693 matches found
CVE-2015-1558
Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service file descriptor consumption via an SDP offer containing only incompatible codecs...
Asterisk chan_pjsip Incompatible Codecs DoS (AST-2015-001)
According to its SIP banner, the version of Asterisk running on the remote host has a flaw in which it fails to reclaim allocated RTP ports whenever a connection is made to an authenticated endpoint whose SPD offers only codecs that are not allowed by Asterisk. An attacker could exploit this...
AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk Project Security Advisory - AST-2015-001 Product Asterisk Summary File descriptor leak when incompatible codecs are offered Nature of Advisory Resource exhaustion Susceptibility Remote Authenticated Sessions Severity Major Exploits Known No Reported On 6 January, 2015 Reported By Y Ateya...
FreeBSD : asterisk -- File descriptor leak when incompatible codecs are offered (2eeb6652-a7a6-11e4-96ba-001999f8d30b)
The Asterisk project reports : Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP...
Asterisk PJSIP Multiple Vulnerabilities (AST-2014-013 / AST-2014-015 / AST-2014-016)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following vulnerabilities in the PJSIP channel driver : - A security bypass vulnerability exists due to a flaw in the 'respjsipacl' module which may allow a remote attacke...
CVE-2014-8416
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the respjsiprefer module, allows remote attackers to cause a denial of service crash via an in-dialog INVITE with Replaces message, which triggers the channel to ...
DEBIAN-CVE-2014-8416
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the respjsiprefer module, allows remote attackers to cause a denial of service crash via an in-dialog INVITE with Replaces message, which triggers the channel to ...
CVE-2014-8413
The respjsipacl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules...
Design/Logic Flaw
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the respjsiprefer module, allows remote attackers to cause a denial of service crash via an in-dialog INVITE with Replaces message, which triggers the channel to ...
Design/Logic Flaw
The respjsipacl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules...
CVE-2014-8416
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the respjsiprefer module, allows remote attackers to cause a denial of service crash via an in-dialog INVITE with Replaces message, which triggers the channel to ...
CVE-2014-8413
The respjsipacl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules...
CVE-2014-8416
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the respjsiprefer module, allows remote attackers to cause a denial of service crash via an in-dialog INVITE with Replaces message, which triggers the channel to ...
CVE-2014-8416
CVE-2014-8416 is a use-after-free vulnerability in Asterisk’s PJSIP channel driver (res_pjsip_refer). The issue allows a remote attacker to crash the application via an in-dialog INVITE with a Replaces message, causing the channel to hang up. Affected products/versions stated: Asterisk Open Sourc...
CVE-2014-8416
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the respjsiprefer module, allows remote attackers to cause a denial of service crash via an in-dialog INVITE with Replaces message, which triggers the channel to ...
CVE-2014-8413
The respjsipacl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules...
AST-2014-013: PJSIP ACLs are not loaded on startup
Asterisk Project Security Advisory - AST-2014-013 Product Asterisk Summary PJSIP ACLs are not loaded on startup Nature of Advisory Unauthorized Access Susceptibility Remote unauthenticated sessions Severity Moderate Exploits Known No Reported On 28 October, 2014 Reported By Jonathan Rose Posted O...
AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver
Asterisk Project Security Advisory - AST-2014-015 Product Asterisk Summary Remote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On 30 October 2014 Reported By Yaron Nahum...
AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver
Asterisk Project Security Advisory - AST-2014-015 Product Asterisk Summary Remote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On 30 October 2014 Reported By Yaron Nahum...
Asterisk PJSIP Channel Driver DoS (AST-2014-009)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability in the PJSIP channel driver. This is due to a flaw in the 'respjsippubsub' module. The issue is triggered when handling a SIP SUBSCRIBE reque...