what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Asterisk Project Security Advisory - AST-2018-008
Posted Jun 11, 2018
Authored by Richard Mudgett | Site asterisk.org

Asterisk Project Security Advisory - When endpoint specific ACL rules block a SIP request they respond with a 403 forbidden. However, if an endpoint is not identified then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.

tags | advisory
SHA-256 | 0a8df976f443c76825aaacd37af4fd8f1b496b41d03db87301ebcb184dddb134

Related Files

Asterisk Project Security Advisory - AST-2016-003
Posted Feb 6, 2016
Authored by Richard Mudgett, Walter Dokes, Torrey Searle | Site asterisk.org

Asterisk Project Security Advisory - If no UDPTL packets are lost there is no problem. However, a lost packet causes Asterisk to use the available error correcting redundancy packets. If those redundancy packets have zero length then Asterisk uses an uninitialized buffer pointer and length value which can cause invalid memory accesses later when the packet is copied.

tags | advisory
SHA-256 | d61d75b2607cad2c038cf03c5bb97339a5ed2401ece282ee0a7010c19c84efbf
Asterisk Project Security Advisory - AST-2016-002
Posted Feb 6, 2016
Authored by Richard Mudgett, Alexander Traud | Site asterisk.org

Asterisk Project Security Advisory - Setting the sip.conf timert1 value to a value higher than 1245 can cause an integer overflow and result in large retransmit timeout times. These large timeout values hold system file descriptors hostage and can cause the system to run out of file descriptors.

tags | advisory, overflow
SHA-256 | c3a9d55b8722a6698270f1449a33fc8ad65f440df0576b6607a8cd998bdbc47e
Asterisk Project Security Advisory - AST-2016-001
Posted Feb 6, 2016
Authored by Joshua Colp, Alex A. Welzi | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk HTTP server currently has a default configuration which allows the BEAST vulnerability to be exploited if the TLS functionality is enabled. This can allow a man-in-the-middle attack to decrypt data passing through it.

tags | advisory, web
SHA-256 | 6c3e6ff53bbb942a49afc289970e7d998f9f519da49bdeaeadd6a6a039422b8e
Asterisk Project Security Advisory - AST-2015-003
Posted Apr 9, 2015
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected.

tags | advisory
advisories | CVE-2015-3008
SHA-256 | b08ef4b3d0f8ba0061a7cd3e5a8e37967a3286590dcc31a21c17c24ecb06371e
Asterisk Project Security Advisory - AST-2015-002
Posted Jan 29, 2015
Authored by Mark Michelson, Olle Johansson | Site asterisk.org

Asterisk Project Security Advisory - CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL() dialplan function), as well as its res_config_curl.so (cURL realtime backend) modules. Since Asterisk may be configured to allow for user-supplied URLs to be passed to libcURL, it is possible that an attacker could use Asterisk as an attack vector to inject unauthorized HTTP requests if the version of libcURL installed on the Asterisk server is affected by CVE-2014-8150.

tags | advisory, web
advisories | CVE-2014-8150
SHA-256 | 29b34a38aceb27270a9742ce1a2328d92a59cc3a2103a91b0fcb2d89ef89580a
Asterisk Project Security Advisory - AST-2015-001
Posted Jan 29, 2015
Authored by Mark Michelson, Y Ateya | Site asterisk.org

Asterisk Project Security Advisory - Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP ports that are allocated in the process are not reclaimed. This issue only affects the PJSIP channel driver in Asterisk. Users of the chan_sip channel driver are not affected. As the resources are allocated after authentication, this issue only affects communications with authenticated endpoints.

tags | advisory
SHA-256 | e9d6055114e8feed6c629f9b504bd51b2f5d85998f7eb3481512d7fdd54bfc05
Asterisk Project Security Advisory - AST-2014-019
Posted Dec 10, 2014
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - When handling a WebSocket frame the res_http_websocket module dynamically changes the size of the memory used to allow the provided payload to fit. If a payload length of zero was received the code would incorrectly attempt to resize to zero. This operation would succeed and end up freeing the memory but be treated as a failure. When the session was subsequently torn down this memory would get freed yet again causing a crash. Users of the WebSocket functionality also did not take into account that provided text frames are not guaranteed to be NULL terminated. This has been fixed in chan_sip and chan_pjsip in the applicable versions.

tags | advisory
SHA-256 | 1868539f0faf6bdd956adbc2ca0137de48c00afcc3285083d11a021aa2b17658
Asterisk Project Security Advisory - AST-2014-018
Posted Nov 21, 2014
Authored by Kevin Harwell, Gareth Palmer | Site asterisk.org

Asterisk Project Security Advisory - The DB dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation.

tags | advisory, protocol
SHA-256 | 5f6de459bd80960c973e40d53339c46b02b67d9db5559130f299530051f16340
Asterisk Project Security Advisory - AST-2014-017
Posted Nov 21, 2014
Authored by Kevin Harwell, Gareth Palmer | Site asterisk.org

Asterisk Project Security Advisory - The CONFBRIDGE dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation. Also, the AMI action "ConfbridgeStartRecord" could also be used to execute arbitrary system commands without first checking for system access.

tags | advisory, arbitrary, protocol
SHA-256 | eebc8eabd10dc9e3b8bc9523e239a9374c0d69bf823e68db757ae0b2b1368d33
Asterisk Project Security Advisory - AST-2014-016
Posted Nov 21, 2014
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - When handling an INVITE with Replaces message the res_pjsip_refer module incorrectly assumes that it will be operating on a channel that has just been created. If the INVITE with Replaces message is sent in-dialog after a session has been established this assumption will be incorrect. The res_pjsip_refer module will then hang up a channel that is actually owned by another thread. When this other thread attempts to use the just hung up channel it will end up using freed channel which will likely cause a crash.

tags | advisory
SHA-256 | 15a4222dbf1ccd2736fba02c722a20bb0de7e9d45367175f41e820c972765349
Asterisk Project Security Advisory - AST-2014-015
Posted Nov 21, 2014
Authored by Joshua Colp, Yaron Nahum | Site asterisk.org

Asterisk Project Security Advisory - The chan_pjsip channel driver uses a queue approach for actions relating to SIP sessions. There exists a race condition where actions may be queued to answer a session or send ringing AFTER a SIP session has been terminated using a CANCEL request. The code will incorrectly assume that the SIP session is still active and attempt to send the SIP response. The PJSIP library does not expect the SIP session to be in the disconnected state when sending the response and asserts.

tags | advisory
SHA-256 | 55c0f051137922494f6ce7feebfbe8e1ea4b9b2169a67c126fdff6d43bda124a
Asterisk Project Security Advisory - AST-2014-014
Posted Nov 21, 2014
Authored by Joshua Colp, Ben Klang | Site asterisk.org

Asterisk Project Security Advisory - The ConfBridge application uses an internal bridging API to implement conference bridges. This internal API uses a state model for channels within the conference bridge and transitions between states as different things occur. Under load it is possible for some state transitions to be delayed causing the channel to transition from being hung up to waiting for media. As the channel has been hung up remotely no further media will arrive and the channel will stay within ConfBridge indefinitely.

tags | advisory
SHA-256 | 84eb5f3fb7ddc9a0f5ee17c933a15f1ce01cc2ecc88d2c7325407f4bef03640b
Asterisk Project Security Advisory - AST-2014-013
Posted Nov 21, 2014
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk module res_pjsip_acl provides the ability to configure ACLs that may be used to reject SIP requests from various hosts. In affected versions of Asterisk, this module fails to create and apply ACLs defined in pjsip.conf. This may be worked around by reloading res_pjsip manually after res_pjsip_acl is loaded.

tags | advisory
SHA-256 | b3b03fb6b4fdfbb86b064255aefc3988d26b8846fa6491e95caf916c96308e46
Asterisk Project Security Advisory - AST-2014-012
Posted Nov 21, 2014
Authored by Andreas Steinmetz | Site asterisk.org

Asterisk Project Security Advisory - Many modules in Asterisk that service incoming IP traffic have ACL options ("permit" and "deny") that can be used to whitelist or blacklist address ranges. A bug has been discovered where the address family of incoming packets is only compared to the IP address family of the first entry in the list of access control rules. If the source IP address for an incoming packet is not of the same address family as the first ACL entry, that packet bypasses all ACL rules. For ACLs whose rules are all of the same address family, there is no issue.

tags | advisory
SHA-256 | d63dbc1f4a1555e213fdaf8b7170df0e1ef4f9f7d5de91107a8f9832f1027a68
Asterisk Project Security Advisory - AST-2014-011
Posted Oct 21, 2014
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - Asterisk suffered from the SSL POODLE vulnerability.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | f3393b5e599a0d63b52314b6cb1f7808ffb0f59894dcb498c686d60e147cb6d3
Asterisk Project Security Advisory - AST-2014-010
Posted Sep 18, 2014
Authored by Matt Jordan, Philippe Lindheimer | Site asterisk.org

Asterisk Project Security Advisory - When an out of call message - delivered by either the SIP or PJSIP channel driver or the XMPP stack - is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the ReceiveFax dialplan application while using the res_fax_spandsp module. Note that this crash does not occur when using the res_fax_digium module. While this crash technically occurs due to a configuration issue, as attempting to receive a fax from a channel driver that only contains textual information will never succeed, the likelihood of having it occur is sufficiently high as to warrant this advisory.

tags | advisory
SHA-256 | 83253f08b336ac5b6aac9462d511a7478d879722c5b915b26d3b93cf9082d978
Asterisk Project Security Advisory - AST-2014-009
Posted Sep 18, 2014
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - It is possible to trigger a crash in Asterisk by sending a SIP SUBSCRIBE request with unexpected mixes of headers for a given event package. The crash occurs because Asterisk allocates data of one type at one layer and then interprets the data as a separate type at a different layer. The crash requires that the SUBSCRIBE be sent from a configured endpoint, and the SUBSCRIBE must pass any authentication that has been configured. Note that this crash is Asterisk's PJSIP-based res_pjsip_pubsub module and not in the old chan_sip module.

tags | advisory
SHA-256 | 1aa9c0ed7726161fa37c98a6ed477a60bbea2afc25657fb55981f7558fc19432
Asterisk Project Security Advisory - AST-2014-008
Posted Jun 13, 2014
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - When a SIP transaction timeout caused a subscription to be terminated, the action taken by Asterisk was guaranteed to deadlock the thread on which SIP requests are serviced. Note that this behavior could only happen on established subscriptions, meaning that this could only be exploited if an attacker bypassed authentication and successfully subscribed to a real resource on the Asterisk server.

tags | advisory
advisories | CVE-2014-4048
SHA-256 | e21cdaf3769c98aa4d94fbad230c4dee902998f19cff528885690e12ebe7363a
Asterisk Project Security Advisory - AST-2014-007
Posted Jun 13, 2014
Authored by Richard Mudgett | Site asterisk.org

Asterisk Project Security Advisory - Establishing a TCP or TLS connection to the configured HTTP or HTTPS port respectively in http.conf and then not sending or completing a HTTP request will tie up a HTTP session. By doing this repeatedly until the maximum number of open HTTP sessions is reached, legitimate requests are blocked.

tags | advisory, web, tcp
advisories | CVE-2014-4047
SHA-256 | e6779aabe2219ce71ab967736150fa4798031e2d5a8f66d132a104297bd2b824
Asterisk Project Security Advisory - AST-2014-006
Posted Jun 13, 2014
Authored by Jonathan Rose, Corey Farrell | Site asterisk.org

Asterisk Project Security Advisory - Manager users can execute arbitrary shell commands with the MixMonitor manager action. Asterisk does not require system class authorization for a manager user to use the MixMonitor action, so any manager user who is permitted to use manager commands can potentially execute shell commands as the user executing the Asterisk process.

tags | advisory, arbitrary, shell
advisories | CVE-2014-4046
SHA-256 | 930cf84fa176bf5c4db20b34cce8c5d33a35ed70742265a86ef2b9f3ab699974
Asterisk Project Security Advisory - AST-2014-005
Posted Jun 13, 2014
Authored by John Bigelow, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the PJSIP channel driver's pub/sub framework. If an attempt is made to unsubscribe when not currently subscribed and the endpoint's "sub_min_expiry" is set to zero, Asterisk tries to create an expiration timer with zero seconds, which is not allowed, so an assertion raised.

tags | advisory
advisories | CVE-2014-4045
SHA-256 | 6b85765fc735a00c686484dac76731431461bf16a925d2e52ab0d28b8d4331fe
Asterisk Project Security Advisory - AST-2014-004
Posted Mar 11, 2014
Authored by Mark Michelson, Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the PJSIP channel driver's handling of SUBSCRIBE requests. If a SUBSCRIBE request is received for the presence Event, and that request has no Accept headers, Asterisk will attempt to access an invalid pointer to the header location. Note that this issue was fixed during a re-architecture of the res_pjsip_pubsub module in Asterisk 12.1.0. As such, this issue has already been resolved in a released version of Asterisk. This notification is being released for users of Asterisk 12.0.0.

tags | advisory
advisories | CVE-2014-2289
SHA-256 | 6e56eb72b35ebd81d6277efa644e9243116635a3b307f8a61ee9f768038f90ec
Asterisk Project Security Advisory - AST-2014-003
Posted Mar 11, 2014
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the PJSIP channel driver if the "qualify_frequency" configuration option is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request. The response handling code wrongly assumes that a PJSIP endpoint will always be associated with an outgoing request which is incorrect.

tags | advisory, remote
advisories | CVE-2014-2288
SHA-256 | 3fc37984a9d5b7488a013c0d4d7869919c15b588b2dfa950081c2998a81fc658
Asterisk Project Security Advisory - AST-2014-002
Posted Mar 11, 2014
Authored by Kinsey Moore, Colin Farrell | Site asterisk.org

Asterisk Project Security Advisory - An attacker can use all available file descriptors using SIP INVITE requests, which can result in a denial of service.

tags | advisory, denial of service
advisories | CVE-2014-2287
SHA-256 | 786ba76251ce62da4df7d6eb92f164fe200a08d34d8310287e6d97b9f289d40c
Asterisk Project Security Advisory - AST-2014-001
Posted Mar 11, 2014
Authored by Richard Mudgett, Lucas Molas, Dr. Manuel Sadosky | Site asterisk.org

Asterisk Project Security Advisory - Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request.

tags | advisory, web, overflow
advisories | CVE-2014-2286
SHA-256 | 7930613352d2f6681e74a1dd7d8766aee3838790ca9d640367d15b7cb5e507c4
Page 1 of 4
Back1234Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    7 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close