10 matches found
Debian DSA-3700-1 : asterisk - security update
Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service or incorrect certificate validation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...
Debian DLA-455-1 : asterisk security update
CVE-2014-6610 Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the resfaxspandsp module, allows remote authenticated users to cause a denial of service crash via an out of call message, which is not properly handled in the...
[SECURITY] [DLA 455-1] asterisk security update
Package : asterisk Version : 1:1.8.13.1dfsg1-3+deb7u4 CVE ID : CVE-2014-2286 CVE-2014-4046 CVE-2014-6610 CVE-2014-8412 CVE-2014-8418 CVE-2015-3008 Debian Bug : 741313 762164 771463 782411 CVE-2014-6610 Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6...
DLA-455-1 asterisk - security update
Bulletin has no description...
Mandriva Linux Security Advisory : asterisk (MDVSA-2015:206)
Updated asterisk packages fix security vulnerability : When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null...
MGASA-2015-0153 Updated asterisk packages fix CVE-2015-3008
Updated asterisk packages fix security vulnerability: When Asterisk registers to a SIP TLS device and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte...
Updated asterisk packages fix CVE-2015-3008
Updated asterisk packages fix security vulnerability: When Asterisk registers to a SIP TLS device and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte...
AST-2015-003: TLS Certificate Common name NULL byte exploit
Asterisk Project Security Advisory - AST-2015-003 Product Asterisk Summary TLS Certificate Common name NULL byte exploit Nature of Advisory Man in the Middle Attack Susceptibility Remote Authenticated Sessions Severity Major Exploits Known None Reported On 12 January, 2015 Reported By Maciej...
CVE-2015-3008
Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain nam...
CVE-2015-3008
CVE-2015-3008 affects Asterisk Open Source: 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, 13.x before 13.3.2, and Certified Asterisk equivalents (e.g., 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, 13.1 before 13.1-cert2). Root cause: improper handling of a null byte in the...