22 matches found
EUVD-2014-8254
Malware in sbrugna...
Updated asterisk packages fix CVE-2014-6610 and mitigate POODLE
Updated asterisk packages fix security vulnerabilities: In Asterisk Open Source 11.x before 11.12.1, when an out of call message, delivered by either the SIP or PJSIP channel driver or the XMPP stack, is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the...
Asterisk ConfBridge State Transitions DoS (AST-2014-014)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. This flaw exists due to improper handling of state transitions which could allow a remote attacker to crash the application. Note that Nessu...
Asterisk ConfBridge 'dialplan' Privilege Escalation (AST-2014-017)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a privilege escalation vulnerability in the ConfBridge 'dialplan' function that is triggered when executed from an external protocol. This could allow a remote, authenticated...
Asterisk Multiple Vulnerabilities (AST-2014-012 / AST-2014-018)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following vulnerabilities : - A security bypass vulnerability exists in the VoIP channel drivers, DUNDi, and Asterisk Manager Interface AMI components which may allow a...
CVE-2014-8417
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...
DEBIAN-CVE-2014-8417
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...
CVE-2014-8417
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...
DEBIAN-CVE-2014-8414
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service channel hang and memory consumption by causing transitions to be delayed, which triggers a state change from...
CVE-2014-8417
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...
Design/Logic Flaw
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service channel hang and memory consumption by causing transitions to be delayed, which triggers a state change from...
Xxe
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...
CVE-2014-8414
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service channel hang and memory consumption by causing transitions to be delayed, which triggers a state change from...
CVE-2014-8417
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...
CVE-2014-8417
CVE-2014-8417 affects Asterisk’s ConfBridge: remote authenticated users can escalate privileges via the external protocol to the CONFBRIDGE dialplan function or run arbitrary commands via a crafted ConfbridgeStartRecord AMI action. Affected: Asterisk 11.x pre-11.14.1, 12.x pre-12.7.1, 13.x pre-13...
CVE-2014-8417
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...
CVE-2014-8414
ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service channel hang and memory consumption by causing transitions to be delayed, which triggers a state change from...
AST-2014-014: High call load may result in hung channels in ConfBridge.
Asterisk Project Security Advisory - AST-2014-014 Product Asterisk Summary High call load may result in hung channels in ConfBridge. Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On 19 October, 2014 Reported By Ben...
AST-2014-017: Permission escalation through ConfBridge actions/dialplan functions
Asterisk Project Security Advisory - AST-2014-017 Product Asterisk Summary Permission escalation through ConfBridge actions/dialplan functions Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On November 4, 2014 Report...
Mandriva Linux Security Advisory : asterisk (MDVSA-2014:218)
Multiple vulnerabilities has been discovered and corrected in asterisk : Remote crash when handling out of call message in certain dialplan configurations CVE-2014-6610. Asterisk Susceptibility to POODLE Vulnerability CVE-2014-3566. Mixed IP address families in access control lists may permit...