16 matches found
Debian DLA-1225-1 : asterisk security update
A vulnerability has been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in resource exhaustion and denial of service. CVE-2017-17090: memory leak from chanskinny. If the chanskinny AKA SCCP protocol channel driver is flooded with certain requests it can cause t...
Asterisk DoS Vulnerability
Asterisk is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk"; if...
Code injection
An issue was discovered in chanskinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chanskinny aka SCCP protocol channel driver is flooded with certain requests, it can cause the asterisk process to use...
CVE-2017-17090
CVE-2017-17090 affects the chan_skinny (SCCP) driver in Asterisk, where flooding the channel driver with certain requests can exhaust VM memory and cause the process to stop handling requests. Public details include both exploitation references (Exploit-DB entry for 13.17.2) and multiple vendor a...
asterisk -- DOS Vulnerability in Asterisk chan_skinny
The Asterisk project reports: If the chanskinny AKA SCCP protocol channel driver is flooded with certain requests it can cause the asterisk process to use excessive amounts of virtual memory eventually causing asterisk to stop processing requests of any kind...
FreeBSD : asterisk -- Memory exhaustion on short SCCP packets (fab87bff-3ce5-11e7-bf9d-001999f8d30b)
The Asterisk project reports : A remote memory exhaustion can be triggered by sending an SCCP packet to Asterisk system with 'chanskinny' enabled that is larger than the length of the SCCP header but smaller than the packet length specified in the header. The loop that reads the rest of the packe...
Asterisk < 1.2.22 / 1.4.8 / 2.2.1 chan_skinny Remote Denial of Service
No description provided by source. / AstKilla2.c gcc -o astkilla2 astkilla2.c ./astkilla2 -h 216.246.. In no event will the author of this source be liable for any loss or damage of a material or immaterial nature arising from access to, use or non-use of published information, or from misuse of...
Asterisk <= 1.0.12 / 1.2.12.1 (chan_skinny) Remote Heap Overflow (PoC)
No description provided by source. !/usr/bin/perl Beyond Security Copyright Noam Rathaus [email protected] The following proof of concept causes the chanskippy to crash in different locations and due to memory corruption as well as double free calls, this is based on the finding of...
Asterisk < 1.2.22 / 1.4.8 / 2.2.1 chan_skinny Remote Denial of Service
No description provided by source. / AstKilla2.c gcc -o astkilla2 astkilla2.c ./astkilla2 -h 216.246.. In no event will the author of this source be liable for any loss or damage of a material or ...
CVE-2007-3764
CVE-2007-3764 affects the Skinny channel driver (chan_skinny) in Asterisk and related builds (Asterisk 1.2.x/1.4.x, Business Edition, AsteriskNOW, Appliance Developer Kit, s800i). The flaw is triggered by a crafted packet with an incorrect data length value, causing an
Asterisk 1.2.221.4.82.2.1 - chan_skinny Remote Denial of Service
Asterisk 1.2.221.4.82.2.1 - chanskinny Remote Denial of Service / AstKilla2.c gcc -o astkilla2 astkilla2.c ./astkilla2 -h 216.246.. In no event will the author of this source be liable for any loss or damage of a material or immaterial nature arising from access to, use or non-use of published...
Asterisk < 1.2.22/1.4.8/2.2.1 - 'chan_skinny' Remote Denial of Service
/ AstKilla2.c gcc -o astkilla2 astkilla2.c ./astkilla2 -h 216.246.. In no event will the author of this source be liable for any loss or damage of a material or immaterial nature arising from access to, use or non-use of published information, or from misuse of the connection or technical faults...
Asterisk < 1.2.22 / 1.4.8 / 2.2.1 chan_skinny Remote Denial of Service
Exploit for multiple platform in category dos / poc ====================================================================== Asterisk include include include include include include include include define SKINNYTCPPORT 2000 define CLEN 1024 define SKINNYMAXSIZE 1000 define REGISTERMESSAGE 0x0001...
Asterisk chan_skinny远程缓冲区溢出漏洞
Asterisk是一款PBX系统的软件,运行在Linux系统上,支持使用SIP、IAX、H323协议进行IP通话。 Asterisk的chanskinny.c文件中的static int getinputstruct skinnysession s函数没有正确地验证报文头中用户所提供的长度。远程攻击者可以通过发送特制报文来触发缓冲区溢出漏洞,导致执行任意指令。 asterisk-1.2.12.1/channels/chanskinny.c的2860-2870中的漏洞代码: ---------------- res = reads-fd, s-inbuf, 4; // - integer...
Asterisk <= 1.0.12 / 1.2.12.1 (chan_skinny) Remote Heap Overflow (PoC)
Exploit for multiple platform in category dos / poc ====================================================================== Asterisk The following proof of concept causes the chanskippy to crash in different locations and due to memory corruption as well as double free calls, this is based on the...
Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)
!/usr/bin/perl Beyond Security Copyright Noam Rathaus The following proof of concept causes the chanskippy to crash in different locations and due to memory corruption as well as double free calls, this is based on the finding of Security-Assessment.com, and proves that the vulnerability is indee...