what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

Asterisk Project Security Advisory - AST-2021-005
Posted Feb 19, 2021
Authored by Joshua Colp, Mauri de Souza Meneguzzo | Site asterisk.org

Given a scenario where an outgoing call is placed from Asterisk to a remote SIP server it is possible for a crash to occur. The code responsible for negotiating SDP in SIP responses incorrectly assumes that SDP negotiation will always be successful. If a SIP response containing an SDP that can not be negotiated is received a subsequent SDP negotiation on the same call can cause a crash.

tags | advisory, remote
advisories | CVE-2021-26906
SHA-256 | a598689c226c0f0b2be7c0f2f5f641be7af78caf65f348109e0446002e06d18f

Related Files

Asterisk Project Security Advisory - AST-2012-006
Posted Apr 23, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if a SIP UPDATE request is processed within a particular window of time.

tags | advisory
SHA-256 | 2f5947f61b2053c1b2b1488965d4ff29d455c8f4c71b6f1e91940a3f62d70d5f
Asterisk Project Security Advisory - AST-2012-005
Posted Apr 23, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - In the Skinny channel driver, KEYPAD_BUTTON_MESSAGE events are queued for processing in a buffer allocated on the heap, where each DTMF value that is received is placed on the end of the buffer. Since the length of the buffer is never checked, an attacker could send sufficient KEYPAD_BUTTON_MESSAGE events such that the buffer is overrun.

tags | advisory, overflow
SHA-256 | 135fdb3c4091f47c3bd1cc61841154a28cbda243b8fb16a579ebff1ce30c23ef
Asterisk Project Security Advisory - AST-2012-004
Posted Apr 23, 2012
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - A user of the Asterisk Manager Interface can bypass a security check and execute shell commands when they lack permission to do so. Under normal conditions, a user should only be able to run shell commands if that user has System class authorization. Users could bypass this restriction by using the MixMonitor application with the originate action or by using either the GetVar or Status manager actions in combination with the SHELL and EVAL functions. The patch adds checks in each affected action to verify if a user has System class authorization. If the user does not have those authorizations, Asterisk rejects the action if it detects the use of any functions or applications that run system commands.

tags | advisory, shell
SHA-256 | 98ea67fda37608ee4b744ee6c51c819b2fd3cdd1838c33bc4c08c48b26462701
Asterisk Project Security Advisory - AST-2012-003
Posted Mar 16, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - An attacker attempting to connect to an HTTP session of the Asterisk Manager Interface can send an arbitrarily long string value for HTTP Digest Authentication. This causes a stack buffer overflow, with the possibility of remote code injection.

tags | advisory, remote, web, overflow
SHA-256 | e2f289b1d1ccc150638cf55526ad03a0ade669586f6824d9491acd1c5b1f3e05
Asterisk Project Security Advisory - AST-2012-002
Posted Mar 16, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - Asterisk suffers from an exploitable stack buffer overflow with locally defined data.

tags | advisory, overflow
SHA-256 | afe6cdb34e7dea854787ea6f21b9eaf0bb2776d9c897bab9bde9b63eb1091487
Asterisk Project Security Advisory - AST-2011-013
Posted Dec 9, 2011
Authored by Terry Wilson | Site asterisk.org

Asterisk Project Security Advisory - It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and 1.6.2, this would mean if one setting was nat=yes or nat=route and the other was either nat=no or nat=never. In 1.8 and 10, this would mean when one was nat=force_rport or nat=yes and the other was nat=no or nat=comedia.

tags | advisory
SHA-256 | dde4d639d451106635a87c7b3b2c41c2b6129d36252423186294aad787478c61
Asterisk Project Security Advisory - AST-2011-014
Posted Dec 9, 2011
Authored by Terry Wilson | Site asterisk.org

Asterisk Project Security Advisory - Asterisk suffers from a denial of service vulnerability. When the "automon" feature is enabled in features.conf, it is possible to send a sequence of SIP requests that cause Asterisk to dereference a NULL pointer and crash.

tags | advisory, denial of service
SHA-256 | 764385423a3949867f23f34eab90bf1bd82d2c863303fda2cdc21b2469443b1c
Asterisk Project Security Advisory - AST-2011-012
Posted Oct 17, 2011
Authored by Terry Wilson | Site asterisk.org

Asterisk Project Security Advisory - The SIP channel driver allows a remote authenticated user that ability to cause a crash with a malformed request due to an uninitialized variable.

tags | advisory, remote
advisories | CVE-2011-4063
SHA-256 | b509eac1a7bd80f502154119179b97cc5f8a658de84afa82695934841ff6a9f2
Asterisk Project Security Advisory - AST-2011-011
Posted Jun 29, 2011
Authored by Terry Wilson | Site asterisk.org

Asterisk Project Security Advisory - Asterisk may respond differently to SIP requests from an invalid SIP user than it does to a user configured on the system, even when the alwaysauthreject option is set in the configuration. This can leak information about what SIP users are valid on the Asterisk system.

tags | advisory
advisories | CVE-2011-2536
SHA-256 | 5b60a5f0651dd793f221422ae84407ad379322998ba39d3b47a0a855e825710d
Asterisk Project Security Advisory - AST-2011-007
Posted Jun 3, 2011
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - If a remote user initiates a SIP call and the recipient picks up, the remote user can reply with a malformed Contact header that Asterisk will improperly handle and cause a crash due to a segmentation fault.

tags | advisory, remote
advisories | CVE-2011-2216
SHA-256 | c571c19d564846b6e1ecb5b41d7e710e95aaede9cc69e13f64613da97587d97d
Asterisk Project Security Advisory - AST-2011-006
Posted Apr 22, 2011
Authored by Matthew Nicholson | Site asterisk.org

Asterisk Project Security Advisory - It is possible for a user of the Asterisk Manager Interface to bypass a security check and execute shell commands when they should not have that ability. Sending the "Async" header with the "Application" header during an Originate action, allows authenticated manager users to execute shell commands. Only users with the "system" privilege should be able to do this.

tags | advisory, shell
SHA-256 | 31ede85ee7d0cff21021d4dd6f89dfc438a48a6a387fbe72033246f6071a6e17
Asterisk Project Security Advisory - AST-2011-005
Posted Apr 21, 2011
Authored by Tzafrir Cohen | Site asterisk.org

Asterisk Project Security Advisory - On systems that have the Asterisk Manager Interface, Skinny, SIP over TCP, or the built in HTTP server enabled, it is possible for an attacker to open as many connections to asterisk as he wishes. This will cause Asterisk to run out of available file descriptors and stop processing any new calls. Additionally, disk space can be exhausted as Asterisk logs failures to open new file descriptors.

tags | advisory, web, tcp
advisories | CVE-2011-1507
SHA-256 | 471ce01d238810bef4b672c13bed60968aa25283433c449bf7c0a05b6b29d2ae
Asterisk TCP/TLS Server Remote Crash
Posted Mar 17, 2011
Authored by Blake Cornell, Chris Maj | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk TCP/TLS server suffers from a denial of service vulnerability. Versions 1.6.1.x, 1.6.2.x, and 1.8.x are all affected.

tags | advisory, denial of service, tcp
SHA-256 | 42a118e4489814c5c7daf24ff15ffb8353da113d792cafa89fca1e91546ce0d5
Asterisk Resource Exhaustion In Manager Interface
Posted Mar 17, 2011
Authored by Blake Cornell | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk Manager Interface suffers from a denial of service vulnerability. Versions 1.6.1.x, 1.6.2.x, and 1.8.x are all affected.

tags | advisory, denial of service
SHA-256 | 7b52fcf7d91688180fe75c1cbbd43b18bd7fd00850636319d9f26ecd4c9416b7
Asterisk Project Security Advisory - AST-2011-002
Posted Feb 22, 2011
Authored by Matthew Nicholson | Site asterisk.org

Asterisk Project Security Advisory - When decoding UDPTL packets, multiple stack and heap based arrays can be made to overflow by specially crafted packets. Systems doing T.38 pass through or termination are vulnerable.

tags | advisory, overflow
SHA-256 | 9b947dd4fce8b8d4d6dc7c6bc47a02bc75f6c9d8097ebaa822eda51e67ad2705
Asterisk Project Security Advisory - AST-2011-001
Posted Jan 18, 2011
Authored by Matthew Nicholson | Site asterisk.org

Asterisk Project Security Advisory - When forming an outgoing SIP request while in pedantic mode, a stack buffer can be made to overflow if supplied with carefully crafted caller ID information. This vulnerability also affects the URIENCODE dialplan function and in some versions of asterisk, the AGI dialplan application as well. The ast_uri_encode function does not properly respect the size of its output buffer and can write past the end of it when encoding URIs.

tags | advisory, overflow
SHA-256 | caddb62e55ea8e3118ad497b8c0c7b872b631262ea738692d4e6d87bdccb05d9
Asterisk Project Security Advisory - AST-2010-003
Posted Feb 26, 2010
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Host access rules using permit= and deny= configurations behave unpredictably if the CIDR notation /0 is used. Depending on the system's behavior, this may act as desired, but in other cases it might not, thereby allowing access from hosts that should be denied.

tags | advisory
SHA-256 | 1b93b33da3d5184c379547d81b5050d83dfdbc328a9e859576be03060c04eeb1
Asterisk Project Security Advisory - AST-2010-002
Posted Feb 20, 2010
Authored by Leif Madsen | Site asterisk.org

Asterisk Project Security Advisory - A common usage of the ${EXTEN} channel variable in a dialplan with wildcard pattern matches can lead to a possible string injection vulnerability. By having a wildcard match in a dialplan, it is possible to allow unintended calls to be executed.

tags | advisory
SHA-256 | 6df03db49a5dc8aa44b7bba96539f3b628e043d7efe241ee610ebdeb0bc96e1b
Asterisk Project Security Advisory - AST-2010-001
Posted Feb 3, 2010
Authored by David Vossel | Site asterisk.org

Asterisk Project Security Advisory - An attacker attempting to negotiate T.38 over SIP can remotely crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain either a negative or exceptionally large value. The same crash occurs when the FaxMaxDatagram field is omitted from the SDP as well.

tags | advisory
advisories | CVE-2010-0441
SHA-256 | e389de5a471316312db8c85329ef64fc51d31e57f6900226fbee9f94d1d8b6de
Asterisk Project Security Advisory - AST-2009-010
Posted Dec 1, 2009
Authored by David Vossel | Site asterisk.org

Asterisk Project Security Advisory - An attacker sending a valid RTP comfort noise payload containing a data length of 24 bytes or greater can remotely crash Asterisk.

tags | advisory
advisories | CVE-2009-4055
SHA-256 | 36b56a28380039e2532e434853000794f007a636a0fa262cd6df0be8b4ee65e2
Asterisk Project Security Advisory - AST-2009-009
Posted Nov 5, 2009
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - Asterisk includes a demonstration AJAX based manager interface, ajamdemo.html which uses the prototype.js framework. An issue was uncovered in this framework which could allow someone to execute a cross-site AJAX request exploit.

tags | advisory
advisories | CVE-2008-7220
SHA-256 | e86a0ecb6a897bcb9f1220e85d46af735a82bc2ef2a6208e6cc14a3c6f4996dd
Asterisk Project Security Advisory - AST-2009-008
Posted Nov 5, 2009
Authored by Joshua Colp | Site asterisk.org

Asterisk Project Security Advisory - It is possible to determine if a peer with a specific name is configured in Asterisk by sending a specially crafted REGISTER message twice. The username that is to be checked is put in the user portion of the URI in the To header. A bogus non-matching value is put into the username portion of the Digest in the Authorization header. If the peer does exist the second REGISTER will receive a response of "403 Authentication user name does not match account name". If the peer does not exist the response will be "404 Not Found" if alwaysauthreject is disabled and "401 Unauthorized" if alwaysauthreject is enabled.

tags | advisory
SHA-256 | 3634bc8c6b1fcdae106d21b04636f67125dbeb10fda75b29b1244e3e1cd34bf0
Asterisk Project Security Advisory - AST-2009-007
Posted Oct 26, 2009
Authored by Jeff Peeler | Site asterisk.org

Asterisk Project Security Advisory - A missing ACL check for handling SIP INVITEs allows a device to make calls on networks intended to be prohibited as defined by the "deny" and "permit" lines in sip.conf. The ACL check for handling SIP registrations was not affected.

tags | advisory
SHA-256 | a028170ecb278eb6b1813a2f959521f86bee010953bfc98dd29af7dda75eda1c
Asterisk Project Security Advisory - AST-2009-006
Posted Sep 4, 2009
Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - The IAX2 protocol uses a call number to associate messages with the call that they belong to. However, the protocol defines the call number field in messages as a fixed size 15 bit field. So, if all call numbers are in use, no additional sessions can be handled. A call number gets created at the start of an IAX2 message exchange. So, an attacker can send a large number of messages and consume the call number space. The attack is also possible using spoofed source IP addresses as no handshake is required before a call number is assigned.

tags | advisory, spoof, protocol
advisories | CVE-2009-2346
SHA-256 | b9b863efb0b85644076d3c974b98ce74f39e463464e8e6c41b443200a78dd088
Asterisk Project Security Advisory - Driver Crash
Posted Aug 11, 2009
Authored by Tilghman Lesher | Site asterisk.org

Asterisk Project Security Advisory - On certain implementations of libc, the scanf family of functions uses an unbounded amount of stack memory to repeatedly allocate string buffers prior to conversion to the target type. Coupled with Asterisk's allocation of thread stack sizes that are smaller than the default, an attacker may exhaust stack memory in the SIP stack network thread by presenting excessively long numeric strings in various fields.

tags | advisory
advisories | CVE-2009-2726
SHA-256 | b1dc46b65ba0899d179d5df802c216ac411cd9b7c37c701cd854541313c4d1e2
Page 3 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close