Twenty Year Anniversary
Showing 1 - 25 of 27 RSS Feed

Files from Sandro Gauci

Email addresssandro at sipvicious.org
First Active2007-08-01
Last Active2018-03-20
Kamailio 5.1.1 / 5.1.0 / 5.0.0 Heap Overflow
Posted Mar 20, 2018
Authored by Sandro Gauci, Alfred Farrugia

Kamailio versions 5.1.1, 5.1.0, and 5.0.0 suffer from an off-by-one heap overflow vulnerability.

tags | exploit, overflow
MD5 | c25f1f7329d21e066258756d0aab5e41
Asterisk 15.2.0 chan_pjsip INVITE Denial Of Service
Posted Feb 26, 2018
Authored by Sandro Gauci, Alfred Farrugia

Asterisk running chan_pjsip suffers from an INVITE message denial of service vulnerability. Versions affected include Versions affected include 15.2.0, 15.1.0, 15.0.0, 13.19.0, 13.11.2, and 14.7.5.

tags | exploit, denial of service
advisories | CVE-2018-7286
MD5 | 1a1dfa782be396603fb5a78ae823f41e
Asterisk 15.2.0 chan_pjsip SDP Media Format Denial Of Service
Posted Feb 26, 2018
Authored by Sandro Gauci, Alfred Farrugia

Asterisk running chan_pjsip suffers from an SDP message related denial of service vulnerability. Versions affected include 13.10.0, 15.1.3, 15.1.4, 15.1.5, and 15.2.0.

tags | exploit, denial of service
MD5 | e162142628fbfb5ba18a1ab13f113be7
Asterisk 15.2.0 chan_pjsip SDP fmtp Denial Of Service
Posted Feb 26, 2018
Authored by Sandro Gauci, Alfred Farrugia

Asterisk version 15.2.0 running chan_pjsip suffers from an SDP message related denial of service vulnerability.

tags | exploit, denial of service
MD5 | 873b23fd0ed9845d55e6420887487dec
Asterisk 15.2.0 chan_pjsip SUBSCRIBE Stack Corruption
Posted Feb 26, 2018
Authored by Sandro Gauci, Alfred Farrugia

Asterisk running chan_pjsip suffers from a SUBSCRIBE message stack corruption vulnerability. Vulnerable versions include 15.2.0, 13.19.0, 14.7.5, and 13.11.2.

tags | exploit
advisories | CVE-2018-7284
MD5 | 323b863197d2d23bab8781c4b5ccc8cc
Asterisk Project Security Advisory - AST-2018-005
Posted Feb 23, 2018
Authored by Sandro Gauci | Site asterisk.org

Asterisk Project Security Advisory - A crash occurs when a number of authenticated INVITE messages are sent over TCP or TLS and then the connection is suddenly closed. This issue leads to a segmentation fault.

tags | advisory, tcp
advisories | CVE-2018-7286
MD5 | 0733c7c77cd97a87cdc416aef921fea4
Asterisk Project Security Advisory - AST-2018-004
Posted Feb 23, 2018
Authored by Joshua Colp, Sandro Gauci | Site asterisk.org

Asterisk Project Security Advisory - When processing a SUBSCRIBE request the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Accept headers were present the code would write outside of its memory and cause a crash.

tags | advisory
advisories | CVE-2018-7284
MD5 | f18e104dffba1574edc8eaf43287eb35
Asterisk Project Security Advisory - AST-2018-003
Posted Feb 23, 2018
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to check if fmtp value is empty (set empty if previously parsed as invalid). The severity of this vulnerability is lessened since an endpoint must be authenticated prior to reaching the crash point, or it's configured with no authentication.

tags | advisory
MD5 | 73cf5406ac133164b0fdab2716de6feb
Asterisk Project Security Advisory - AST-2018-002
Posted Feb 21, 2018
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. The severity of this vulnerability is lessened since an endpoint must be authenticated prior to reaching the crash point, or it's configured with no authentication.

tags | advisory
MD5 | 6b23e91da16ff09e58f7e2691ced6883
Asterisk 14.6.1 RTP Bleed
Posted Sep 2, 2017
Authored by Sandro Gauci, Klaus-Peter Junghanns

Asterisk versions 11.4.0 through 14.6.1 suffer from an RTP man-in-the-middle vulnerability.

tags | advisory
advisories | CVE-2017-14099
MD5 | c91e9a9784eb79d8de4896c824e15a8b
Asterisk 14.4.0 Skinny Denial Of Service
Posted May 22, 2017
Authored by Sandro Gauci, Alfred Farrugia

Asterisk version 14.4.0 with chan_skinny enabled suffers from a memory exhaustion vulnerability that can lead to a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 2a53a018e7760934bc7c0fb189920799
Asterisk 14.4.0 PJSIP 2.6 Denial Of Service
Posted May 22, 2017
Authored by Sandro Gauci, Alfred Farrugia

Asterisk version 14.4.0 running chan_pjsip with PJSIP version 2.6 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | f49b5e4d52c26c6e0a76dcc3d9c9f48c
Asterisk 14.4.0 PJSIP 2.6 Heap Overflow
Posted May 22, 2017
Authored by Sandro Gauci, Alfred Farrugia

Asterisk version 14.4.0 with PJSIP version 2.6 suffers from a heap overflow vulnerability in CSEQ header parsing.

tags | exploit, overflow
MD5 | ffae82070b494ad6a86bd977ef721698
Asterisk Project Security Advisory - AST-2017-004
Posted May 20, 2017
Authored by Sandro Gauci, George Joseph | Site asterisk.org

Asterisk Project Security Advisory - A remote memory exhaustion can be triggered by sending an SCCP packet to Asterisk system with chan_skinny enabled that is larger than the length of the SCCP header but smaller than the packet length specified in the header. The loop that reads the rest of the packet does not detect that the call to read() returned end-of-file before the expected number of bytes and continues infinitely. The partial data message logging in that tight loop causes Asterisk to exhaust all available memory.

tags | advisory, remote
MD5 | 599b4399c6dc5290fce6f74eb70c8e4c
Asterisk Project Security Advisory - AST-2017-003
Posted May 20, 2017
Authored by Sandro Gauci, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - The multi-part body parser in PJSIP contains a logical error that can make certain multi-part body parts attempt to read memory from outside the allowed boundaries. A specially-crafted packet can trigger these invalid reads and potentially induce a crash.

tags | advisory
MD5 | 5d5f432509eeeda7e91ab03884de7373
Asterisk Project Security Advisory - AST-2017-002
Posted May 20, 2017
Authored by Sandro Gauci, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By overrunning the buffer, the memory allocation table becomes corrupted, leading to an eventual crash.

tags | advisory, remote, overflow
MD5 | 240c6d5fde628507bc1d2076fe921b45
Liferay 6.2.3 CE GA4 OpenID XXE Injection
Posted Jun 2, 2016
Authored by Sandro Gauci

Liferay supports OpenID login which was found to make use of a version of openid4java that is vulnerable to XML External Entity (XXE) attacks. Liferay versions 6.2.3 CE GA4 and earlier are affected.

tags | exploit, xxe
MD5 | c64fbdf39059b7fa5e18bcecae0f2125
Cisco CUCM Directory Traversal / Reversible Obfuscation
Posted Nov 8, 2011
Authored by FX, Sandro Gauci | Site recurity-labs.com

Cisco CUCM environment and the IP Phone CP-7975G suffer from a directory traversal, have a reversible obfuscation algorithm, security issues related to SCCP, CTFTP, and Voice VLAN separation. Versions 7.0 and 8.0(2) are affected.

tags | exploit, file inclusion
systems | cisco
MD5 | 0beac78c5f61b53a31e06e89fff5f7b2
SIPVicious Tool Suite 0.2.6
Posted Jun 23, 2010
Authored by Sandro Gauci | Site sipvicious.org

SIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.

Changes: Various bug fixes and a new tool called svcrash.py.
tags | telephony, python
MD5 | a4fbdd9b5fe8df5946a8b0180bc3eb6b
Applicure dotDefender 4.0 Cross Site Scripting
Posted Jun 2, 2010
Authored by Sandro Gauci

Applicure dotDefender version 4.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 64c4a142d6a1600913c78292eeb896e3
sipvicious-0.2.4.tar.gz
Posted Aug 13, 2008
Authored by Sandro Gauci | Site sipvicious.org

SIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.

Changes: The wardialer has had some improvements made. Various bug fixes. Multiple features added including fingerprinting support for svmap. Included fphelper.py and 3 databases used for fingerprinting.
tags | telephony, python
MD5 | 7e59feea54d368f2106c67de6d7a0749
surfjack-0.1b.zip
Posted Aug 13, 2008
Authored by Sandro Gauci | Site enablesecurity.com

surfjack is a tool that allows you to hijack HTTP connection to steal cookies.

tags | web
MD5 | 3d7198ac087f82d1103d553251725621
the-extended-html-form-attack-revisited.pdf
Posted Jun 18, 2008
Authored by Sandro Gauci | Site enablesecurity.com

Whitepaper from 2002 that has been updated regarding the abuse of non-HTTP protocols to launch cross site scripting attacks.

tags | paper, web, protocol, xss
MD5 | e81ed8cd8d2e8d2e1d9816c6ef6cd279
sipvicious-0.2.3.tar.gz
Posted Jun 4, 2008
Authored by Sandro Gauci | Site sipvicious.org

SIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.

Changes: Multiple features added including fingerprinting support for svmap. Included fphelper.py and 3 databases used for fingerprinting.
tags | telephony, python
MD5 | 4665134f2d6bd0595e771b4f1af7adcf
sipvicious-0.2.1.tar.gz
Posted Nov 7, 2007
Authored by Sandro Gauci | Site sipvicious.org

SIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.

Changes: Session state is now saved and svmap supports sending INVITE to particular extensions. The rest are mostly bug fixes and stability.
tags | telephony, python
MD5 | a41df16fef97293f0623b1c59390b545
Page 1 of 2
Back12Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close