12 matches found
EUVD-2011-2519
Malware in sbrugna...
asterisk -- Crash in PJSIP resource when missing a contact header
The Asterisk project reports: A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and using the PJSIP channel driver, it would cause Asterisk to crash. The severity of this vulnerability is...
CVE-2013-5642
The SIP channel driver channels/chansip.c in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote...
Asterisk Detection
One or more Asterisk SIP services are listening on the remote host. This is an indication that Asterisk PBX is running on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid63202; scriptversion"1.7"; scriptsetattributeattribute:"pluginmodificationdate",...
Asterisk SIP processing security vulnerabilities
DoS, information leakage...
CVE-2011-2536
chansip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending o...
Asterisk buffer overflow
Buffer overflow in SIP Caller ID...
Asterisk 1.2.x - SIP channel driver in pedantic mode Remote Crash
Asterisk 1.2.x - SIP channel driver in pedantic mode Remote Crash !/usr/bin/perl -w asterisk AST-2008-008 by [email protected] AST-2008-008 - Remote Crash Vulnerability in SIP channel driver when run in pedantic mode use Getopt::Std; use IO::Socket; use strict; my %args; getopts"h:p:",...
Asterisk SIP Also transfer DoS
NULL pointer dereference on BYE message parsing...
CVE-2007-4455
The SIP channel driver chansip in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i Asterisk Appliance 1.x before 1.0.3 allows remote attackers to cause a denial of service memory exhaustion via a SIP dialog that cause...
CVE-2007-1306
Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service crash by sending a Session Initiation Protocol SIP packet without a URI and SIP-version header, which results in a NULL pointer dereference...
DEBIAN-CVE-2003-0761
Buffer overflow in the getmsgtext of chansip.c in the Session Initiation Protocol SIP protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain 1 MESSAGE or 2 INFO requests...