22 matches found
EUVD-2014-8254
Malware in sbrugna...
Updated asterisk packages fix CVE-2014-6610 and mitigate POODLE
Updated asterisk packages fix security vulnerabilities: In Asterisk Open Source 11.x before 11.12.1, when an out of call message, delivered by either the SIP or PJSIP channel driver or the XMPP stack, is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the...
Asterisk ConfBridge State Transitions DoS (AST-2014-014)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. This flaw exists due to improper handling of state transitions which could allow a remote attacker to crash the application. Note that Nessu...
Asterisk Multiple Vulnerabilities (AST-2014-012 / AST-2014-018)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following vulnerabilities : - A security bypass vulnerability exists in the VoIP channel drivers, DUNDi, and Asterisk Manager Interface AMI components which may allow a...
Asterisk ConfBridge 'dialplan' Privilege Escalation (AST-2014-017)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a privilege escalation vulnerability in the ConfBridge 'dialplan' function that is triggered when executed from an external protocol. This could allow a remote, authenticated...
CVE-2014-8417
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...
DEBIAN-CVE-2014-8417
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...
CVE-2014-8417
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...
DEBIAN-CVE-2014-8414
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service channel hang and memory consumption by causing transitions to be delayed, which triggers a state change from...
CVE-2014-8417
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...
Xxe
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...
CVE-2014-8414
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service channel hang and memory consumption by causing transitions to be delayed, which triggers a state change from...
Design/Logic Flaw
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service channel hang and memory consumption by causing transitions to be delayed, which triggers a state change from...
CVE-2014-8417
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...
CVE-2014-8414
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service channel hang and memory consumption by causing transitions to be delayed, which triggers a state change from...
CVE-2014-8417
CVE-2014-8417 affects Asterisk’s ConfBridge: remote authenticated users can escalate privileges via the external protocol to the CONFBRIDGE dialplan function or run arbitrary commands via a crafted ConfbridgeStartRecord AMI action. Affected: Asterisk 11.x pre-11.14.1, 12.x pre-12.7.1, 13.x pre-13...
CVE-2014-8417
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...
AST-2014-017: Permission escalation through ConfBridge actions/dialplan functions
Asterisk Project Security Advisory - AST-2014-017 Product Asterisk Summary Permission escalation through ConfBridge actions/dialplan functions Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On November 4, 2014 Report...
FreeBSD : asterisk -- Multiple vulnerabilities (7bfd797c-716d-11e4-b008-001999f8d30b)
The Asterisk project reports : AST-2014-014 - High call load may result in hung channels in ConfBridge. AST-2014-017 - Permission escalation through ConfBridge actions/dialplan functions. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
Mandriva Linux Security Advisory : asterisk (MDVSA-2014:218)
Multiple vulnerabilities has been discovered and corrected in asterisk : Remote crash when handling out of call message in certain dialplan configurations CVE-2014-6610. Asterisk Susceptibility to POODLE Vulnerability CVE-2014-3566. Mixed IP address families in access control lists may permit...