New User, Welcome!     Login

<< Previous

Advisory Contact

AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings

      Exploits Known    Yes                                                   
       Reported On      2011-07-18                                            
       Reported By      Ben Williams                                          
        Posted On       
     Last Updated On    December 7, 2011                                      
     Advisory Contact   Terry Wilson <twilson@digium.com>                     
         CVE Name       

    Description  It is possible to enumerate SIP usernames when the general   
                 and user/peer NAT settings differ in whether to respond to   
                 the port a request is sent from or the port listed for

AST-2007-022: Buffer overflows in voicemail when using IMAP storage

    |--------------------+---------------------------------------------------|
    |     Posted On      | October 9, 2007                                   |
    |--------------------+---------------------------------------------------|
    |  Last Updated On   | October 10, 2007                                  |
    |--------------------+---------------------------------------------------|
    |  Advisory Contact  | Mark Michelson <mmichelson@digium.com>            |
    |--------------------+---------------------------------------------------|
    |      CVE Name      |                                                   |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+

AST-2012-003: Stack Buffer Overflow in HTTP Manager

       Exploits Known     No                                                  
        Reported On       03/15/2012                                          
        Reported By       Russell Bryant                                      
         Posted On        03/15/2012                                          
      Last Updated On     March 15, 2012                                      
      Advisory Contact    Matt Jordan < mjordan AT digium DOT com >           
          CVE Name        

    Description  An attacker attempting to connect to an HTTP session of the  
                 Asterisk Manager Interface can send an arbitrarily long      
                 string value for HTTP Digest Authentication. This causes a

AST-2012-002: Remote Crash Vulnerability in Milliwatt Application

      Exploits Known    No                                                    
       Reported On      03/14/2012                                            
       Reported By      Russell Bryant                                        
        Posted On       03/15/2012                                            
     Last Updated On    March 15, 2012                                        
     Advisory Contact   Matt Jordan <mjordan AT digium DOT com>               
         CVE Name       

    Description  An attacker can cause Asterisk to crash in one of two ways:  
                                                                              
                 1. A dialplan uses the Milliwatt application with 'o'

AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver

       Exploits Known     No                                                  
        Reported On       April 16, 2012                                      
        Reported By       Thomas Arimont                                      
         Posted On        April 23, 2012                                      
      Last Updated On     April 23, 2012                                      
      Advisory Contact    Matt Jordan < mjordan AT digium DOT com >           
          CVE Name        

    Description  A remotely exploitable crash vulnerability exists in the     
                 SIP channel driver if a SIP UPDATE request is processed      
                 within a particular window of time. For this to occur, the

/home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   |--------------------+---------------------------------------------------|
   |     Posted On      | May 16, 2008                                      |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | May 22, 2008                                      |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Mark Michelson < mmichelson AT digium DOT com >   |
   |--------------------+---------------------------------------------------|
   |      CVE Name      | CVE-2008-0166                                     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode

   |--------------------+---------------------------------------------------|
   |     Posted On      | May 8, 2008                                       |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | June 3, 2008                                      |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Joshua Colp <jcolp@digium.com>                    |
   |--------------------+---------------------------------------------------|
   |      CVE Name      | CVE-2008-2119                                     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2007-027 - Database matching order permits host-based authentication to be ignored

   |--------------------+---------------------------------------------------|
   |     Posted On      | December 18, 2007                                 |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | December 18, 2007                                 |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Tilghman Lesher <tlesher AT digium DOT com>       |
   |--------------------+---------------------------------------------------|
   |      CVE Name      | CVE-2007-6430                                     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2009-006: IAX2 Call Number Resource Exhaustion

   |--------------------+---------------------------------------------------|
   |     Posted On      | September 3, 2009                                 |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | September 3, 2009                                 |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Russell Bryant < russell AT digium DOT com >      |
   |--------------------+---------------------------------------------------|
   |      CVE Name      | CVE-2009-2346                                     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2008-006 - 3-way handshake in IAX2 incomplete

   |--------------------+---------------------------------------------------|
   |     Posted On      | April 22, 2008                                    |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | April 22, 2008                                    |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Tilghman Lesher < tlesher AT digium DOT com >     |
   |--------------------+---------------------------------------------------|
   |      CVE Name      | CVE-2008-1897                                     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2009-002: Remote Crash Vulnerability in SIP channel driver

   |---------------------+--------------------------------------------------|
   |      Posted On      | March 10, 2009                                   |
   |---------------------+--------------------------------------------------|
   |   Last Updated On   | March 10, 2009                                   |
   |---------------------+--------------------------------------------------|
   |  Advisory Contact   | Joshua Colp <jcolp@digium.com>                   |
   |---------------------+--------------------------------------------------|
   |      CVE Name       |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2010-003: Invalid parsing of ACL rules can compromise security

   |--------------------+---------------------------------------------------|
   |     Posted On      | Feb 25, 2010                                      |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | February 25, 2010                                 |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Mark Michelson < mmichelson AT digium DOT com >   |
   |--------------------+---------------------------------------------------|
   |      CVE Name      |                                                   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2007-026 - SQL Injection issue in cdr_pgsql

   |----------------------+-------------------------------------------------|
   |      Posted On       | November 29, 2007                               |
   |----------------------+-------------------------------------------------|
   |   Last Updated On    | November 29, 2007                               |
   |----------------------+-------------------------------------------------|
   |   Advisory Contact   | Tilghman Lesher <tlesher AT digium DOT com>     |
   |----------------------+-------------------------------------------------|
   |       CVE Name       |                                                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

ASA-2007-019: Remote crash vulnerability in Skinny channel driver

   |--------------------+---------------------------------------------------|
   |     Posted On      | August 7, 2007                                    |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | August 7, 2007                                    |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Jason Parker <jparker@digium.com>                 |
   |--------------------+---------------------------------------------------|
   |      CVE Name      |                                                   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver

   |--------------------+---------------------------------------------------|
   |     Posted On      | June 4, 2008                                      |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | June 4, 2008                                      |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Mark Michelson <mmichelson AT digium DOT com>     |
   |--------------------+---------------------------------------------------|
   |      CVE Name      | CVE-2008-2543                                     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2007-025 - SQL Injection issue in res_config_pgsql

   |----------------------+-------------------------------------------------|
   |      Posted On       | November 29, 2007                               |
   |----------------------+-------------------------------------------------|
   |   Last Updated On    | November 29, 2007                               |
   |----------------------+-------------------------------------------------|
   |   Advisory Contact   | Tilghman Lesher <tlesher AT digium DOT com>     |
   |----------------------+-------------------------------------------------|
   |       CVE Name       |                                                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2008-004: Format String Vulnerability in Logger and Manager

   |--------------------+---------------------------------------------------|
   |     Posted On      | March 18, 2008                                    |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | March 18, 2008                                    |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Joshua Colp <jcolp@digium.com>                    |
   |--------------------+---------------------------------------------------|
   |      CVE Name      | CVE-2008-1333                                     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver

   |--------------------+---------------------------------------------------|
   |     Posted On      | August 21, 2007                                   |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | August 21, 2007                                   |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Russell Bryant <russell@digium.com>               |
   |--------------------+---------------------------------------------------|
   |      CVE Name      | CVE-2007-4455                                     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2009-009: Cross-site AJAX request vulnerability

   |----------------------+-------------------------------------------------|
   |      Posted On       | November 4, 2009                                |
   |----------------------+-------------------------------------------------|
   |   Last Updated On    | November 4, 2009                                |
   |----------------------+-------------------------------------------------|
   |   Advisory Contact   | Joshua Colp <jcolp AT digium DOT com>           |
   |----------------------+-------------------------------------------------|
   |       CVE Name       | CVE-2008-7220                                   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application

    |--------------------+---------------------------------------------------|
    |     Posted On      | October 31, 2007                                  |
    |--------------------+---------------------------------------------------|
    |  Last Updated On   | November 1, 2007                                  |
    |--------------------+---------------------------------------------------|
    |  Advisory Contact  | Mark Michelson <mmichelson AT digium DOT com>     |
    |--------------------+---------------------------------------------------|
    |      CVE Name      | CVE-2007-5690                                     |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+

AST-2008-002: Two buffer overflows in RTP Codec Payload Handling

   |--------------------+---------------------------------------------------|
   |     Posted On      | March 18, 2008                                    |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | March 18, 2008                                    |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Joshua Colp <jcolp@digium.com>                    |
   |--------------------+---------------------------------------------------|
   |      CVE Name      | CVE-2008-1289                                     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2008-001: Crash from transfer using BYE with Also header

    |---------------------+--------------------------------------------------|
    |      Posted On      | January 2, 2008                                  |
    |---------------------+--------------------------------------------------|
    |   Last Updated On   | January 2, 2008                                  |
    |---------------------+--------------------------------------------------|
    |  Advisory Contact   | Joshua Colp <jcolp@digium.com>                   |
    |---------------------+--------------------------------------------------|
    |      CVE Name       |                                                  |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
<<Previous

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!