New User, Welcome!     Login

<< Previous

Asterisk Project Security Advisory

AST-2009-006: IAX2 Call Number Resource Exhaustion

   |                | https://issues.asterisk.org/view.php?id=12912         |
   |                | http://www.beyondsecurity.com/ssd.html                |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2009-006.pdf and          |

AST-2007-025 - SQL Injection issue in res_config_pgsql

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2007-025.pdf and          |

AST-2009-008: SIP responses expose valid usernames

   +------------------------------------------------------------------------+
   |        Links         |                                                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2009-008.pdf and          |

AST-2011-006: Asterisk Manager User Shell Access

   http://downloads.asterisk.org/pub/security/AST-2011-006-1.6.2.diff  1.6.2  
   http://downloads.asterisk.org/pub/security/AST-2011-006-1.8.diff    1.8    

          Links         

   Asterisk Project Security Advisories are posted at                         
   http://www.asterisk.org/security                                           
                                                                              
   This document may be superseded by later versions; if so, the latest       
   version will be posted at                                                  
   http://downloads.digium.com/pub/security/AST-2011-006.pdf and

AST-2007-026 - SQL Injection issue in cdr_pgsql

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2007-026.pdf and          |

AST-2012-004: Asterisk Manager User Unauthorized Shell Access

   http://downloads.asterisk.org/pub/security/AST-2012-004-1.8.diff   v1.8     
   http://downloads.asterisk.org/pub/security/AST-2012-004-10.diff    v10      

       Links     https://issues.asterisk.org/jira/browse/ASTERISK-17465       

    Asterisk Project Security Advisories are posted at                        
    http://www.asterisk.org/security                                          
                                                                              
    This document may be superseded by later versions; if so, the latest      
    version will be posted at                                                 
    http://downloads.digium.com/pub/security/AST-2012-004.pdf and

AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings

      commonly used setting for the respective version in Asterisk 1.4.43,    
                             1.6.2.21, and 1.8.7.2.                           

            Links          

    Asterisk Project Security Advisories are posted at                        
    http://www.asterisk.org/security                                          
                                                                              
    This document may be superseded by later versions; if so, the latest      
    version will be posted at                                                 
    http://downloads.digium.com/pub/security/AST-2011-013.pdf and

AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver

   http://downloads.asterisk.org/pub/security/AST-2012-006-1.8.diff v1.8      
   http://downloads.asterisk.org/pub/security/AST-2012-006-10.diff  v.10      

       Links     https://issues.asterisk.org/jira/browse/ASTERISK-19770       

    Asterisk Project Security Advisories are posted at                        
    http://www.asterisk.org/security                                          
                                                                              
    This document may be superseded by later versions; if so, the latest      
    version will be posted at                                                 
    http://downloads.digium.com/pub/security/AST-2012-006.pdf and

AST-2011-001: Stack buffer overflow in SIP channel driver

   http://downloads.asterisk.org/pub/security/AST-2011-001-1.4.diff    1.4    
   http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.1.diff  1.6.1  
   http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff  1.6.2  
   http://downloads.asterisk.org/pub/security/AST-2011-001-1.8.diff    1.8    

   Asterisk Project Security Advisories are posted at                         
   http://www.asterisk.org/security                                           
                                                                              
   This document may be superseded by later versions; if so, the latest       
   version will be posted at                                                  
   http://downloads.digium.com/pub/security/AST-2011-001.pdf and

AST-2009-009: Cross-site AJAX request vulnerability

   +------------------------------------------------------------------------+
   |     Links      | https://issues.asterisk.org/view.php?id=16139         |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2009-009.pdf and          |

AST-2007-027 - Database matching order permits host-based authentication to be ignored

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2007-027.pdf and          |

AST-2009-001: Information leak in IAX2 authentication

   +------------------------------------------------------------------------+
   |        Links        | http://code.google.com/p/iaxscan/                |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2009-001.pdf and          |

AST-2010-001: T.38 Remote Crash Vulnerability

   |                |                                                       |
   |                | https://issues.asterisk.org/view.php?id=16517         |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/.pdf and                      |

AST-2009-010: RTP Remote Crash Vulnerability

   +------------------------------------------------------------------------+
   |     Links      | https://issues.asterisk.org/view.php?id=16242         |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2009-010.pdf and          |

AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2008-009.pdf and          |

AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode

   +------------------------------------------------------------------------+
   |      Links       | http://bugs.digium.com/view.php?id=12607            |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2008-008.pdf and          |

AST-2011-012: Remote crash vulnerability in SIP channel driver

   http://downloads.asterisk.org/pub/security/AST-2011-012-1.8.diff 1.8       
   http://downloads.asterisk.org/pub/security/AST-2011-012-10.diff  10        

            Links          

    Asterisk Project Security Advisories are posted at                        
    http://www.asterisk.org/security                                          
                                                                              
    This document may be superseded by later versions; if so, the latest      
    version will be posted at                                                 
    http://downloads.digium.com/pub/security/AST-2011-012.pdf and

AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code

   http://downloads.asterisk.org/pub/security/AST-2011-002-1.6.2.diff  1.6.2  
   http://downloads.asterisk.org/pub/security/AST-2011-002-1.8.diff    1.8    

          Links         

   Asterisk Project Security Advisories are posted at                         
   http://www.asterisk.org/security                                           
                                                                              
   This document may be superseded by later versions; if so, the latest       
   version will be posted at                                                  
   http://downloads.digium.com/pub/security/AST-2011-002.pdf and

AST-2008-001: Crash from transfer using BYE with Also header

    +------------------------------------------------------------------------+
    |      Links       | http://bugs.digium.com/view.php?id=11637            |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    | Asterisk Project Security Advisories are posted at                     |
    | http://www.asterisk.org/security                                       |
    |                                                                        |
    | This document may be superseded by later versions; if so, the latest   |
    | version will be posted at                                              |
    | http://downloads.digium.com/pub/security/AST-2008-001.pdf and          |

AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver

   |                  |                                                     |
   |                  | http://bugs.digium.com/view.php?id=10418            |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security.                                      |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/asa/AST-2007-020.pdf and               |

AST-2011-004:

   Links                                                                      

    

   Asterisk Project Security Advisories are posted at                         
   http://www.asterisk.org/security                                           
                                                                              
   This document may be superseded by later versions; if so, the latest       
   version will be posted at                                                  
   http://downloads.digium.com/pub/security/AST-2011-004.pdf and

AST-2011-003:

   Links                                                                      

    

   Asterisk Project Security Advisories are posted at                         
   http://www.asterisk.org/security                                           
                                                                              
   This document may be superseded by later versions; if so, the latest       
   version will be posted at                                                  
   http://downloads.digium.com/pub/security/AST-2011-003.pdf and
<<Previous

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!