exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

Asterisk Project Security Advisory - AST-2014-016
Posted Nov 21, 2014
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - When handling an INVITE with Replaces message the res_pjsip_refer module incorrectly assumes that it will be operating on a channel that has just been created. If the INVITE with Replaces message is sent in-dialog after a session has been established this assumption will be incorrect. The res_pjsip_refer module will then hang up a channel that is actually owned by another thread. When this other thread attempts to use the just hung up channel it will end up using freed channel which will likely cause a crash.

tags | advisory
SHA-256 | 15a4222dbf1ccd2736fba02c722a20bb0de7e9d45367175f41e820c972765349

Related Files

Asterisk Project Security Advisory - AST-2011-007
Posted Jun 3, 2011
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - If a remote user initiates a SIP call and the recipient picks up, the remote user can reply with a malformed Contact header that Asterisk will improperly handle and cause a crash due to a segmentation fault.

tags | advisory, remote
advisories | CVE-2011-2216
SHA-256 | c571c19d564846b6e1ecb5b41d7e710e95aaede9cc69e13f64613da97587d97d
Asterisk Project Security Advisory - AST-2011-006
Posted Apr 22, 2011
Authored by Matthew Nicholson | Site asterisk.org

Asterisk Project Security Advisory - It is possible for a user of the Asterisk Manager Interface to bypass a security check and execute shell commands when they should not have that ability. Sending the "Async" header with the "Application" header during an Originate action, allows authenticated manager users to execute shell commands. Only users with the "system" privilege should be able to do this.

tags | advisory, shell
SHA-256 | 31ede85ee7d0cff21021d4dd6f89dfc438a48a6a387fbe72033246f6071a6e17
Asterisk Project Security Advisory - AST-2011-005
Posted Apr 21, 2011
Authored by Tzafrir Cohen | Site asterisk.org

Asterisk Project Security Advisory - On systems that have the Asterisk Manager Interface, Skinny, SIP over TCP, or the built in HTTP server enabled, it is possible for an attacker to open as many connections to asterisk as he wishes. This will cause Asterisk to run out of available file descriptors and stop processing any new calls. Additionally, disk space can be exhausted as Asterisk logs failures to open new file descriptors.

tags | advisory, web, tcp
advisories | CVE-2011-1507
SHA-256 | 471ce01d238810bef4b672c13bed60968aa25283433c449bf7c0a05b6b29d2ae
Asterisk TCP/TLS Server Remote Crash
Posted Mar 17, 2011
Authored by Blake Cornell, Chris Maj | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk TCP/TLS server suffers from a denial of service vulnerability. Versions 1.6.1.x, 1.6.2.x, and 1.8.x are all affected.

tags | advisory, denial of service, tcp
SHA-256 | 42a118e4489814c5c7daf24ff15ffb8353da113d792cafa89fca1e91546ce0d5
Asterisk Resource Exhaustion In Manager Interface
Posted Mar 17, 2011
Authored by Blake Cornell | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk Manager Interface suffers from a denial of service vulnerability. Versions 1.6.1.x, 1.6.2.x, and 1.8.x are all affected.

tags | advisory, denial of service
SHA-256 | 7b52fcf7d91688180fe75c1cbbd43b18bd7fd00850636319d9f26ecd4c9416b7
Asterisk Project Security Advisory - AST-2011-002
Posted Feb 22, 2011
Authored by Matthew Nicholson | Site asterisk.org

Asterisk Project Security Advisory - When decoding UDPTL packets, multiple stack and heap based arrays can be made to overflow by specially crafted packets. Systems doing T.38 pass through or termination are vulnerable.

tags | advisory, overflow
SHA-256 | 9b947dd4fce8b8d4d6dc7c6bc47a02bc75f6c9d8097ebaa822eda51e67ad2705
Asterisk Project Security Advisory - AST-2011-001
Posted Jan 18, 2011
Authored by Matthew Nicholson | Site asterisk.org

Asterisk Project Security Advisory - When forming an outgoing SIP request while in pedantic mode, a stack buffer can be made to overflow if supplied with carefully crafted caller ID information. This vulnerability also affects the URIENCODE dialplan function and in some versions of asterisk, the AGI dialplan application as well. The ast_uri_encode function does not properly respect the size of its output buffer and can write past the end of it when encoding URIs.

tags | advisory, overflow
SHA-256 | caddb62e55ea8e3118ad497b8c0c7b872b631262ea738692d4e6d87bdccb05d9
Asterisk Project Security Advisory - AST-2010-003
Posted Feb 26, 2010
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Host access rules using permit= and deny= configurations behave unpredictably if the CIDR notation /0 is used. Depending on the system's behavior, this may act as desired, but in other cases it might not, thereby allowing access from hosts that should be denied.

tags | advisory
SHA-256 | 1b93b33da3d5184c379547d81b5050d83dfdbc328a9e859576be03060c04eeb1
Asterisk Project Security Advisory - AST-2010-002
Posted Feb 20, 2010
Authored by Leif Madsen | Site asterisk.org

Asterisk Project Security Advisory - A common usage of the ${EXTEN} channel variable in a dialplan with wildcard pattern matches can lead to a possible string injection vulnerability. By having a wildcard match in a dialplan, it is possible to allow unintended calls to be executed.

tags | advisory
SHA-256 | 6df03db49a5dc8aa44b7bba96539f3b628e043d7efe241ee610ebdeb0bc96e1b
Asterisk Project Security Advisory - AST-2010-001
Posted Feb 3, 2010
Authored by David Vossel | Site asterisk.org

Asterisk Project Security Advisory - An attacker attempting to negotiate T.38 over SIP can remotely crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain either a negative or exceptionally large value. The same crash occurs when the FaxMaxDatagram field is omitted from the SDP as well.

tags | advisory
advisories | CVE-2010-0441
SHA-256 | e389de5a471316312db8c85329ef64fc51d31e57f6900226fbee9f94d1d8b6de
Asterisk Project Security Advisory - AST-2009-010
Posted Dec 1, 2009
Authored by David Vossel | Site asterisk.org

Asterisk Project Security Advisory - An attacker sending a valid RTP comfort noise payload containing a data length of 24 bytes or greater can remotely crash Asterisk.

tags | advisory
advisories | CVE-2009-4055
SHA-256 | 36b56a28380039e2532e434853000794f007a636a0fa262cd6df0be8b4ee65e2
Asterisk Project Security Advisory - AST-2009-009
Posted Nov 5, 2009
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - Asterisk includes a demonstration AJAX based manager interface, ajamdemo.html which uses the prototype.js framework. An issue was uncovered in this framework which could allow someone to execute a cross-site AJAX request exploit.

tags | advisory
advisories | CVE-2008-7220
SHA-256 | e86a0ecb6a897bcb9f1220e85d46af735a82bc2ef2a6208e6cc14a3c6f4996dd
Asterisk Project Security Advisory - AST-2009-008
Posted Nov 5, 2009
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - It is possible to determine if a peer with a specific name is configured in Asterisk by sending a specially crafted REGISTER message twice. The username that is to be checked is put in the user portion of the URI in the To header. A bogus non-matching value is put into the username portion of the Digest in the Authorization header. If the peer does exist the second REGISTER will receive a response of "403 Authentication user name does not match account name". If the peer does not exist the response will be "404 Not Found" if alwaysauthreject is disabled and "401 Unauthorized" if alwaysauthreject is enabled.

tags | advisory
SHA-256 | 3634bc8c6b1fcdae106d21b04636f67125dbeb10fda75b29b1244e3e1cd34bf0
Asterisk Project Security Advisory - AST-2009-007
Posted Oct 26, 2009
Authored by Jeff Peeler | Site asterisk.org

Asterisk Project Security Advisory - A missing ACL check for handling SIP INVITEs allows a device to make calls on networks intended to be prohibited as defined by the "deny" and "permit" lines in sip.conf. The ACL check for handling SIP registrations was not affected.

tags | advisory
SHA-256 | a028170ecb278eb6b1813a2f959521f86bee010953bfc98dd29af7dda75eda1c
Asterisk Project Security Advisory - AST-2009-006
Posted Sep 4, 2009
Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - The IAX2 protocol uses a call number to associate messages with the call that they belong to. However, the protocol defines the call number field in messages as a fixed size 15 bit field. So, if all call numbers are in use, no additional sessions can be handled. A call number gets created at the start of an IAX2 message exchange. So, an attacker can send a large number of messages and consume the call number space. The attack is also possible using spoofed source IP addresses as no handshake is required before a call number is assigned.

tags | advisory, spoof, protocol
advisories | CVE-2009-2346
SHA-256 | b9b863efb0b85644076d3c974b98ce74f39e463464e8e6c41b443200a78dd088
Asterisk Project Security Advisory - Driver Crash
Posted Aug 11, 2009
Authored by Tilghman Lesher | Site asterisk.org

Asterisk Project Security Advisory - On certain implementations of libc, the scanf family of functions uses an unbounded amount of stack memory to repeatedly allocate string buffers prior to conversion to the target type. Coupled with Asterisk's allocation of thread stack sizes that are smaller than the default, an attacker may exhaust stack memory in the SIP stack network thread by presenting excessively long numeric strings in various fields.

tags | advisory
advisories | CVE-2009-2726
SHA-256 | b1dc46b65ba0899d179d5df802c216ac411cd9b7c37c701cd854541313c4d1e2
Asterisk Project Security Advisory 2009-004
Posted Aug 6, 2009
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - An attacker can cause Asterisk to crash remotely by sending malformed RTP text frames. While the attacker can cause Asterisk to crash, he cannot execute arbitrary remote code with this exploit.

tags | advisory, remote, arbitrary
SHA-256 | 7cdb743f4d11e06fb523803f2e6f40f3d378378fd8b9554a26d5efcd6ce48db9
Asterisk Advisory - Information Leak
Posted Apr 2, 2009
Authored by Tilghman Lesher | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk maintainers have made it so that a scan for valid SIP usernames always returns with the same response.

tags | advisory
advisories | CVE-2008-3903
SHA-256 | ee9968f99acb80ce4acfeaba744f770db13f2fda8eef9ea61b86c99b6e3eaa8f
Asterisk Project Security Advisory - AST-2009-002
Posted Mar 10, 2009
Site asterisk.org

Asterisk Project Security Advisory - A remote crash vulnerability exists in the SIP channel driver allow for a denial of service condition.

tags | advisory, remote, denial of service
SHA-256 | ca3545fb7ff461a737f99935a89bf271977ba6509b3a6a50c11000b7d15536f7
Asterisk Project Security Advisory - AST-2009-001
Posted Jan 9, 2009
Authored by Tilghman Lesher | Site asterisk.org

Asterisk Project Security Advisory - IAX2 provides a different response during authentication when a user does not exist, as compared to when the password is merely wrong. This allows an attacker to scan a host to find specific users on which to concentrate password cracking attempts.

tags | advisory
advisories | CVE-2009-0041
SHA-256 | 76953e16708f452e52817ab659a4b7c085e7394015faca6b640857c346d8b1de
Asterisk Project Security Advisory - AST-2008-012
Posted Dec 12, 2008
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - There is a possibility to remotely crash an Asterisk server if the server is configured to use realtime IAX2 users. The issue occurs if either an unknown user attempts to authenticate or if a user that uses hostname matching attempts to authenticate.

tags | advisory
SHA-256 | ef23e216fc8fbfffc2d988c07ff4844b1d8aeaf228f027c02fe7ede7f6bb7006
AST-2008-011.txt
Posted Jul 23, 2008
Authored by Tilghman Lesher | Site asterisk.org

Asterisk Project Security Advisory - An attacker may request an Asterisk server to send part of a firmware image. However, as this firmware download protocol does not initiate a handshake, the source address may be spoofed. Therefore, an IAX2 FWDOWNL request for a firmware file may consume as little as 40 bytes, yet produces a 1040 byte response. Coupled with multiple geographically diverse Asterisk servers, an attacker may flood an victim site with unwanted firmware packets.

tags | advisory, spoof, protocol
advisories | CVE-2008-3264
SHA-256 | 033fd05fff387ab0474d5a49f0a057699dcb0943d8893658905cf254d19d1aa2
AST-2008-010.txt
Posted Jul 23, 2008
Authored by Jeremy McNamara | Site asterisk.org

Asterisk Project Security Advisory - By flooding an Asterisk server with IAX2 'POKE' requests, an attacker may eat up all call numbers associated with the IAX2 protocol on an Asterisk server and prevent other IAX2 calls from getting through. Due to the nature of the protocol, IAX2 POKE calls will expect an ACK packet in response to the PONG packet sent in response to the POKE. While waiting for this ACK packet, this dialog consumes an IAX2 call number, as the ACK packet must contain the same call number as was allocated and sent in the PONG.

tags | advisory, protocol
advisories | CVE-2008-3263
SHA-256 | d7ea9284131bcea62f7425642c3db4439b8033df1205a39d88ff0808e5893c71
AST-2008-009.txt
Posted Jun 5, 2008
Authored by Tzafrir Cohen | Site asterisk.org

Asterisk Project Security Advisory - The ooh323 channel driver provided in Asterisk Addons used a TCP connection to pass commands internally. The payload of these packets included addresses of memory which were to be freed after the command was processed. By sending arbitrary data to the listening TCP socket, one could cause an almost certain crash since the command handler would attempt to free invalid memory. This problem was made worse by the fact that the listening TCP socket was bound to whatever IP address was specified by the "bindaddr" option in ooh323.conf.

tags | advisory, arbitrary, tcp
advisories | CVE-2008-2543
SHA-256 | aac2cc0599489e9604748b85058afad532715726a0cde88e1b0bcb8f18309c24
AST-2008-008.txt
Posted Jun 4, 2008
Authored by Hooi Ng | Site asterisk.org

Asterisk Project Security Advisory - During pedantic SIP processing the From header value is passed to the ast_uri_decode function to be decoded. In two instances it is possible for the code to cause a crash as the From header value is not checked to be non-NULL before being passed to the function.

tags | advisory
advisories | CVE-2008-2119
SHA-256 | 6d6c76931877fb8fcfcb71ac5a7f4ca1baaf4e140c905963272cd3b2b09ead91
Page 3 of 4
Back1234Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close