Lucene search
K

186 matches found

freebsd
freebsd
added 2017/11/30 12:0 a.m.26 views

asterisk -- DOS Vulnerability in Asterisk chan_skinny

The Asterisk project reports: If the chanskinny AKA SCCP protocol channel driver is flooded with certain requests it can cause the asterisk process to use excessive amounts of virtual memory eventually causing asterisk to stop processing requests of any kind...

7.5CVSS7.7AI score0.81511EPSS
Exploits4References1
packetstorm
packetstorm
added 2017/11/29 12:0 a.m.35 views

Asterisk 13.17.2~dfsg-2 Memory Exhaustion

Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Date and time of release: Nov, 15 2017 Found this and more exploits on my open source security project: http://www.exploitpack.com Tested on: Asterisk 13.17.2dfsg-2 Description: Asterisk is prone to a remote unauthenticated memory...

0.4AI score
Exploits0
checkpoint_advisories
checkpoint_advisories
added 2017/06/11 12:0 a.m.3 views

Digium Asterisk chan_skinny SCCP packet Denial of Service

A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to a processing flaw in the chanskinny SCCP packet processing module. A remote unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted SCCP packet to a vulnerable Asterisk server...

4.1AI score
Exploits0
ubuntucve
ubuntucve
added 2017/06/02 5:29 a.m.21 views

CVE-2017-9358

A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion by message loggin...

7.5CVSS7AI score0.02819EPSS
Exploits0References3
prion
prion
added 2017/06/02 5:29 a.m.17 views

Privilege escalation

A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion by message loggin...

5CVSS6.9AI score0.02819EPSS
Exploits0References4Affected Software2
cve
cve
added 2017/06/02 5:4 a.m.65 views

CVE-2017-9358

CVE-2017-9358 describes a memory exhaustion vulnerability in Asterisk Open Source. Affected versions are Asterisk Open Source 13.x before 13.15.1, 14.x before 14.4.1, and Certified Asterisk 13.13 before 13.13-cert4. The issue is triggered by specially crafted SCCP packets that cause an infinite l...

7.5CVSS7.3AI score0.02819EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2017/06/02 5:4 a.m.25 views

CVE-2017-9358

A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion by message loggin...

7.4AI score0.02819EPSS
Exploits0References4
debiancve
debiancve
added 2017/06/02 5:4 a.m.43 views

CVE-2017-9358

A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion by message loggin...

7.5CVSS7.3AI score0.02819EPSS
Exploits0
nessus
nessus
added 2017/05/22 12:0 a.m.22 views

FreeBSD : asterisk -- Memory exhaustion on short SCCP packets (fab87bff-3ce5-11e7-bf9d-001999f8d30b)

The Asterisk project reports : A remote memory exhaustion can be triggered by sending an SCCP packet to Asterisk system with 'chanskinny' enabled that is larger than the length of the SCCP header but smaller than the packet length specified in the header. The loop that reads the rest of the packe...

5.5AI score
Exploits0References2
freebsd
freebsd
added 2017/04/13 12:0 a.m.15 views

asterisk -- Memory exhaustion on short SCCP packets

The Asterisk project reports: A remote memory exhaustion can be triggered by sending an SCCP packet to Asterisk system with "chanskinny" enabled that is larger than the length of the SCCP header but smaller than the packet length specified in the header. The loop that reads the rest of the packet...

0.9AI score
Exploits0References1
seebug
seebug
added 2014/07/01 12:0 a.m.8 views

Wireshark 0.99.8 - SCCP Dissector Decode As Feature Unspecified DoS

No description provided by source. source: http://www.securityfocus.com/bid/28485/info Wireshark is prone to multiple denial-of-service vulnerabilities. Exploiting these issues may allow attackers to cause crashes and deny service to legitimate users of the application. Attackers may be able to...

7.1AI score
Exploits0
openvas
openvas
added 2012/08/10 12:0 a.m.27 views

FreeBSD Ports: asterisk10

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

4CVSS6.3AI score0.01728EPSS
Exploits0References3
nessus
nessus
added 2012/06/26 12:0 a.m.48 views

Asterisk Remote Crash Vulnerability in Skinny Channel Driver (AST-2012-009)

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server. This issue could be exploited when the attacker has a valid SCCP Skinny ID and closes a connection when...

4CVSS5.5AI score0.01728EPSS
Exploits0References2
nessus
nessus
added 2012/06/26 12:0 a.m.27 views

Fedora 17 : asterisk-10.5.1-1.fc17 (2012-9537)

The Asterisk Development Team has announced a security release for Asterisk 10. This security release is released as version 10.5.1. The release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of Asterisk 10.5.1 resolves the followi...

4CVSS5.6AI score0.01728EPSS
Exploits0References8
prion
prion
added 2012/06/19 8:55 p.m.20 views

Null pointer dereference

chanskinny.c in the Skinny aka SCCP channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related...

4CVSS6.4AI score0.02143EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2012/06/17 12:0 a.m.62 views

AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability

Asterisk Project Security Advisory - AST-2012-009 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Reported On May 30, 2012 Reported By Christoph Hebeisen,...

4CVSS0.6AI score0.01728EPSS
Exploits0
nessus
nessus
added 2012/06/14 12:0 a.m.26 views

Asterisk Remote Crash Vulnerability in Skinny Channel Driver (AST-2012-008)

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server. This issue could be exploited when the attacker has a valid SCCP Skinny ID and closes a connection when...

4CVSS5.5AI score0.02143EPSS
Exploits0References3
securityvulns
securityvulns
added 2012/05/31 12:0 a.m.72 views

AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability

Asterisk Project Security Advisory - AST-2012-008 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Reported On May 22, 2012 Reported By Christoph Hebeisen...

4CVSS0.3AI score0.02143EPSS
Exploits0
nvd
nvd
added 2012/05/02 10:9 a.m.12 views

CVE-2012-0361

The sccp-protocol component in Cisco IP Communicator CIPC 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager CUCM, which allows remote attackers to cause a denial of service via vectors that trigger 1 on hook and 2 off hook messages, as demonstrated b...

5CVSS6.5AI score0.01218EPSS
Exploits0References2
prion
prion
added 2012/05/02 10:9 a.m.11 views

Code injection

The sccp-protocol component in Cisco IP Communicator CIPC 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager CUCM, which allows remote attackers to cause a denial of service via vectors that trigger 1 on hook and 2 off hook messages, as demonstrated b...

5CVSS7.1AI score0.01218EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder