186 matches found
asterisk -- DOS Vulnerability in Asterisk chan_skinny
The Asterisk project reports: If the chanskinny AKA SCCP protocol channel driver is flooded with certain requests it can cause the asterisk process to use excessive amounts of virtual memory eventually causing asterisk to stop processing requests of any kind...
Asterisk 13.17.2~dfsg-2 Memory Exhaustion
Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Date and time of release: Nov, 15 2017 Found this and more exploits on my open source security project: http://www.exploitpack.com Tested on: Asterisk 13.17.2dfsg-2 Description: Asterisk is prone to a remote unauthenticated memory...
Digium Asterisk chan_skinny SCCP packet Denial of Service
A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to a processing flaw in the chanskinny SCCP packet processing module. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted SCCP packet to a vulnerable Asterisk server...
CVE-2017-9358
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion by message loggin...
Privilege escalation
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion by message loggin...
CVE-2017-9358
CVE-2017-9358 describes a memory exhaustion vulnerability in Asterisk Open Source. Affected versions are Asterisk Open Source 13.x before 13.15.1, 14.x before 14.4.1, and Certified Asterisk 13.13 before 13.13-cert4. The issue is triggered by specially crafted SCCP packets that cause an infinite l...
CVE-2017-9358
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion by message loggin...
CVE-2017-9358
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion by message loggin...
FreeBSD : asterisk -- Memory exhaustion on short SCCP packets (fab87bff-3ce5-11e7-bf9d-001999f8d30b)
The Asterisk project reports : A remote memory exhaustion can be triggered by sending an SCCP packet to Asterisk system with 'chanskinny' enabled that is larger than the length of the SCCP header but smaller than the packet length specified in the header. The loop that reads the rest of the packe...
asterisk -- Memory exhaustion on short SCCP packets
The Asterisk project reports: A remote memory exhaustion can be triggered by sending an SCCP packet to Asterisk system with "chanskinny" enabled that is larger than the length of the SCCP header but smaller than the packet length specified in the header. The loop that reads the rest of the packet...
Wireshark 0.99.8 - SCCP Dissector Decode As Feature Unspecified DoS
No description provided by source. source: http://www.securityfocus.com/bid/28485/info Wireshark is prone to multiple denial-of-service vulnerabilities. Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to...
FreeBSD Ports: asterisk10
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Asterisk Remote Crash Vulnerability in Skinny Channel Driver (AST-2012-009)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server. This issue could be exploited when the attacker has a valid SCCP Skinny ID and closes a connection when...
Fedora 17 : asterisk-10.5.1-1.fc17 (2012-9537)
The Asterisk Development Team has announced a security release for Asterisk 10. This security release is released as version 10.5.1. The release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of Asterisk 10.5.1 resolves the followi...
Null pointer dereference
chanskinny.c in the Skinny aka SCCP channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related...
AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability
Asterisk Project Security Advisory - AST-2012-009 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Reported On May 30, 2012 Reported By Christoph Hebeisen,...
Asterisk Remote Crash Vulnerability in Skinny Channel Driver (AST-2012-008)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server. This issue could be exploited when the attacker has a valid SCCP Skinny ID and closes a connection when...
AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability
Asterisk Project Security Advisory - AST-2012-008 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Reported On May 22, 2012 Reported By Christoph Hebeisen...
CVE-2012-0361
The sccp-protocol component in Cisco IP Communicator CIPC 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager CUCM, which allows remote attackers to cause a denial of service via vectors that trigger 1 on hook and 2 off hook messages, as demonstrated b...
Code injection
The sccp-protocol component in Cisco IP Communicator CIPC 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager CUCM, which allows remote attackers to cause a denial of service via vectors that trigger 1 on hook and 2 off hook messages, as demonstrated b...