what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Asterisk 20.1.0 Denial Of Service
Posted Dec 15, 2023
Authored by Sandro Gauci | Site enablesecurity.com

When handling DTLS-SRTP for media setup, Asterisk version 20.1.0 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack.

tags | exploit, denial of service, protocol
advisories | CVE-2023-49786
SHA-256 | 64a70704bf3c592f3c715409a2cca70dea12a637204ffa690f04e1d61f8e5387

Related Files

Asterisk Project Security Advisory - AST-2012-011
Posted Jul 6, 2012
Authored by Nicolas Bouliane, Kinsey Moore | Site asterisk.org

Asterisk Project Security Advisory - If a single voicemail account is manipulated by two parties simultaneously, a condition can occur where memory is freed twice causing a crash.

tags | advisory
advisories | CVE-2012-3812
SHA-256 | c4c29da204c724036feeafa9e5d1fe5e12c23b551ecfc323429909297800ebda
Asterisk Project Security Advisory - AST-2012-010
Posted Jul 6, 2012
Authored by Terry Wilson, Steve Davies | Site asterisk.org

Asterisk Project Security Advisory - If Asterisk sends a re-invite and an endpoint responds to the re-invite with a provisional response but never sends a final response, then the SIP dialog structure is never freed and the RTP ports for the call are never released. If an attacker has the ability to place a call, they could create a denial of service by using all available RTP ports.

tags | advisory, denial of service
SHA-256 | 7393ac1f7dc8c09c81891ad81cc71a05d76badd9fadaf47998c0f0251965ab45
Secunia Security Advisory 49814
Posted Jul 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | b7947a87aac075fa7aa6e3df7d8e6620d59bd7ecd00abf0a98895f209630fd34
Secunia Security Advisory 49536
Posted Jun 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for asterisk. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
SHA-256 | d7dab50d2c2f61bcead75e0b46ceda71846c71685679e8751cbdc4c4122b1829
Gentoo Linux Security Advisory 201206-05
Posted Jun 21, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-5 - Multiple vulnerabilities in Asterisk might allow remote attackers to execute arbitrary code. Versions less than 1.8.12.1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2414, CVE-2012-2415, CVE-2012-2416, CVE-2012-2947, CVE-2012-2948
SHA-256 | 0549e3a73c1a5f9d04d3fd1dcc33fb9bb2ec602c6d3eb30b5168b211e879ae45
Secunia Security Advisory 49543
Posted Jun 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Asterisk, which can be exploited by malicious users to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | d4387e20b28b25a58d20faa8a02adfeb4c6fc46063d3df8b544c2d2f5b1ae0bc
Asterisk Project Security Advisory - AST-2012-009
Posted Jun 14, 2012
Authored by Matt Jordan, Christoph Hebeisen | Site asterisk.org

Asterisk Project Security Advisory - AST-2012-008 previously dealt with a denial of service attack exploitable in the Skinny channel driver that occurred when certain messages are sent after a previously registered station sends an Off Hook message. Unresolved in that patch is an issue in the Asterisk 10 releases, wherein, if a Station Key Pad Button Message is processed after an Off Hook message, the channel driver will inappropriately dereference a Null pointer. Similar to AST-2012-008, a remote attacker with a valid SCCP ID can can use this vulnerability by closing a connection to the Asterisk server when a station is in the "Off Hook" call state and crash the server.

tags | advisory, remote, denial of service
advisories | CVE-2012-3553
SHA-256 | fd0d2c21399e574d3381cbf0d6fbf99a5bd73c0e0a594da8126262e1f90d0130
Secunia Security Advisory 49469
Posted Jun 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for asterisk. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, debian
SHA-256 | 3a3c396f7b9456e9d99a5e7d160a2404fe6f7173067baa9c157d1e188d29b178
Debian Security Advisory 2493-1
Posted Jun 12, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2493-1 - Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-2947, CVE-2012-2948
SHA-256 | 21e8618cd5d616376fad6c256d487e6681705187c9bfa7fea9986649f72ace9b
Secunia Security Advisory 49303
Posted May 30, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | 55a31adfbf4607ca3c0793a47ce785e19497c42ca7ca2f22d9353e5916ae38ca
Asterisk Project Security Advisory - AST-2012-008
Posted May 29, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - A Null-pointer dereference has been identified in the SCCP (Skinny) channel driver of Asterisk. When an SCCP client closes its connection to the server, a pointer in a structure is set to Null. If the client was not in the on-hook state at the time the connection was closed, this pointer is later dereferenced. A remote attacker with a valid SCCP ID can can use this vulnerability by closing a connection to the Asterisk server in certain call states (e.g. "Off hook") to crash the server. Successful exploitation of this vulnerability would result in termination of the server, causing denial of service to legitimate users.

tags | advisory, remote, denial of service
advisories | CVE-2012-2948
SHA-256 | 0ffad12f4ee7638c64029cbf2387da33862ed3926680288d1303b12b6023069e
Asterisk Project Security Advisory - AST-2012-007
Posted May 29, 2012
Authored by Richard Mudgett | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the IAX2 channel driver if an established call is placed on hold without a suggested music class.

tags | advisory
advisories | CVE-2012-2947
SHA-256 | 58df312830538efb7064340b0ec5a2811f9dbc943e1ac2e4e461efa35a6bc391
Secunia Security Advisory 48941
Posted Apr 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for asterisk. This fixes multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, debian
SHA-256 | 6a77965d6ef54246083d94b49d8a40e2abec7ff8c4572739cf17a286a87b049c
Debian Security Advisory 2460-1
Posted Apr 25, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2460-1 - Several vulnerabilities were discovered in the Asterisk PBX and telephony toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-1183, CVE-2012-2414, CVE-2012-2415
SHA-256 | 90ac813962f844ca8939a8b64ac607c95c83938e1adac515d296dc2a4e24ef63
Secunia Security Advisory 48891
Posted Apr 24, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Asterisk and Asterisk Business Edition, which can be exploited by malicious users to cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
SHA-256 | 9a969e448a7aa14f5e60177f8c883f1af0dcce169e2b81efaa581f64427d5a99
Asterisk Project Security Advisory - AST-2012-006
Posted Apr 23, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if a SIP UPDATE request is processed within a particular window of time.

tags | advisory
SHA-256 | 2f5947f61b2053c1b2b1488965d4ff29d455c8f4c71b6f1e91940a3f62d70d5f
Asterisk Project Security Advisory - AST-2012-005
Posted Apr 23, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - In the Skinny channel driver, KEYPAD_BUTTON_MESSAGE events are queued for processing in a buffer allocated on the heap, where each DTMF value that is received is placed on the end of the buffer. Since the length of the buffer is never checked, an attacker could send sufficient KEYPAD_BUTTON_MESSAGE events such that the buffer is overrun.

tags | advisory, overflow
SHA-256 | 135fdb3c4091f47c3bd1cc61841154a28cbda243b8fb16a579ebff1ce30c23ef
Asterisk Project Security Advisory - AST-2012-004
Posted Apr 23, 2012
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - A user of the Asterisk Manager Interface can bypass a security check and execute shell commands when they lack permission to do so. Under normal conditions, a user should only be able to run shell commands if that user has System class authorization. Users could bypass this restriction by using the MixMonitor application with the originate action or by using either the GetVar or Status manager actions in combination with the SHELL and EVAL functions. The patch adds checks in each affected action to verify if a user has System class authorization. If the user does not have those authorizations, Asterisk rejects the action if it detects the use of any functions or applications that run system commands.

tags | advisory, shell
SHA-256 | 98ea67fda37608ee4b744ee6c51c819b2fd3cdd1838c33bc4c08c48b26462701
VOIP Hacking
Posted Apr 1, 2012
Authored by Akash Shukla

This is a short whitepaper on VOIP hacking. It more or less just goes over setting up Asterisk and using VOIP.

tags | paper
SHA-256 | b3ebb1cf6aa79e4c981bb06e29a0dc26c3ee2b93e82af855bf14cbd2c6fe6f4e
Gentoo Linux Security Advisory 201203-21
Posted Mar 29, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-21 - Multiple vulnerabilities have been found in Asterisk, the worst of which may allow execution of arbitrary code. Versions less than 1.8.10.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-1183, CVE-2012-1184
SHA-256 | d311ae7de3c27ad491e129a9dc8163032193f59e51d94143f2fbcdae8853d2d0
Secunia Security Advisory 48576
Posted Mar 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for asterisk. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
SHA-256 | ecc8616eb65dad7e3d6ca541fc4fea43caf5397588d92a7d13affbb6f986ac63
Secunia Security Advisory 48417
Posted Mar 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
SHA-256 | 7cc138745510fc246558f7fd7a25f30279304cdb35c2d13f8c9e052e107c5906
Asterisk Project Security Advisory - AST-2012-003
Posted Mar 16, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - An attacker attempting to connect to an HTTP session of the Asterisk Manager Interface can send an arbitrarily long string value for HTTP Digest Authentication. This causes a stack buffer overflow, with the possibility of remote code injection.

tags | advisory, remote, web, overflow
SHA-256 | e2f289b1d1ccc150638cf55526ad03a0ade669586f6824d9491acd1c5b1f3e05
Asterisk Project Security Advisory - AST-2012-002
Posted Mar 16, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - Asterisk suffers from an exploitable stack buffer overflow with locally defined data.

tags | advisory, overflow
SHA-256 | afe6cdb34e7dea854787ea6f21b9eaf0bb2776d9c897bab9bde9b63eb1091487
Secunia Security Advisory 48137
Posted Feb 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for asterisk. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, gentoo
SHA-256 | d10d20bab64506a533201fbe49baa7c1c88fab193ae042cb2a8c7512076636f4
Page 1 of 4
Back1234Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close