10 matches found
EUVD-2017-5611
Malware in sbrugna...
CVE-2017-14099
In res/resrtpasterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure media takeover in the RTP stack is possible with careful timing by an attacker. The...
CVE-2017-14099
In res/resrtpasterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure media takeover in the RTP stack is possible with careful timing by an attacker. The...
Design/Logic Flaw
In res/resrtpasterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure media takeover in the RTP stack is possible with careful timing by an attacker. The...
CVE-2017-14099
In res/resrtpasterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure media takeover in the RTP stack is possible with careful timing by an attacker. The...
CVE-2017-14099
CVE-2017-14099 affects Asterisk 11.x (before 11.25.2), 13.x (before 13.17.1) and 14.x (before 14.6.1), including Certified Asterisk, with unauthorized data disclosure via RTP media hijacking when strict RTP, NAT, and symmetric RTP are combined. Root cause: changes to strict RTP handling allowed l...
CVE-2017-14099
In res/resrtpasterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure media takeover in the RTP stack is possible with careful timing by an attacker. The...
asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm
The Asterisk project reports: AST-2017-005 - A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support this introduced an avenue where media could be hijacked. Instead of only learning a new...
AST-2009-004: Remote Crash Vulnerability in RTP stack
Asterisk Project Security Advisory - AST-2009-004 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Remote Crash Vulnerability in RTP stack |...
ASA-2007-017: Remote Crash Vulnerability in STUN implementation
Asterisk Project Security Advisory - ASA-2007-017 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Remote Crash Vulnerability in STUN implementation |...