120 matches found
Digium Asterisk Skinny Channel NULL-Pointer Dereference (CVE-2012-2948)
A denial of service vulnerability has been reported in Digium Asterisk...
Asterisk Endpoint Provisional Response Parsing RTP Port Consumption Remote DoS (AST-2012-010)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote, authenticated attacker to exhaust the server of resources. If an endpoint sends a provisional response to the server's re-INVITE...
AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability
Asterisk Project Security Advisory - AST-2012-009 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Reported On May 30, 2012 Reported By Christoph Hebeisen,...
Asterisk Remote Crash Vulnerability in Skinny Channel Driver (AST-2012-008)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server. This issue could be exploited when the attacker has a valid SCCP Skinny ID and closes a connection when...
Digium Asterisk Management Interface Out-of-Bounds Stack Buffer Overflow
A buffer overflow vulnerability has been reported in Digium Asterisk...
Digium Asterisk SIP Channel Driver Denial Of Service (CVE-2011-4063)
A denial of service vulnerability has been reported in Digium Asterisk. The vulnerability is due to an error in Asterisk's SIP channel driver while handling malformed REGISTER requests. A remote attacker may exploit this vulnerability by sending a specially crafted REGISTER request to an affected...
Asterisk 1.8.4 SIP Username Enumeration
Asterisk, sip response permit username identification through use REGISTER Author: francesco.tornieri "At" verona-wireless.net Summary: Sip responses permit user identification Release Date: 25/05/2011 Criticality level: Low Impact: Information leak Software: Asterisk 1.8.4 I try it to an...
Digium Asterisk UDPTL Processing Heap Buffer Overflow
Asterisk is an open source software implementation of a telephone private branch exchange PBX. A remote, unauthenticated attacker can exploit this vulnerability to overflow the buffer and execute code on the vulnerable system. If code execution is unsuccessful, this can lead to a denial of servic...
Digium Asterisk Multiple Products IAX2 Handshake Denial of Service (CVE-2008-1897)
There exists a denial of service vulnerability in multiple Digium Asterisk products. The vulnerability is due to insufficient verification of ACK responses during IAX2 handshakes by the IAX2 protocol. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted message to...
Digium Asterisk IAX2 Call Number Denial Of Service (CVE-2009-2346)
A resource exhaustion based denial of service vulnerability exists in Digium's Asterisk. The vulnerability is due to a design weakness in the way Asterisk associates messages with the calls they belong to. An unauthenticated, remote attacker can exploit this vulnerability by sending a large numbe...
Asterisk Missing ACL Check Remote Security Bypass Vulnerability (AST-2009-007)
Asterisk is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk";...
Digium Asterisk SIP Invalid Response Code Denial of Service (CVE-2007-1594)
Asterisk is an open source software implementation of a telephone private branch exchange. Like any PBX, it allows a number of attached telephones to make calls to one another, and to connect to other telephone services including the public switched telephone network. Asterisk supports a wide ran...
Asterisk SIP Channel Driver DoS Vulnerability (AST-2009-005)
Asterisk is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk";...
[SECURITY] Fedora 9 Update: dahdi-tools-2.0.0-1.fc9
DAHDI stands for Digium Asterisk Hardware Device Interface. This package contains the userspace tools to configure the DAHDI kernel modules. DAHDI is the replacement for Zaptel, which must be renamed due to trademark issues...
Asterisk IAX2认证响应信息泄露漏洞
BUGTRAQ ID: 33174 CVECAN ID: CVE-2009-0041 Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。 Asterisk IAX2在认证期间对用户不存在的情况和错误口令的情况提供了不同的响应,这允许攻击者通过扫描主机确定特定的用户。 Asterisk Asterisk 1.6.x Asterisk Asterisk 1.4.x Asterisk Asterisk 1.2.x Asterisk Business Edition C.2.x.x Asterisk Business Edition C.1.x.x Asterisk...
Asterisk绕过呼叫认证漏洞
BUGTRAQ ID: 28310 CVECAN ID: CVE-2008-1332 Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。 Asterisk在处理呼叫选项时存在漏洞,远程攻击者可能利用此漏洞执行非授权操作。 远程攻击者可以通过SIP通道驱动使用无效的From头执行非授权呼叫,这种操作类似于SIP配置选项allowguest=yes,也就是带有特制From头的呼叫会发送给sip.conf的通用部分所指定环境中的PBX。 Asterisk Asterisk 1.4.x Asterisk Asterisk 1.2.x Asterisk Asterisk 1.0....
Preemptive Protection against Digium Asterisk SIP Invalid Response Code Denial of Service Vulnerability
A denial of service vulnerability has been discovered in Digium Asterisk. Asterisk is an open source telephone system. It supports a wide range of Voice over IP VOIP protocols, including SIP. SIP Session Initiation Protocol is a protocol that can establish, modify, and terminate numerous multimed...
Asterisk SIP T.38 SDP解析远程栈溢出漏洞
Asterisk是一款PBX系统的软件,运行在Linux系统上,支持使用SIP、IAX、H323协议进行IP通话。 Asterisk的SIP/SDP处理器中存在多个远程栈溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 如果所发送SIP报文中的SDP数据包含有超长的T38参数的话,就可以触发这个溢出,导致执行任意代码。这个漏洞是由chansip.c文件中的processsdp函数调用sscanf所导致的: else if sscanfa, "T38FaxRateManagement:%s", s == 1 found = 1; if optiondebug 2 astlogLOGDEBUG...
Two new DoS Vulnerabilities in Asterisk Fixed
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Digium have released fixes for two new DoS vulnerabilities in Asterisk today. Excerpt from 1.2.17: Along with minor bug fixes, this release incorporates a fix for the SIP DoS vulnerability recently discovered by INRIA Lorraine:...
Asterisk Skinny Channel Driver (chan_skinny) get_input Function Remote Overflow
The chanskinny channel driver included in the version of Asterisk running on the remote host does not properly validate the length header in incoming packets. An unauthenticated, remote attacker may be able to leverage this flaw to execute code on the affected host subject to the privileges under...