SUSE CVE-2020-14305

An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this...

Asterisk日志函数及管理器远程格式串处理漏洞

BUGTRAQ ID: 28311 CVECAN ID: CVE-2008-1333 Asterisk是开放源码的软件PBX，支持各种VoIP协议和设备。 Asterisk的日志和管理器功能实现上存在漏洞，远程攻击者可能利用此漏洞导致拒绝服务。 使用astverbose日志API调用所显示的日志消息没有显示为字符串，而是格式串；管理器命令command结果输出没有作为字符串附加到生成的响应消息中，而是附加为格式串。这两种情况都允许攻击者在输入中提交特意的格式串值导致崩溃。 Asterisk Asterisk 1.6.x Asterisk --------...

[Full-disclosure] CallManager and OpeSer toll fraud and authentication forward attack

MADYNES Security Advisory : SIP toll fraud and authentication forward attack Date of Discovery 5 May, 2007 Vendor1 Cisco was informed on 22 May 2007 Vendor 2 OpenSer, voice-systems was informed in 4 th October 2007 ID: KIPH11 Affected products CallManager: System version: 5.1.1.3000-5...

CORE-2006-0327: IAXclient truncated frames vulnerabilities

Core Security Technologies - Corelabs Advisory http://www.coresecurity.com/corelabs/ IAXclient truncated frames vulnerabilities Date Published: 2006-06-09 Last Update: 2006-06-09 Advisory ID: CORE-2006-0327 Bugtraq ID: 18307 CVE Name: N/A Title: IAXclient truncated frames vulnerabilities Class:...