New User, Welcome!     Login

<< Previous

Asterisk Business Edition

ASA-2007-018: Resource exhaustion vulnerability in IAX2 channel driver

   |                            |             | 1.2.22                      |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.4.x    | 1.4.5, 1.4.6, 1.4.7,        |
   |                            |             | 1.4.7.1, 1.4.8              |
   |----------------------------+-------------+-----------------------------|
   | Asterisk Business Edition  |    A.x.x    | Not affected                |
   |----------------------------+-------------+-----------------------------|
   | Asterisk Business Edition  |    B.x.x    | Not affected                |
   |----------------------------+-------------+-----------------------------|
   |        AsteriskNOW         | pre-release | beta6                       |
   |----------------------------+-------------+-----------------------------|

AST-2007-025 - SQL Injection issue in res_config_pgsql

   |     Asterisk Open Source     |    1.2.x    | None                      |
   |------------------------------+-------------+---------------------------|
   |     Asterisk Open Source     |    1.4.x    | 1.4.14 and previous       |
   |                              |             | versions                  |
   |------------------------------+-------------+---------------------------|
   |  Asterisk Business Edition   |    A.x.x    | None                      |
   |------------------------------+-------------+---------------------------|
   |  Asterisk Business Edition   |    B.x.x    | None                      |
   |------------------------------+-------------+---------------------------|
   |         AsteriskNOW          | pre-release | None                      |
   |------------------------------+-------------+---------------------------|

AST-2012-004: Asterisk Manager User Unauthorized Shell Access

                               Affected Versions
                 Product               Release Series  
          Asterisk Open Source            1.6.2.x      All versions           
          Asterisk Open Source             1.8.x       All versions           
          Asterisk Open Source              10.x       All versions           
        Asterisk Business Edition          C.3.x       All versions           

                                  Corrected In
                  Product                              Release                
           Asterisk Open Source              1.6.2.24, 1.8.11.1, 10.3.1       
         Asterisk Business Edition                     C.3.7.4

AST-2011-005: File Descriptor Resource Exhaustion

                Product              Release Series 
         Asterisk Open Source            1.4.x      All versions              
         Asterisk Open Source           1.6.1.x     All versions              
         Asterisk Open Source           1.6.2.x     All versions              
         Asterisk Open Source            1.8.x      All versions              
       Asterisk Business Edition         C.x.x      All versions              

                                  Corrected In
              Product                               Release                   
        Asterisk Open Source        1.4.40.1, 1.6.1.25, 1.6.2.17.3, 1.8.3.3   
     Asterisk Business Edition                      C.3.6.4

AST-2007-022: Buffer overflows in voicemail when using IMAP storage

    |       Asterisk Open Source       |    1.2.x    | Unaffected            |
    |----------------------------------+-------------+-----------------------|
    |       Asterisk Open Source       |    1.4.x    | All versions prior to |
    |                                  |             | 1.4.13                |
    |----------------------------------+-------------+-----------------------|
    |    Asterisk Business Edition     |    A.x.x    | Unaffected            |
    |----------------------------------+-------------+-----------------------|
    |    Asterisk Business Edition     |    B.x.x    | Unaffected            |
    |----------------------------------+-------------+-----------------------|
    |           AsteriskNOW            | pre-release | Unaffected            |
    |----------------------------------+-------------+-----------------------|

AST-2011-011: Possible enumeration of SIP users due to differing authentication responses

   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |    1.6.2.x     | All versions       |
   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.8.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |    Asterisk Business Edition     |     C.3.x      | All versions       |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|

AST-2010-002: Dialplan injection vulnerability

   |------------------------------+----------------+------------------------|
   |     Asterisk Open Source     |     1.4.x      | All versions           |
   |------------------------------+----------------+------------------------|
   |     Asterisk Open Source     |     1.6.x      | All versions           |
   |------------------------------+----------------+------------------------|
   |  Asterisk Business Edition   |     B.x.x      | All versions           |
   |------------------------------+----------------+------------------------|
   |  Asterisk Business Edition   |     C.x.x      | All versions           |
   |------------------------------+----------------+------------------------|
   |          Switchvox           |      None      | No versions affected   |
   +------------------------------------------------------------------------+

AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver

   |       Asterisk Open Source       |    1.2.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.4.x    | All versions prior to |
   |                                  |             | 1.4.11                |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    A.x.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    B.x.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |           AsteriskNOW            | pre-release | All versions prior to |
   |                                  |             | beta7                 |

AST-2011-006: Asterisk Manager User Shell Access

                Product              Release Series 
         Asterisk Open Source            1.4.x      All versions              
         Asterisk Open Source           1.6.1.x     All versions              
         Asterisk Open Source           1.6.2.x     All versions              
         Asterisk Open Source            1.8.x      All versions              
       Asterisk Business Edition         C.x.x      All versions              

                                  Corrected In
              Product                               Release                   
        Asterisk Open Source        1.4.40.1, 1.6.1.25, 1.6.2.17.3, 1.8.3.3   
     Asterisk Business Edition                      C.3.6.4

AST-2011-001: Stack buffer overflow in SIP channel driver

                Product              Release Series 
         Asterisk Open Source            1.2.x      All versions              
         Asterisk Open Source            1.4.x      All versions              
         Asterisk Open Source            1.6.x      All versions              
         Asterisk Open Source            1.8.x      All versions              
       Asterisk Business Edition         C.x.x      All versions              
              AsteriskNOW                 1.5       All versions              
      s800i (Asterisk Appliance)         1.2.x      All versions              

                                  Corrected In
            Product                              Release

AST-2010-001: T.38 Remote Crash Vulnerability

   |------------------------------------------------------------------------|
   |             Product              | Release Series |                    |
   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.6.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |    Asterisk Business Edition     |      C.3       | All versions       |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
<<Previous

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!