exploit the possibilities
Showing 1 - 25 of 100 RSS Feed

Files

Asterisk Project Security Advisory - AST-2021-001
Posted Feb 19, 2021
Authored by gjoseph, Ivan Poddubny | Site asterisk.org

If a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the ???Supported??? header. Eventually the number of entries in the header exceeds the size of the entry array and causes a crash.

tags | advisory
advisories | CVE-2020-35776
MD5 | ed8e67d55a417eabcbc813bf6eeba9d9

Related Files

Astium Remote Code Execution
Posted Sep 26, 2013
Authored by xistence | Site metasploit.com

This Metasploit module exploits vulnerabilities found in Astium astium-confweb-2.1-25399 RPM and lower. A SQL Injection vulnerability is used to achieve authentication bypass and gain admin access. From an admin session arbitrary PHP code upload is possible. It is used to add the final PHP payload to "/usr/local/astium/web/php/config.php" and execute the "sudo /sbin/service astcfgd reload" command to reload the configuration and achieve remote root code execution.

tags | exploit, remote, web, arbitrary, local, root, php, vulnerability, code execution, sql injection
advisories | OSVDB-88860
MD5 | 432ed72ac7cc26bfbd358d5604b17bd2
Asterisk Project Security Advisory - AST-2013-005
Posted Aug 28, 2013
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set.

tags | advisory
MD5 | b715f9c2eaad10cad18835c40db97b9c
Asterisk Project Security Advisory - AST-2013-004
Posted Aug 28, 2013
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present.

tags | advisory
MD5 | 7a62518551aefdf4d135c81e2573574c
Asterisk Project Security Advisory - AST-2013-003
Posted Mar 28, 2013
Authored by Kinsey Moore | Site asterisk.org

Asterisk Project Security Advisory - When authenticating via SIP with alwaysauthreject enabled, allowguest disabled, and autocreatepeer disabled, Asterisk discloses whether a user exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.

tags | advisory
advisories | CVE-2013-2264
MD5 | 43a1293557b3fa72ea85345a7645b421
Asterisk Project Security Advisory - AST-2013-002
Posted Mar 28, 2013
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - AST-2012-014, fixed in January of this year, contained a fix for Asterisk's HTTP server since it was susceptible to a remotely-triggered crash. The fix put in place fixed the possibility for the crash to be triggered, but a possible denial of service still exists if an attacker sends one or more HTTP POST requests with very large Content-Length values.

tags | advisory, web, denial of service
advisories | CVE-2013-2686
MD5 | ae7f44d97919b080bfab8ac0fefe27d5
Asterisk Project Security Advisory - AST-2013-001
Posted Mar 28, 2013
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - The format attribute resource for h264 video performs an unsafe read against a media attribute when parsing the SDP. The vulnerable parameter can be received as strings of an arbitrary length and Asterisk attempts to read them into limited buffer spaces without applying a limit to the number of characters read. If a message is formed improperly, this could lead to an attacker being able to execute arbitrary code remotely.

tags | advisory, arbitrary
advisories | CVE-2013-2685
MD5 | 2f1e20b7186fbfd0411b4581c2fd8e8e
Asterisk Project Security Advisory - AST-2012-015
Posted Jan 3, 2013
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - Asterisk maintains an internal cache for devices. The device state cache holds the state of each device known to Asterisk, such that consumers of device state information can query for the last known state for a particular device, even if it is not part of an active call. The concept of a device in Asterisk can include things that do not have a physical representation. One way that this currently occurs is when anonymous calls are allowed in Asterisk. A device is automatically created and stored in the cache for each anonymous call that occurs; this is possible in the SIP and IAX2 channel drivers and through channel drivers that utilize the res_jabber/res_xmpp resource modules (Gtalk, Jingle, and Motif). Attackers exploiting this vulnerability can attack an Asterisk system configured to allow anonymous calls by varying the source of the anonymous call, continually adding devices to the device state cache and consuming a system's resources.

tags | advisory
advisories | CVE-2012-5977
MD5 | 1f0cefcdb9afc401724361ca6f691932
Asterisk Project Security Advisory - AST-2012-014
Posted Jan 3, 2013
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Asterisk has several places where messages received over various network transports may be copied in a single stack allocation. In the case of TCP, since multiple packets in a stream may be concatenated together, this can lead to large allocations that overflow the stack. In the case of SIP, it is possible to do this before a session is established. Keep in mind that SIP over UDP is not affected by this vulnerability. With HTTP and XMPP, a session must first be established before the vulnerability may be exploited. The XMPP vulnerability exists both in the res_jabber.so module in Asterisk 1.8, 10, and 11 as well as the res_xmpp.so module in Asterisk 11.

tags | advisory, web, overflow, udp, tcp
advisories | CVE-2012-5976
MD5 | 68dd819158d6e063193df6cbe87aeadb
Astium VoIP PBX 2.1 Denial Of Service
Posted Jan 2, 2013
Authored by xistence

Astium VoIP PBX versions 2.1 build 25399 and below remote crash proof of concept exploit that causes astiumd to crash when sent a large buffer.

tags | exploit, remote, denial of service, proof of concept
MD5 | 84bf4038b7b0ddd73ca846aed61c24d8
Astium VoIP PBX 2.1 Remote Root
Posted Jan 2, 2013
Authored by xistence

Astium is prone to multiple vulnerabilities. This exploit uses SQL injection to bypass authentication on the login page and get access as an administrator. After that it uploads and executes a PHP script that will modify the "/usr/local/astium/web/php/config.php" script with a reverse shell and run a "sudo /sbin/service astcfgd reload". Version 2.1 build 25399 is affected.

tags | exploit, web, shell, local, php, vulnerability, sql injection
MD5 | 2d2fb95ee7360c0097a0bae216b5772c
Asterisk Project Security Advisory - AST-2012-013
Posted Aug 30, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - When an IAX2 call is made using the credentials of a peer defined in a dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that peer are not applied to the call attempt. This allows for a remote attacker who is aware of a peer's credentials to bypass the ACL rules set for that peer.

tags | advisory, remote
advisories | CVE-2012-4737
MD5 | 91ab0e96a7351e26f182f8fba5823d97
Asterisk Project Security Advisory - AST-2012-012
Posted Aug 30, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - The AMI Originate action can allow a remote user to specify information that can be used to execute shell commands on the system hosting Asterisk. This can result in an unwanted escalation of permissions, as the Originate action, which requires the "originate" class authorization, can be used to perform actions that would typically require the "system" class authorization.

tags | advisory, remote, shell
advisories | CVE-2012-2186
MD5 | b23f7089de8bc593b53468fabf54bc9b
Asterisk Project Security Advisory - AST-2012-011
Posted Jul 6, 2012
Authored by Nicolas Bouliane, Kinsey Moore | Site asterisk.org

Asterisk Project Security Advisory - If a single voicemail account is manipulated by two parties simultaneously, a condition can occur where memory is freed twice causing a crash.

tags | advisory
advisories | CVE-2012-3812
MD5 | 77428c3c2deacae36ccac65a178ebd16
Asterisk Project Security Advisory - AST-2012-010
Posted Jul 6, 2012
Authored by Terry Wilson, Steve Davies | Site asterisk.org

Asterisk Project Security Advisory - If Asterisk sends a re-invite and an endpoint responds to the re-invite with a provisional response but never sends a final response, then the SIP dialog structure is never freed and the RTP ports for the call are never released. If an attacker has the ability to place a call, they could create a denial of service by using all available RTP ports.

tags | advisory, denial of service
MD5 | 97efa304659dce2c49033c6d442bd34c
Asterisk Project Security Advisory - AST-2012-009
Posted Jun 14, 2012
Authored by Matt Jordan, Christoph Hebeisen | Site asterisk.org

Asterisk Project Security Advisory - AST-2012-008 previously dealt with a denial of service attack exploitable in the Skinny channel driver that occurred when certain messages are sent after a previously registered station sends an Off Hook message. Unresolved in that patch is an issue in the Asterisk 10 releases, wherein, if a Station Key Pad Button Message is processed after an Off Hook message, the channel driver will inappropriately dereference a Null pointer. Similar to AST-2012-008, a remote attacker with a valid SCCP ID can can use this vulnerability by closing a connection to the Asterisk server when a station is in the "Off Hook" call state and crash the server.

tags | advisory, remote, denial of service
advisories | CVE-2012-3553
MD5 | 0559bf1eaeb33a2104fd097035bfaeb6
Astaro Security Gateway Cross Site Scripting
Posted Jun 12, 2012
Authored by Julien Ahrens

Astaro Security Gateway suffers from a backup related cross site scripting vulnerability. Version 8.304 is affected.

tags | advisory, xss
advisories | CVE-2012-3238
MD5 | ea9e06da089620a616f5106692cb021d
Asterisk Project Security Advisory - AST-2012-008
Posted May 29, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - A Null-pointer dereference has been identified in the SCCP (Skinny) channel driver of Asterisk. When an SCCP client closes its connection to the server, a pointer in a structure is set to Null. If the client was not in the on-hook state at the time the connection was closed, this pointer is later dereferenced. A remote attacker with a valid SCCP ID can can use this vulnerability by closing a connection to the Asterisk server in certain call states (e.g. "Off hook") to crash the server. Successful exploitation of this vulnerability would result in termination of the server, causing denial of service to legitimate users.

tags | advisory, remote, denial of service
advisories | CVE-2012-2948
MD5 | e5bbb9c38534065f766274d2c055497d
Asterisk Project Security Advisory - AST-2012-007
Posted May 29, 2012
Authored by Richard Mudgett | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the IAX2 channel driver if an established call is placed on hold without a suggested music class.

tags | advisory
advisories | CVE-2012-2947
MD5 | b42ab63005025daa63e9cb6fd1a5db15
Asterisk Project Security Advisory - AST-2012-006
Posted Apr 23, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if a SIP UPDATE request is processed within a particular window of time.

tags | advisory
MD5 | 32e74fe214613d789749549a4bf27817
Asterisk Project Security Advisory - AST-2012-005
Posted Apr 23, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - In the Skinny channel driver, KEYPAD_BUTTON_MESSAGE events are queued for processing in a buffer allocated on the heap, where each DTMF value that is received is placed on the end of the buffer. Since the length of the buffer is never checked, an attacker could send sufficient KEYPAD_BUTTON_MESSAGE events such that the buffer is overrun.

tags | advisory, overflow
MD5 | 696a9c6849da6138ccfe67440c3caec9
Asterisk Project Security Advisory - AST-2012-004
Posted Apr 23, 2012
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - A user of the Asterisk Manager Interface can bypass a security check and execute shell commands when they lack permission to do so. Under normal conditions, a user should only be able to run shell commands if that user has System class authorization. Users could bypass this restriction by using the MixMonitor application with the originate action or by using either the GetVar or Status manager actions in combination with the SHELL and EVAL functions. The patch adds checks in each affected action to verify if a user has System class authorization. If the user does not have those authorizations, Asterisk rejects the action if it detects the use of any functions or applications that run system commands.

tags | advisory, shell
MD5 | 409cfec2b992f13790527da55bc20c35
Asterisk Project Security Advisory - AST-2012-003
Posted Mar 16, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - An attacker attempting to connect to an HTTP session of the Asterisk Manager Interface can send an arbitrarily long string value for HTTP Digest Authentication. This causes a stack buffer overflow, with the possibility of remote code injection.

tags | advisory, remote, web, overflow
MD5 | 397821839758278f437c9b144d3db54f
Asterisk Project Security Advisory - AST-2012-002
Posted Mar 16, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - Asterisk suffers from an exploitable stack buffer overflow with locally defined data.

tags | advisory, overflow
MD5 | 390b1d4b0c1913fcbd9dff825bf15166
Asterisk Project Security Advisory - AST-2011-013
Posted Dec 9, 2011
Authored by Terry Wilson | Site asterisk.org

Asterisk Project Security Advisory - It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and 1.6.2, this would mean if one setting was nat=yes or nat=route and the other was either nat=no or nat=never. In 1.8 and 10, this would mean when one was nat=force_rport or nat=yes and the other was nat=no or nat=comedia.

tags | advisory
MD5 | def059b81354c49994d1128fdf133f47
Asterisk Project Security Advisory - AST-2011-014
Posted Dec 9, 2011
Authored by Terry Wilson | Site asterisk.org

Asterisk Project Security Advisory - Asterisk suffers from a denial of service vulnerability. When the "automon" feature is enabled in features.conf, it is possible to send a sequence of SIP requests that cause Asterisk to dereference a NULL pointer and crash.

tags | advisory, denial of service
MD5 | c865dbed9afc86ee7ba8ea5687f89b51
Page 1 of 4
Back1234Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close