what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

Asterisk Project Security Advisory - AST-2014-016
Posted Nov 21, 2014
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - When handling an INVITE with Replaces message the res_pjsip_refer module incorrectly assumes that it will be operating on a channel that has just been created. If the INVITE with Replaces message is sent in-dialog after a session has been established this assumption will be incorrect. The res_pjsip_refer module will then hang up a channel that is actually owned by another thread. When this other thread attempts to use the just hung up channel it will end up using freed channel which will likely cause a crash.

tags | advisory
SHA-256 | 15a4222dbf1ccd2736fba02c722a20bb0de7e9d45367175f41e820c972765349

Related Files

AST-2008-007.txt
Posted May 22, 2008
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Asterisk installations using cryptographic keys generated by Debian-based systems may be using a vulnerable implementation of OpenSSL.

tags | advisory
systems | linux, debian
advisories | CVE-2008-0166
SHA-256 | 9e1a273be0fa164aae613d72d1ac5770291a36e329b0ef6f8f88dc52d55212ae
AST-2008-006.txt
Posted Apr 23, 2008
Authored by Javantea | Site asterisk.org

Asterisk Project Security Advisory - Javantea found multiple security issues in IAX2 including an incomplete 3-way handshake.

tags | advisory
advisories | CVE-2008-1897
SHA-256 | add784c1721895efd2acb383b937c9caa5e879556f5ec5e543e6590f319908a8
AST-2008-005.txt
Posted Mar 19, 2008
Authored by Tilghman Lesher | Site asterisk.org

Asterisk Project Security Advisory - The HTTP Manager ID used by Asterisk is predictable, allowing an attack the ability to hijack a manager session.

tags | advisory, web
advisories | CVE-2008-1390
SHA-256 | e90eed81de68cae4a78e30426eb398aa04085bb0a5aaa7b2d116817219f91abe
AST-2008-004.txt
Posted Mar 19, 2008
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - A format string vulnerability exists in the Logger and Manager of Asterisk.

tags | advisory
advisories | CVE-2008-1333
SHA-256 | d3c4daeab6197a01a301019b8aa89ad828883465386ae04592c4c0d6a701e033
AST-2008-003.txt
Posted Mar 19, 2008
Authored by Jason Parker | Site asterisk.org

Asterisk Project Security Advisory - Unauthenticated calls can be made via the SIP channel driver using an invalid From header. This acts similarly to the SIP configuration option 'allowguest=yes', in that calls with a specially crafted From header would be sent to the PBX in the context specified in the general section of sip.conf.

tags | advisory
advisories | CVE-2008-1332
SHA-256 | 81843cf8445447d86cc4da5431fb5f1967c5dbd9adf9c537d45cdf64851f983b
AST-2008-002.txt
Posted Mar 19, 2008
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - Two buffer overflows exist in the RTP payload handling code of Asterisk. Both overflows can be caused by an INVITE or any other SIP packet with SDP. The request may need to be authenticated depending on configuration of the Asterisk installation.

tags | advisory, overflow
advisories | CVE-2008-1289
SHA-256 | 7af0f5f8834e1ec6cfc12a2131ca26a0a7c955b7d3cc5c93dab300406251ab4b
AST-2008-001.txt
Posted Jan 2, 2008
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - The handling of the BYE with Also transfer method was broken during the development of Asterisk 1.4. If a transfer attempt is made using this method the system will immediately crash upon handling the BYE message due to trying to copy data into a NULL pointer.

tags | advisory
SHA-256 | 20c92e563a5e81918a24b9db84f689f656287c30c74250a54b4c5f8c1b9ed24d
AST-2007-027.txt
Posted Dec 19, 2007
Authored by Tilghman Lesher | Site asterisk.org

Asterisk Project Security Advisory - Due to the way database-based registrations ("realtime") are processed, IP addresses are not checked when the username is correct and there is no password. An attacker may impersonate any user using host-based authentication without a secret, simply by guessing the username of that user. This is limited in scope to administrators who have set up the registration database ("realtime") for authentication and are using only host-based authentication, not passwords. However, both the SIP and IAX protocols are affected.

tags | advisory, protocol
advisories | CVE-2007-6430
SHA-256 | 8f347c1af72c018f03b4107767873c60b519061e85f1fa9739ca188fc9633316
AST-2007-026.txt
Posted Nov 30, 2007
Authored by Tilghman Lesher | Site asterisk.org

Asterisk Project Security Advisory - A SQL injection vulnerability exists in Asterisk versions prior to 1.4.15. Input buffers were not properly escaped when providing the ANI and DNIS strings to the Call Detail Record Postgres logging engine. An attacker could potentially compromise the administrative database containing users' usernames and passwords used for SIP authentication, among other things.

tags | advisory, sql injection
SHA-256 | bea6b18a3ed4c0fb66fe9dbf57a59dd37c48c68de19de9b9e05cc4b4d31f9144
AST-2007-025.txt
Posted Nov 30, 2007
Authored by P. Chisteas, Tilghman Lesher | Site asterisk.org

Asterisk Project Security Advisory - A SQL injection vulnerability exists in Asterisk versions prior to 1.4.15. Input buffers were not properly escaped when providing lookup data to the Postgres Realtime Engine. An attacker could potentially compromise the administrative database containing users' usernames and passwords used for SIP authentication, among other things.

tags | advisory, sql injection
SHA-256 | a6dfd2c5d7a40d837c11582e71764dcde062ba282383e034543da1782c87505b
AST-2007-024.txt
Posted Nov 8, 2007
Authored by Michal Bucko, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - This advisory is a response to a false security vulnerability published in several places on the Internet. Had Asterisk's developers been notified prior to its publication, there would be no need for this. There is a potential for a buffer overflow in the sethdlc application; however, running this application requires root access to the server, which means that exploiting this vulnerability gains the attacker no more advantage than what he already has. As such, this is a bug, not a security vulnerability.

tags | advisory, overflow, root
advisories | CVE-2007-5690
SHA-256 | 02df8010a89c1828facd661e89d15aad1405eb934f5d1de64b09abe22dfa82ae
AST-2007-023.txt
Posted Oct 18, 2007
Authored by Humberto Abdelnur | Site asterisk.org

Asterisk Project Security Advisory - Source and destination numbers for a given call are not correctly escaped by the cdr_addon_mysql module in Asterisk, allowing for SQL injection attacks.

tags | advisory, sql injection
advisories | CVE-2007-5488
SHA-256 | b7f121ce1d8a097c7245450265c72bf2a7163a67c89fb5ad28ce42393b43a3de
AST-2007-022.txt
Posted Oct 11, 2007
Authored by Russell Bryant, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Multiple buffer overflows were discovered due to the use of sprintf in Asterisk's IMAP-specific voicemail code.

tags | advisory, overflow, imap
SHA-256 | 5e6beed403d366c145b69ef187cb6e89c970ef02a7ab577a2744fdfb90213dcc
AST-2007-021.txt
Posted Aug 25, 2007
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Asterisk suffers from a crash vulnerability when passed invalid MIME bodies when using voicemail with IMAP storage.

tags | advisory, imap
advisories | CVE-2007-4521
SHA-256 | 1e9ae16db7079005556cba264366edeabcc3ffa5a92654001ff2788d29755e68
AST-2007-020.txt
Posted Aug 22, 2007
Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - Asterisk suffers from a resource exhaustion vulnerability in the SIP channel driver.

tags | advisory
advisories | CVE-2007-4455
SHA-256 | 9f1bbe7d514f8f84edf352d9addf36a922ec1472cdf8c0f4f013f1fc70f7480f
ASA-2007-019.txt
Posted Aug 8, 2007
Authored by Wei Wang, Jason Parker | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk Skinny channel driver, chan_skinny, has a remotely exploitable crash vulnerability. A segfault can occur when Asterisk receives a "CAPABILITIES_RES_MESSAGE" packet where the capabilities count is greater than the total number of items in the capabilities_res_message array. Note that this requires an authenticated session.

tags | advisory
SHA-256 | 6782bf2d6ac72f8bab74a44c546cf27f72e55a525d134e95c06a05a5ff82cc07
ASA-2007-018.txt
Posted Jul 31, 2007
Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - The IAX2 channel driver in Asterisk is vulnerable to a denial of service attack when configured to allow unauthenticated calls.

tags | advisory, denial of service
SHA-256 | a0b5106b8836479565cb2062ecc245c6c9ec7e134d97b1a2dc470e13cb1d6bc4
ASA-2007-017.txt
Posted Jul 18, 2007
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk STUN implementation in the RTP stack has a remotely exploitable crash vulnerability. A pointer may run past accessible memory if Asterisk receives a specially crafted STUN packet on an active RTP port. The code that parses the incoming STUN packets incorrectly checks that the length indicated in the STUN attribute and the size of the STUN attribute header does not exceed the available data. This will cause the data pointer to run past accessible memory and when accessed will cause a crash.

tags | advisory
advisories | CVE-2007-3765
SHA-256 | bc0c39530df4dd18a6dbdcdc793f1561ba085d70afb011dfde1d4bdcb5f322af
ASA-2007-016.txt
Posted Jul 18, 2007
Authored by Jason Parker | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk Skinny channel driver, chan_skinny, has a remotely exploitable crash vulnerability. A segfault can occur when Asterisk receives a packet where the claimed length of the data is between 0 and 3, followed by length + 4 or more bytes, due to an overly large memcpy. The side effects of this extremely large memcpy have not been investigated.

tags | advisory
advisories | CVE-2007-3764
SHA-256 | 950ae078a58d7241a19dc7a251b19e77edd52fcfa03de8eed1f658bf4850424b
ASA-2007-015.txt
Posted Jul 18, 2007
Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk IAX2 channel driver, chan_iax2, has a remotely exploitable crash vulnerability. A NULL pointer exception can occur when Asterisk receives a LAGRQ or LAGRP frame that is part of a valid session and includes information elements. The session used to exploit this issue does not have to be authenticated. It can simply be a NEW packet sent with an invalid username. The code that parses the incoming frame correctly parses the information elements of IAX frames. It then sets a pointer to NULL to indicate that there is not a raw data payload associated with this frame. However, it does not set the variable that indicates the number of bytes in the raw payload back to zero. Since the raw data length is non-zero, the code handling LAGRQ and LAGRP frames tries to copy data from a NULL pointer, causing a crash.

tags | advisory
advisories | CVE-2007-3763
SHA-256 | 82005035f0af5942ecb9961ae6e9407bfeadba79e2de888767b6b9905cdf838f
ASA-2007-014.txt
Posted Jul 18, 2007
Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk IAX2 channel driver, chan_iax2, has a remotely exploitable stack buffer overflow vulnerability. It occurs when chan_iax2 is passed a voice or video frame with a data payload larger than 4 kB. This is exploitable by sending a very large RTP frame to an active RTP port number used by Asterisk when the other end of the call is an IAX2 channel. Exploiting this issue can cause a crash or allow arbitrary code execution on a remote machine.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2007-3762
SHA-256 | e4dc71a2fe12119c9e203636d801c336673cd5417bd25d738fda712d34d52222
ASA-2007-013.txt
Posted May 8, 2007
Authored by Tim Panton, Birgit Arkesteijn | Site asterisk.org

Asterisk Project Security Advisory - IAX2 users can cause unauthorized data disclosure.

tags | advisory
advisories | CVE-2007-2488
SHA-256 | 04e18f0914fe81d04fd062b5d240af6a69b220dc3e0da30b47dadb37894758ce
ASA-2007-012.txt
Posted Apr 25, 2007
Site asterisk.org

Asterisk Project Security Advisory - The Asterisk Manager Interface has a remote crash vulnerability. If a manager user is configured in manager.conf without a password, and then a connection is made that attempts to use that username and MD5 authentication, Asterisk will dereference a NULL pointer and crash.

tags | advisory, remote
SHA-256 | a17f68d00918d6d34071de5f8df573e502384f3fa913837d7bf6360c91718452
ASA-2007-011.txt
Posted Apr 25, 2007
Authored by qwerty1979 | Site asterisk.org

Asterisk Project Security Advisory - Multiple problems have been identified in the Asterisk SIP channel driver (chan_sip) when handling response packets from other SIP endpoints.

tags | advisory
SHA-256 | 1466bb9117813fc5de7943aeb33b93d1848fb5d8fe9fe5ea4eb00860aa85e899
ASA-2007-010.txt
Posted Apr 25, 2007
Authored by Barrie Dempster | Site asterisk.org

Asterisk Project Security Advisory - Two closely related stack based buffer overflows exist in the SIP/SDP handler of Asterisk, the vulnerabilities are very similar but exist as two separate unsafe function calls.

tags | advisory, overflow, vulnerability
SHA-256 | a949bf50c43304dfaf9a9feae5a4076f7dd8a9e29097cee33dd9e616bb3fe0b7
Page 4 of 4
Back1234Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close