New User, Welcome!     Login

<< Previous

Asterisk Open Source

AST-2012-003: Stack Buffer Overflow in HTTP Manager

                "Corrected In" section, or apply a patch specified in the     
                "Patches" section.                                            

                               Affected Versions
                Product              Release Series  
         Asterisk Open Source            1.8.x       All versions             
         Asterisk Open Source             10.x       All versions             

                                  Corrected In 
                     Product                              Release             
              Asterisk Open Source                       1.8.10.1

ASA-2007-018: Resource exhaustion vulnerability in IAX2 channel driver

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           |   Release   |                             |
   |                            |   Series    |                             |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.0.x    | Not affected                |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.2.x    | 1.2.20, 1.2.21, 1.2.21.1,   |
   |                            |             | 1.2.22                      |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.4.x    | 1.4.5, 1.4.6, 1.4.7,        |

AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              |   Release   |                       |
   |                                  |   Series    |                       |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.0.x    | N/A                   |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.2.x    | N/A                   |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.4.x    | N/A                   |
   |----------------------------------+-------------+-----------------------|

AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |            Product            |  Release   |                           |
   |                               |   Series   |                           |
   |-------------------------------+------------+---------------------------|
   |     Asterisk Open Source      |   1.0.x    | All versions              |
   |-------------------------------+------------+---------------------------|
   |     Asterisk Open Source      |   1.2.x    | All versions prior to     |
   |                               |            | 1.2.29                    |
   |-------------------------------+------------+---------------------------|
   |     Asterisk Open Source      |   1.4.x    | Not Affected              |

AST-2011-012: Remote crash vulnerability in SIP channel driver

    Resolution  Ensure variables are initialized in all cases when parsing    
                the request.                                                  

                               Affected Versions
           Product         Release Series  
    Asterisk Open Source       1.8.x       All versions                       
    Asterisk Open Source        10.x       All versions (currently in beta)   

                                  Corrected In
                  Product                              Release                
            Asterisk Open Source                 1.8.7.1, 10.0.0-rc1

AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled

                "automon" feature can be disabled in features.conf as a       
                workaround.                                                   

                               Affected Versions
                Product              Release Series  
         Asterisk Open Source           1.6.2.x      All versions             
         Asterisk Open Source            1.8.x       All versions             

                                  Corrected In
                   Product                              Release               
            Asterisk Open Source                   1.6.2.21, 1.8.7.2

AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver

                setting the 'trustrpid' setting to False will prevent this    
                crash from occurring (default is False)                       

                               Affected Versions
                 Product               Release Series  
          Asterisk Open Source             1.8.x       All versions           
          Asterisk Open Source              10.x       All versions           
        Asterisk Business Edition          C.3.x       All versions           

                                  Corrected In
                    Product                              Release

AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              |   Release   |                       |
   |                                  |   Series    |                       |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.0.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.2.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.4.x    | All versions prior to |
   |                                  |             | 1.4.11                |

AST-2010-003: Invalid parsing of ACL rules can compromise security

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           | Release |                                 |
   |                            | Series  |                                 |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.2.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.4.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.6.x  | All 1.6.0, 1.6.1 and 1.6.2      |
   |                            |         | releases                        |

AST-2010-002: Dialplan injection vulnerability

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |           Product            | Release Series |                        |
   |------------------------------+----------------+------------------------|
   |     Asterisk Open Source     |     1.2.x      | All versions           |
   |------------------------------+----------------+------------------------|
   |     Asterisk Open Source     |     1.4.x      | All versions           |
   |------------------------------+----------------+------------------------|
   |     Asterisk Open Source     |     1.6.x      | All versions           |
   |------------------------------+----------------+------------------------|

ASA-2007-019: Remote crash vulnerability in Skinny channel driver

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              |   Release   |                       |
   |                                  |   Series    |                       |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.0.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.2.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.4.x    | All versions prior to |
   |                                  |             | 1.4.10                |

AST-2008-001: Crash from transfer using BYE with Also header

    |                           Affected Versions                            |
    |------------------------------------------------------------------------|
    |          Product           |   Release   |                             |
    |                            |   Series    |                             |
    |----------------------------+-------------+-----------------------------|
    |    Asterisk Open Source    |    1.0.x    | Unaffected                  |
    |----------------------------+-------------+-----------------------------|
    |    Asterisk Open Source    |    1.2.x    | Unaffected                  |
    |----------------------------+-------------+-----------------------------|
    |    Asterisk Open Source    |    1.4.x    | All versions prior to       |
    |                            |             | 1.4.17                      |

AST-2007-023 - SQL Injection Vulnerabilty in cdr_addon_mysql

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |       Product        |   Release   |                                   |
   |                      |   Series    |                                   |
   |----------------------+-------------+-----------------------------------|
   | Asterisk Open Source |    1.0.x    | All versions                      |
   |----------------------+-------------+-----------------------------------|
   | Asterisk Open Source |    1.2.x    | All versions prior to             |
   |                      |             | asterisk-addons-1.2.8             |
   |----------------------+-------------+-----------------------------------|
   | Asterisk Open Source |    1.4.x    | All versions prior to             |

AST-2008-003: Unauthenticated calls allowed from SIP channel driver

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |           Product            | Release |                               |
   |                              | Series  |                               |
   |------------------------------+---------+-------------------------------|
   |     Asterisk Open Source     |  1.0.x  | All versions                  |
   |------------------------------+---------+-------------------------------|
   |     Asterisk Open Source     |  1.2.x  | All versions prior to 1.2.27  |
   |------------------------------+---------+-------------------------------|
   |     Asterisk Open Source     |  1.4.x  | All versions prior to         |
   |                              |         | 1.4.18.1 and 1.4.19-rc3       |

AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code

                                                                              
              noload => chan_ooh323                                           

                               Affected Versions
                Product              Release Series 
         Asterisk Open Source            1.4.x      All versions              
         Asterisk Open Source            1.6.x      All versions              
       Asterisk Business Edition         C.x.x      All versions              
              AsteriskNOW                 1.5       All versions              
      s800i (Asterisk Appliance)         1.2.x      All versions

AST-2009-007: ACL not respected on SIP INVITE

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |            Product            | Release Series |                       |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.2.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.4.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.6.x      | All 1.6.1 versions    |
   |-------------------------------+----------------+-----------------------|

AST-2009-004: Remote Crash Vulnerability in RTP stack

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |            Product            | Release Series |                       |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.2.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.4.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.6.x      | All 1.6.1 versions    |
   |-------------------------------+----------------+-----------------------|

AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              |   Release   |                       |
   |                                  |   Series    |                       |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.0.x    | N/A                   |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.2.x    | N/A                   |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.4.x    | N/A                   |
   |----------------------------------+-------------+-----------------------|

/home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |              Product              | Release Series |                   |
   |-----------------------------------+----------------+-------------------|
   |       Asterisk Open Source        |     1.0.x      | N/A               |
   |-----------------------------------+----------------+-------------------|
   |       Asterisk Open Source        |     1.2.x      | N/A               |
   |-----------------------------------+----------------+-------------------|
   |       Asterisk Open Source        |     1.4.x      | N/A               |
   |-----------------------------------+----------------+-------------------|

AST-2011-007

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |            Product            | Release Series |                       |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.8.x      | All versions          |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|

AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings

                for NAT individually, but through the global setting in the   
                "general" context.                                            

                               Affected Versions
                Product              Release Series  
         Asterisk Open Source             All        All versions             

                                  Corrected In                                
     As this is more of an issue with SIP over UDP in general, there is no    
     fix supplied other than documentation on how to avoid the problem. The   
        default NAT setting has been changed to what we believe the most
<<Previous

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!