Lucene search
K

120 matches found

Check Point Advisories
Check Point Advisories
added 2012/08/27 12:0 a.m.15 views

Digium Asterisk Skinny Channel NULL-Pointer Dereference (CVE-2012-2948)

A denial of service vulnerability has been reported in Digium Asterisk...

6.2AI score0.02143EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/07/19 12:0 a.m.21 views

Asterisk Endpoint Provisional Response Parsing RTP Port Consumption Remote DoS (AST-2012-010)

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote, authenticated attacker to exhaust the server of resources. If an endpoint sends a provisional response to the server's re-INVITE...

4CVSS5.5AI score0.03197EPSS
Exploits0References3
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.62 views

AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability

Asterisk Project Security Advisory - AST-2012-009 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Reported On May 30, 2012 Reported By Christoph Hebeisen,...

4CVSS0.6AI score0.01728EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/06/14 12:0 a.m.26 views

Asterisk Remote Crash Vulnerability in Skinny Channel Driver (AST-2012-008)

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server. This issue could be exploited when the attacker has a valid SCCP Skinny ID and closes a connection when...

4CVSS5.5AI score0.02143EPSS
Exploits0References3
Check Point Advisories
Check Point Advisories
added 2012/05/28 12:0 a.m.3 views

Digium Asterisk Management Interface Out-of-Bounds Stack Buffer Overflow

A buffer overflow vulnerability has been reported in Digium Asterisk...

7.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2012/01/12 12:0 a.m.9 views

Digium Asterisk SIP Channel Driver Denial Of Service (CVE-2011-4063)

A denial of service vulnerability has been reported in Digium Asterisk. The vulnerability is due to an error in Asterisk's SIP channel driver while handling malformed REGISTER requests. A remote attacker may exploit this vulnerability by sending a specially crafted REGISTER request to an affected...

6.8CVSS6.1AI score0.0238EPSS
Exploits0
Packet Storm
Packet Storm
added 2011/05/26 12:0 a.m.28 views

Asterisk 1.8.4 SIP Username Enumeration

Asterisk, sip response permit username identification through use REGISTER Author: francesco.tornieri "At" verona-wireless.net Summary: Sip responses permit user identification Release Date: 25/05/2011 Criticality level: Low Impact: Information leak Software: Asterisk 1.8.4 I try it to an...

7.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2011/04/27 12:0 a.m.4 views

Digium Asterisk UDPTL Processing Heap Buffer Overflow

Asterisk is an open source software implementation of a telephone private branch exchange PBX. A remote, unauthenticated attacker can exploit this vulnerability to overflow the buffer and execute code on the vulnerable system. If code execution is unsuccessful, this can lead to a denial of servic...

8.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2010/07/19 12:0 a.m.17 views

Digium Asterisk Multiple Products IAX2 Handshake Denial of Service (CVE-2008-1897)

There exists a denial of service vulnerability in multiple Digium Asterisk products. The vulnerability is due to insufficient verification of ACK responses during IAX2 handshakes by the IAX2 protocol. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted message to...

4.3CVSS6.3AI score0.02743EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2010/03/03 12:0 a.m.3 views

Digium Asterisk IAX2 Call Number Denial Of Service (CVE-2009-2346)

A resource exhaustion based denial of service vulnerability exists in Digium's Asterisk. The vulnerability is due to a design weakness in the way Asterisk associates messages with the calls they belong to. An unauthenticated, remote attacker can exploit this vulnerability by sending a large numbe...

7.8CVSS6.1AI score0.02581EPSS
Exploits0
OpenVAS
OpenVAS
added 2009/10/28 12:0 a.m.17 views

Asterisk Missing ACL Check Remote Security Bypass Vulnerability (AST-2009-007)

Asterisk is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk";...

7.4AI score
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2009/10/18 12:0 a.m.22 views

Digium Asterisk SIP Invalid Response Code Denial of Service (CVE-2007-1594)

Asterisk is an open source software implementation of a telephone private branch exchange. Like any PBX, it allows a number of attached telephones to make calls to one another, and to connect to other telephone services including the public switched telephone network. Asterisk supports a wide ran...

7.8CVSS6.1AI score0.02617EPSS
Exploits0
OpenVAS
OpenVAS
added 2009/09/02 12:0 a.m.26 views

Asterisk SIP Channel Driver DoS Vulnerability (AST-2009-005)

Asterisk is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk";...

7.8CVSS6.2AI score0.06521EPSS
Exploits1References11
Fedora
Fedora
added 2009/02/13 4:56 a.m.32 views

[SECURITY] Fedora 9 Update: dahdi-tools-2.0.0-1.fc9

DAHDI stands for Digium Asterisk Hardware Device Interface. This package contains the userspace tools to configure the DAHDI kernel modules. DAHDI is the replacement for Zaptel, which must be renamed due to trademark issues...

5CVSS3.1AI score0.02715EPSS
Exploits1
seebug.org
seebug.org
added 2009/01/11 12:0 a.m.43 views

Asterisk IAX2认证响应信息泄露漏洞

BUGTRAQ ID: 33174 CVECAN ID: CVE-2009-0041 Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。 Asterisk IAX2在认证期间对用户不存在的情况和错误口令的情况提供了不同的响应,这允许攻击者通过扫描主机确定特定的用户。 Asterisk Asterisk 1.6.x Asterisk Asterisk 1.4.x Asterisk Asterisk 1.2.x Asterisk Business Edition C.2.x.x Asterisk Business Edition C.1.x.x Asterisk...

5CVSS0.4AI score0.02715EPSS
Exploits1
seebug.org
seebug.org
added 2008/03/21 12:0 a.m.62 views

Asterisk绕过呼叫认证漏洞

BUGTRAQ ID: 28310 CVECAN ID: CVE-2008-1332 Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。 Asterisk在处理呼叫选项时存在漏洞,远程攻击者可能利用此漏洞执行非授权操作。 远程攻击者可以通过SIP通道驱动使用无效的From头执行非授权呼叫,这种操作类似于SIP配置选项allowguest=yes,也就是带有特制From头的呼叫会发送给sip.conf的通用部分所指定环境中的PBX。 Asterisk Asterisk 1.4.x Asterisk Asterisk 1.2.x Asterisk Asterisk 1.0....

8.8CVSS1.1AI score0.02327EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2007/07/10 12:0 a.m.21 views

Preemptive Protection against Digium Asterisk SIP Invalid Response Code Denial of Service Vulnerability

A denial of service vulnerability has been discovered in Digium Asterisk. Asterisk is an open source telephone system. It supports a wide range of Voice over IP VOIP protocols, including SIP. SIP Session Initiation Protocol is a protocol that can establish, modify, and terminate numerous multimed...

7.8CVSS6.2AI score0.02617EPSS
Exploits0
seebug.org
seebug.org
added 2007/04/27 12:0 a.m.61 views

Asterisk SIP T.38 SDP解析远程栈溢出漏洞

Asterisk是一款PBX系统的软件,运行在Linux系统上,支持使用SIP、IAX、H323协议进行IP通话。 Asterisk的SIP/SDP处理器中存在多个远程栈溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 如果所发送SIP报文中的SDP数据包含有超长的T38参数的话,就可以触发这个溢出,导致执行任意代码。这个漏洞是由chansip.c文件中的processsdp函数调用sscanf所导致的: else if sscanfa, "T38FaxRateManagement:%s", s == 1 found = 1; if optiondebug 2 astlogLOGDEBUG...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/03/22 12:0 a.m.30 views

Two new DoS Vulnerabilities in Asterisk Fixed

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Digium have released fixes for two new DoS vulnerabilities in Asterisk today. Excerpt from 1.2.17: Along with minor bug fixes, this release incorporates a fix for the SIP DoS vulnerability recently discovered by INRIA Lorraine:...

0.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/10/19 12:0 a.m.111 views

Asterisk Skinny Channel Driver (chan_skinny) get_input Function Remote Overflow

The chanskinny channel driver included in the version of Asterisk running on the remote host does not properly validate the length header in incoming packets. An unauthenticated, remote attacker may be able to leverage this flaw to execute code on the affected host subject to the privileges under...

7.5CVSS5.9AI score0.84962EPSS
Exploits1References3
Rows per page
Query Builder