AST-2009-007: ACL not respected on SIP INVITE

Asterisk Project Security Advisory - AST-2009-007 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | ACL not respected on SIP INVITE |...

Cross site request forgery (csrf)

ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, allows remote attackers to cause a denial of service crash via a SIP INVITE request with an empty Call-Info header...

CVE-2009-3704

ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, allows remote attackers to cause a denial of service crash via a SIP INVITE request with an empty Call-Info header...

CVE-2009-3704

ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, allows remote attackers to cause a denial of service crash via a SIP INVITE request with an empty Call-Info header...

Pidgin: NULL pointer dereference by processing incomplete MSN SLP invite (DoS)

The msnslpsiprecv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an SLP invite message that lacks certain required fields, as...

Pidgin Multiple Denial Of Service Vulnerabilities (Windows)

This host has Pidgin installed and is prone to multiple Denial of Service vulnerabilities. Vulnerabilities Insight: - An error in libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple can trigger a NULL-pointer dereference when processing TOPIC messages which lack a topic string....

Null pointer dereference

The msnslpsiprecv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an SLP invite message that lacks certain required fields, as...

CVE-2009-3083

The msnslpsiprecv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an SLP invite message that lacks certain required fields, as...

DEBIAN-CVE-2009-3083

The msnslpsiprecv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an SLP invite message that lacks certain required fields, as...

CVE-2009-2051

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager aka CUCM, formerly CallManager 4.x, 5.x before 5.13g, 6.x before 6.14, and 7.x before 7.12 allow remote attackers to cause a denial of service device reload or...

Code injection

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager aka CUCM, formerly CallManager 4.x, 5.x before 5.13g, 6.x before 6.14, and 7.x before 7.12 allow remote attackers to cause a denial of service device reload or...

CVE-2009-2051

Summary: CVE-2009-2051 affects Cisco IOS (12.2–12.4, 15.0–15.1), Cisco IOS XE 2.5.x–2.6.x before 2.6.1, and CUCM 4.x–7.x, enabling remote attackers to trigger a DoS (device reload/voice-services outage) via a malformed SIP INVITE that calls sipSafeStrlen and overflows into a crash. The issue is d...

CVE-2009-2051

Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager aka CUCM, formerly CallManager 4.x, 5.x before 5.13g, 6.x before 6.14, and 7.x before 7.12 allow remote attackers to cause a denial of service device reload or...

Asterisk Pedantic模式SIP信道驱动INVITE头拒绝服务漏洞

BUGTRAQ ID: 34070 CVECAN ID: CVE-2009-0871 Asterisk是开放源码的软件PBX，支持各种VoIP协议和设备。 如果配置pedantic=yes的话，SIP信道驱动会对SIP回溯所接收到的INVITE执行额外的请求URI检查，检查中会对所发送的出站SIP INVITE头与接收到的SIP INVITE头做比较，检查代码假设所有情况下的每个头都不会为空，而实际上如果没有头的话，传送的值会为空，这可能在 sipuriparamscmp和sipuriheaderscmp函数中触发空指针引用。远程攻击者可以通过发送畸形的...

CVE-2009-0871

The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service crash via a SIP INVITE request without...

Null pointer dereference

The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service crash via a SIP INVITE request without...

Asterisk VoIP server DoS

NULL pointer dereference on empty SIP INVITE header...

msoffice-dos.txt

!usr/bin/perl -w Microsoft Communicator allows remote attackers to cause a denial of service memory consumption via a large number of SIP INVITE requests, which trigger the creation of many sessions. Refer: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5180...

Microsoft Office Communicator (SIP) Remote Denial of Service Exploit

Exploit for unknown platform in category dos / poc ==================================================================== Microsoft Office Communicator SIP Remote Denial of Service Exploit ==================================================================== !usr/bin/perl -w Microsoft Communicator...

Microsoft Office - Communicator SIP Remote Denial of Service

Microsoft Office - Communicator SIP Remote Denial of Service !usr/bin/perl -w Microsoft Communicator allows remote attackers to cause a denial of service memory consumption via a large number of SIP INVITE requests, which trigger the creation of many sessions. Refer:...