693 matches found
AST-2014-009: Remote crash based on malformed SIP subscription requests
Asterisk Project Security Advisory - AST-2014-009 Product Asterisk Summary Remote crash based on malformed SIP subscription requests Nature of Advisory Remotely triggered crash of Asterisk Susceptibility Remote authenticated sessions Severity Major Exploits Known No Reported On 30 July, 2014...
FreeBSD : asterisk -- Remotely triggered crash (e60d9e65-3f6b-11e4-ad16-001999f8d30b)
The Asterisk project reports : When an out of call message - delivered by either the SIP or PJSIP channel driver or the XMPP stack - is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the ReceiveFax dialplan application while using the resfaxspandsp module...
asterisk -- Remotely triggered crash
The Asterisk project reports: When an out of call message - delivered by either the SIP or PJSIP channel driver or the XMPP stack - is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the ReceiveFax dialplan application while using the resfaxspandsp module...
CVE-2014-4048
The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...
CVE-2014-4045
The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when subminexpiry is set to zero, allows remote attackers to cause a denial of service assertion failure and crash via an unsubscribe request when not subscribed to the device...
CVE-2014-4045
The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when subminexpiry is set to zero, allows remote attackers to cause a denial of service assertion failure and crash via an unsubscribe request when not subscribed to the device...
Design/Logic Flaw
The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when subminexpiry is set to zero, allows remote attackers to cause a denial of service assertion failure and crash via an unsubscribe request when not subscribed to the device...
Cross site request forgery (csrf)
The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...
CVE-2014-4048
The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...
CVE-2014-4048
The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...
CVE-2014-4048
CVE-2014-4048 affects the Asterisk Open Source PJSIP Channel Driver up to version 12.3.0. An attacker (remote, potentially after bypassing authentication per AST-2014-008) can terminate a subscription before it completes, triggering a SIP transaction timeout and causing a deadlock in the thread s...
CVE-2014-4045
The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when subminexpiry is set to zero, allows remote attackers to cause a denial of service assertion failure and crash via an unsubscribe request when not subscribed to the device...
CVE-2014-4045
The CVE-2014-4045 issue affects Asterisk Open Source 12.x prior to 12.3.1, in the PJSIP channel driver's Publish/Subscribe framework. When sub_min_expiry is zero, an unsubscribe request from a not-subscribed endpoint can trigger an assertion and crash (remote DoS). The documented remediation is t...
CVE-2014-4048
The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service deadlock by terminating a subscription request before it is complete, which triggers a SIP transaction timeout...
Asterisk PJSIP Channel Driver Multiple DoS Vulnerabilities (AST-2014-005 / AST-2014-008)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following denial of service vulnerabilities in the PJSIP channel driver : - A flaw exists in the publish / subscribe framework when an attempt to unsubscribe is made when...
AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework
Asterisk Project Security Advisory - AST-2014-005 Product Asterisk Summary Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On March 17, 2014 Reported...
AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions
Asterisk Project Security Advisory - AST-2014-008 Product Asterisk Summary Denial of Service in PJSIP Channel Driver Subscriptions Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Moderate Exploits Known No Reported On 28 May, 2014 Reported By Mark...
CVE-2014-2288
The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualifyfrequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service crash via a PJSIP endpoint that does not...
CVE-2014-2289
res/respjsipextenstate.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service crash via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference...
CVE-2014-2288
The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualifyfrequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service crash via a PJSIP endpoint that does not...