrate password cracking attempts.
76953e16708f452e52817ab659a4b7c085e7394015faca6b640857c346d8b1deAsterisk Project Security Advisory - An attacker may request an Asterisk server to send part of a firmware image. However, as this firmware download protocol does not initiate a handshake, the source address may be spoofed. Therefore, an IAX2 FWDOWNL request for a firmware file may consume as little as 40 bytes, yet produces a 1040 byte response. Coupled with multiple geographically diverse Asterisk servers, an attacker may flood an victim site with unwanted firmware packets.
033fd05fff387ab0474d5a49f0a057699dcb0943d8893658905cf254d19d1aa2Asterisk Project Security Advisory - The HTTP Manager ID used by Asterisk is predictable, allowing an attack the ability to hijack a manager session.
e90eed81de68cae4a78e30426eb398aa04085bb0a5aaa7b2d116817219f91abeAsterisk Project Security Advisory - Due to the way database-based registrations ("realtime") are processed, IP addresses are not checked when the username is correct and there is no password. An attacker may impersonate any user using host-based authentication without a secret, simply by guessing the username of that user. This is limited in scope to administrators who have set up the registration database ("realtime") for authentication and are using only host-based authentication, not passwords. However, both the SIP and IAX protocols are affected.
8f347c1af72c018f03b4107767873c60b519061e85f1fa9739ca188fc9633316Asterisk Project Security Advisory - A SQL injection vulnerability exists in Asterisk versions prior to 1.4.15. Input buffers were not properly escaped when providing the ANI and DNIS strings to the Call Detail Record Postgres logging engine. An attacker could potentially compromise the administrative database containing users' usernames and passwords used for SIP authentication, among other things.
bea6b18a3ed4c0fb66fe9dbf57a59dd37c48c68de19de9b9e05cc4b4d31f9144Asterisk Project Security Advisory - A SQL injection vulnerability exists in Asterisk versions prior to 1.4.15. Input buffers were not properly escaped when providing lookup data to the Postgres Realtime Engine. An attacker could potentially compromise the administrative database containing users' usernames and passwords used for SIP authentication, among other things.
a6dfd2c5d7a40d837c11582e71764dcde062ba282383e034543da1782c87505b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed