1249 matches found
FreeBSD : Multiple implementations -- DoS via hash algorithm collision (91be81e7-3fea-11e1-afc7-2c4138874f7d)
oCERT reports : A variety of programming languages suffer from a denial-of-service DoS condition against storage functions of key/value pairs in hash data structures, the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. The issue finds particul...
chrony multiple security vulnerabilities
Traffic amplification, resources exhaustion...
NTP Monitor List Scanner
This module identifies NTP servers which permit "monlist" queries and obtains the recent clients list. The monlist feature allows remote attackers to cause a denial of service traffic amplification via spoofed requests. The more clients there are in the list, the greater the amplification. This...
DNS Server Spoofed Request Amplification DDoS
The remote DNS server answers to any request. It is possible to query the name servers NS of the root zone '.' and get an answer that is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack...
Fedora 9 : asterisk-1.6.0-0.19.beta9.fc9 (2008-6853)
Security fixes for CVE-2008-3263 / AST-2008-010 and CVE-2008-3264 / AST-2008-011: AST-2008-010: Asterisk IAX 'POKE' resource exhaustion - http://downloads.digium.com/pub/security/AST-2008-010.html AST-2008-011: Traffic amplification in IAX2 firmware provisioning system -...
Server side request forgery (ssrf)
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers t...
CVE-2008-3264
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers t...
CVE-2008-3264
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers t...
CVE-2008-3264
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers t...
CVE-2008-3264
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers t...
Asterisk multiple security vulnerabilities
Traffic amplification, DoS with resouurces exhaustion...
Fedora 8 : asterisk-1.4.21.2-1.fc8 (2008-6676)
Update to 1.4.21.2 to fix CVE-2008-3263 / AST-2008-010 and CVE-2008-3264 / AST-2008-011. AST-2008-010: Asterisk IAX 'POKE' resource exhaustion - http://downloads.digium.com/pub/security/AST-2008-010.html AST-2008-011: Traffic amplification in IAX2 firmware provisioning system -...
Asterisk IAX2 FWDOWNL Request Spoofing Remote DoS
The firmware download protocol implemented in the version of Asterisk running on the remote host does not initiate a handshake. By spoofing an IAX2 FWDOWNL request, an unauthenticated, remote attacker may be able to leverage this issue to flood a third-party host with unwanted firmware packets fr...
Code injection
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service CPU consumption and network traffic amplification via a crafted SCTP packet...
CVE-2008-2090
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service CPU consumption and network traffic amplification via a crafted SCTP packet...
CVE-2008-2090
Affected software: Sun Solaris 10 (SCTP protocol implementation).Vulnerability: Unspecified SCTP handling could allow remote attackers to cause denial of service via crafted SCTP packets, leading to CPU consumption and network traffic amplification.Impact: CVSS base score 7.8 (HIGH) with network ...
Asterisk IAX2 Multiple Method Handshake Spoofing DoS
The version of Asterisk running on the remote host does not properly validate an IAX2 handshake. By spoofing NEW and ACK messages, an unauthenticated, remote attacker may be able to leverage this issue to flood a third-party host with packets from the affected host containing audio data. C Tenabl...
Asterisk IAX2报文放大远程拒绝服务漏洞
BUGTRAQ ID: 28901 CVECAN ID: CVE-2008-1897 Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。 Asterisk在处理呼叫的机制上存在漏洞,远程攻击者可能利用此漏洞对第三方机器执行拒绝服务攻击。 IAX2协议允许ICNEW报文启动呼叫。ICNEW报文是18字节长的UDP报文,而呼叫可能非常长,包含有很多数据。由于UDP是可以伪造的,因此远程攻击者可以在IAX2握手期间欺骗IAX2握手,导致Asterisk服务器向目标发送大量数据,造成网络堵塞。 Asterisk Asterisk 1.4.x Asterisk Asterisk...
DEBIAN-CVE-2008-1897
The IAX2 channel driver chaniax2 in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow...
Code injection
The IAX2 channel driver chaniax2 in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service traffic...