what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Asterisk Project Security Advisory - AST-2021-005
Posted Feb 19, 2021
Authored by Joshua Colp, Mauri de Souza Meneguzzo | Site asterisk.org

Given a scenario where an outgoing call is placed from Asterisk to a remote SIP server it is possible for a crash to occur. The code responsible for negotiating SDP in SIP responses incorrectly assumes that SDP negotiation will always be successful. If a SIP response containing an SDP that can not be negotiated is received a subsequent SDP negotiation on the same call can cause a crash.

tags | advisory, remote
advisories | CVE-2021-26906
SHA-256 | a598689c226c0f0b2be7c0f2f5f641be7af78caf65f348109e0446002e06d18f

Related Files

Asterisk Project Security Advisory - AST-2017-002
Posted May 20, 2017
Authored by Sandro Gauci, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By overrunning the buffer, the memory allocation table becomes corrupted, leading to an eventual crash.

tags | advisory, remote, overflow
SHA-256 | 60ef218a0c056d6aec0776e903fa217b0958d9a103decc2e014f49f5d98412d9
Asterisk Project Security Advisory - AST-2017-001
Posted Apr 6, 2017
Authored by Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - No size checking is done when setting the user field on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. This allows the possibility of remote code injection.

tags | advisory, remote
SHA-256 | 4f394dc143a808e8b1929549291dac026ba69e8dc9fd92c43b3dff47220e1290
Asterisk Project Security Advisory - AST-2016-008
Posted Dec 9, 2016
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.

tags | advisory
SHA-256 | 2a073eeba4b82f770c34c9371cc94f0c63cbd409c8022691691eeb71c498ae9d
Asterisk Project Security Advisory - AST-2016-009
Posted Dec 8, 2016
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace.

tags | advisory
SHA-256 | 09dc558d0dc500657f84397b2183696f7dff962f91ac1d27039bfe9a9157f5a9
Asterisk Project Security Advisory - AST-2016-007 Update
Posted Oct 25, 2016
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - On September 8, the Asterisk development team released the AST-2016-007 security advisory. The security advisory involved an RTP resource exhaustion that could be targeted due to a flaw in the "allowoverlap" option of chan_sip. Due to new information presented to the Asterisk team by Walter Doekes, they have made updates to the advisory.

tags | advisory
SHA-256 | 570e74e1a02b9da9c957b15a54db607f1a0d2d9692d3bdfc29f57249f8d22599
Asterisk Project Security Advisory - AST-2016-007
Posted Sep 9, 2016
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - The overlap dialing feature in chan_sip allows chan_sip to report to a device that the number that has been dialed is incomplete and more digits are required. If this functionality is used with a device that has performed username/password authentication RTP resources are leaked. This occurs because the code fails to release the old RTP resources before allocating new ones in this scenario. If all resources are used then RTP port exhaustion will occur and no RTP sessions are able to be set up.

tags | advisory
SHA-256 | 97fcad4b2cc395997d99694e3df652f77ddb75c1bf9f3258efb47206a678a1c1
Asterisk Project Security Advisory - AST-2016-006
Posted Sep 9, 2016
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Asterisk can be crashed remotely by sending an ACK to it from an endpoint username that Asterisk does not recognize. Most SIP request types result in an "artificial" endpoint being looked up, but ACKs bypass this lookup. The resulting NULL pointer results in a crash when attempting to determine if ACLs should be applied. This issue was introduced in the Asterisk 13.10 release and only affects that release.

tags | advisory
SHA-256 | 4fed701bc3c34b63cb35edd8fe1f32e85f372f14481d360d07df779759acb717
Asterisk Project Security Advisory - AST-2016-005
Posted Apr 14, 2016
Authored by Mark Michelson, George Joseph | Site asterisk.org

Asterisk Project Security Advisory - PJProject has a limit on the number of TCP connections that it can accept. Furthermore, PJProject does not close TCP connections it accepts. By default, this value is approximately 60. An attacker can deplete the number of allowed TCP connections by opening TCP connections and sending no data to Asterisk. If PJProject has been compiled in debug mode, then once the number of allowed TCP connections has been depleted, the next attempted TCP connection to Asterisk will crash due to an assertion in PJProject. If PJProject has not been compiled in debug mode, then any further TCP connection attempts will be rejected. This makes Asterisk unable to process TCP SIP traffic. Note that this only affects TCP/TLS, since UDP is connectionless. Also note that this does not affect chan_sip.

tags | advisory, udp, tcp
SHA-256 | 122646434ef3ffdbf4f736e5ba7648af84f7dff43cfe57162960b91becc450fd
Asterisk Project Security Advisory - AST-2016-004
Posted Apr 14, 2016
Authored by Mark Michelson, George Joseph | Site asterisk.org

Asterisk Project Security Advisory - Asterisk may crash when processing an incoming REGISTER request if that REGISTER contains a Contact header with a lengthy URI. This crash will only happen for requests that pass authentication. Unauthenticated REGISTER requests will not result in a crash occurring. This vulnerability only affects Asterisk when using PJSIP as its SIP stack. The chan_sip module does not have this problem.

tags | advisory
SHA-256 | afafbceea5744913691ffdaa1e188cde546064b48141faa603d4ecb51464d088
Asterisk Project Security Advisory - AST-2016-003
Posted Feb 6, 2016
Authored by Richard Mudgett, Walter Dokes, Torrey Searle | Site asterisk.org

Asterisk Project Security Advisory - If no UDPTL packets are lost there is no problem. However, a lost packet causes Asterisk to use the available error correcting redundancy packets. If those redundancy packets have zero length then Asterisk uses an uninitialized buffer pointer and length value which can cause invalid memory accesses later when the packet is copied.

tags | advisory
SHA-256 | d61d75b2607cad2c038cf03c5bb97339a5ed2401ece282ee0a7010c19c84efbf
Asterisk Project Security Advisory - AST-2016-002
Posted Feb 6, 2016
Authored by Richard Mudgett, Alexander Traud | Site asterisk.org

Asterisk Project Security Advisory - Setting the sip.conf timert1 value to a value higher than 1245 can cause an integer overflow and result in large retransmit timeout times. These large timeout values hold system file descriptors hostage and can cause the system to run out of file descriptors.

tags | advisory, overflow
SHA-256 | c3a9d55b8722a6698270f1449a33fc8ad65f440df0576b6607a8cd998bdbc47e
Asterisk Project Security Advisory - AST-2016-001
Posted Feb 6, 2016
Authored by Joshua Colp, Alex A. Welzi | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk HTTP server currently has a default configuration which allows the BEAST vulnerability to be exploited if the TLS functionality is enabled. This can allow a man-in-the-middle attack to decrypt data passing through it.

tags | advisory, web
SHA-256 | 6c3e6ff53bbb942a49afc289970e7d998f9f519da49bdeaeadd6a6a039422b8e
Asterisk Project Security Advisory - AST-2015-003
Posted Apr 9, 2015
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected.

tags | advisory
advisories | CVE-2015-3008
SHA-256 | b08ef4b3d0f8ba0061a7cd3e5a8e37967a3286590dcc31a21c17c24ecb06371e
Asterisk Project Security Advisory - AST-2015-002
Posted Jan 29, 2015
Authored by Mark Michelson, Olle Johansson | Site asterisk.org

Asterisk Project Security Advisory - CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL() dialplan function), as well as its res_config_curl.so (cURL realtime backend) modules. Since Asterisk may be configured to allow for user-supplied URLs to be passed to libcURL, it is possible that an attacker could use Asterisk as an attack vector to inject unauthorized HTTP requests if the version of libcURL installed on the Asterisk server is affected by CVE-2014-8150.

tags | advisory, web
advisories | CVE-2014-8150
SHA-256 | 29b34a38aceb27270a9742ce1a2328d92a59cc3a2103a91b0fcb2d89ef89580a
Asterisk Project Security Advisory - AST-2015-001
Posted Jan 29, 2015
Authored by Mark Michelson, Y Ateya | Site asterisk.org

Asterisk Project Security Advisory - Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP ports that are allocated in the process are not reclaimed. This issue only affects the PJSIP channel driver in Asterisk. Users of the chan_sip channel driver are not affected. As the resources are allocated after authentication, this issue only affects communications with authenticated endpoints.

tags | advisory
SHA-256 | e9d6055114e8feed6c629f9b504bd51b2f5d85998f7eb3481512d7fdd54bfc05
Asterisk Project Security Advisory - AST-2014-019
Posted Dec 10, 2014
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - When handling a WebSocket frame the res_http_websocket module dynamically changes the size of the memory used to allow the provided payload to fit. If a payload length of zero was received the code would incorrectly attempt to resize to zero. This operation would succeed and end up freeing the memory but be treated as a failure. When the session was subsequently torn down this memory would get freed yet again causing a crash. Users of the WebSocket functionality also did not take into account that provided text frames are not guaranteed to be NULL terminated. This has been fixed in chan_sip and chan_pjsip in the applicable versions.

tags | advisory
SHA-256 | 1868539f0faf6bdd956adbc2ca0137de48c00afcc3285083d11a021aa2b17658
Asterisk Project Security Advisory - AST-2014-018
Posted Nov 21, 2014
Authored by Kevin Harwell, Gareth Palmer | Site asterisk.org

Asterisk Project Security Advisory - The DB dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation.

tags | advisory, protocol
SHA-256 | 5f6de459bd80960c973e40d53339c46b02b67d9db5559130f299530051f16340
Asterisk Project Security Advisory - AST-2014-017
Posted Nov 21, 2014
Authored by Kevin Harwell, Gareth Palmer | Site asterisk.org

Asterisk Project Security Advisory - The CONFBRIDGE dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation. Also, the AMI action "ConfbridgeStartRecord" could also be used to execute arbitrary system commands without first checking for system access.

tags | advisory, arbitrary, protocol
SHA-256 | eebc8eabd10dc9e3b8bc9523e239a9374c0d69bf823e68db757ae0b2b1368d33
Asterisk Project Security Advisory - AST-2014-016
Posted Nov 21, 2014
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - When handling an INVITE with Replaces message the res_pjsip_refer module incorrectly assumes that it will be operating on a channel that has just been created. If the INVITE with Replaces message is sent in-dialog after a session has been established this assumption will be incorrect. The res_pjsip_refer module will then hang up a channel that is actually owned by another thread. When this other thread attempts to use the just hung up channel it will end up using freed channel which will likely cause a crash.

tags | advisory
SHA-256 | 15a4222dbf1ccd2736fba02c722a20bb0de7e9d45367175f41e820c972765349
Asterisk Project Security Advisory - AST-2014-015
Posted Nov 21, 2014
Authored by Joshua Colp, Yaron Nahum | Site asterisk.org

Asterisk Project Security Advisory - The chan_pjsip channel driver uses a queue approach for actions relating to SIP sessions. There exists a race condition where actions may be queued to answer a session or send ringing AFTER a SIP session has been terminated using a CANCEL request. The code will incorrectly assume that the SIP session is still active and attempt to send the SIP response. The PJSIP library does not expect the SIP session to be in the disconnected state when sending the response and asserts.

tags | advisory
SHA-256 | 55c0f051137922494f6ce7feebfbe8e1ea4b9b2169a67c126fdff6d43bda124a
Asterisk Project Security Advisory - AST-2014-014
Posted Nov 21, 2014
Authored by Joshua Colp, Ben Klang | Site asterisk.org

Asterisk Project Security Advisory - The ConfBridge application uses an internal bridging API to implement conference bridges. This internal API uses a state model for channels within the conference bridge and transitions between states as different things occur. Under load it is possible for some state transitions to be delayed causing the channel to transition from being hung up to waiting for media. As the channel has been hung up remotely no further media will arrive and the channel will stay within ConfBridge indefinitely.

tags | advisory
SHA-256 | 84eb5f3fb7ddc9a0f5ee17c933a15f1ce01cc2ecc88d2c7325407f4bef03640b
Asterisk Project Security Advisory - AST-2014-013
Posted Nov 21, 2014
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk module res_pjsip_acl provides the ability to configure ACLs that may be used to reject SIP requests from various hosts. In affected versions of Asterisk, this module fails to create and apply ACLs defined in pjsip.conf. This may be worked around by reloading res_pjsip manually after res_pjsip_acl is loaded.

tags | advisory
SHA-256 | b3b03fb6b4fdfbb86b064255aefc3988d26b8846fa6491e95caf916c96308e46
Asterisk Project Security Advisory - AST-2014-012
Posted Nov 21, 2014
Authored by Andreas Steinmetz | Site asterisk.org

Asterisk Project Security Advisory - Many modules in Asterisk that service incoming IP traffic have ACL options ("permit" and "deny") that can be used to whitelist or blacklist address ranges. A bug has been discovered where the address family of incoming packets is only compared to the IP address family of the first entry in the list of access control rules. If the source IP address for an incoming packet is not of the same address family as the first ACL entry, that packet bypasses all ACL rules. For ACLs whose rules are all of the same address family, there is no issue.

tags | advisory
SHA-256 | d63dbc1f4a1555e213fdaf8b7170df0e1ef4f9f7d5de91107a8f9832f1027a68
Asterisk Project Security Advisory - AST-2014-011
Posted Oct 21, 2014
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - Asterisk suffered from the SSL POODLE vulnerability.

tags | advisory
advisories | CVE-2014-3566
SHA-256 | f3393b5e599a0d63b52314b6cb1f7808ffb0f59894dcb498c686d60e147cb6d3
Asterisk Project Security Advisory - AST-2014-010
Posted Sep 18, 2014
Authored by Matt Jordan, Philippe Lindheimer | Site asterisk.org

Asterisk Project Security Advisory - When an out of call message - delivered by either the SIP or PJSIP channel driver or the XMPP stack - is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the ReceiveFax dialplan application while using the res_fax_spandsp module. Note that this crash does not occur when using the res_fax_digium module. While this crash technically occurs due to a configuration issue, as attempting to receive a fax from a channel driver that only contains textual information will never succeed, the likelihood of having it occur is sufficiently high as to warrant this advisory.

tags | advisory
SHA-256 | 83253f08b336ac5b6aac9462d511a7478d879722c5b915b26d3b93cf9082d978
Page 1 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close