New User, Welcome!     Login

<< Previous

Exploits Known

AST-2008-002: Two buffer overflows in RTP Codec Payload Handling

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Critical                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | March 11, 2008                                    |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Mu Security Research Team                         |
   |--------------------+---------------------------------------------------|

AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Moderate                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | August 9, 2007                                    |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Jon Moldenauer (bugs.digium.com user              |
   |                    | jmoldenhauer)                                     |

AST-2009-008: SIP responses expose valid usernames

   |----------------------+-------------------------------------------------|
   |    Susceptibility    | Remote Unauthenticated Sessions                 |
   |----------------------+-------------------------------------------------|
   |       Severity       | Minor                                           |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | October 26, 2009                                |
   |----------------------+-------------------------------------------------|
   |     Reported By      | Patrik Karlsson <patrik AT cqure DOT net>       |
   |----------------------+-------------------------------------------------|

AST-2012-004: Asterisk Manager User Unauthorized Shell Access

          Product         Asterisk                                            
          Summary         Asterisk Manager User Unauthorized Shell Access     
     Nature of Advisory   Permission Escalation                               
       Susceptibility     Remote Authenticated Sessions                       
          Severity        Minor                                               
       Exploits Known     No                                                  
        Reported On       February 23, 2011                                   
        Reported By       David Woolley                                       
         Posted On        April 23, 2012                                      
      Last Updated On     April 23, 2012                                      
      Advisory Contact    Jonathan Rose < jrose AT digium DOT com >

AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver

          Product         Asterisk                                            
          Summary         Remote Crash Vulnerability in SIP Channel Driver    
     Nature of Advisory   Remote Crash                                        
       Susceptibility     Remote Authenticated Sessions                       
          Severity        Moderate                                            
       Exploits Known     No                                                  
        Reported On       April 16, 2012                                      
        Reported By       Thomas Arimont                                      
         Posted On        April 23, 2012                                      
      Last Updated On     April 23, 2012                                      
      Advisory Contact    Matt Jordan < mjordan AT digium DOT com >

AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application

    |--------------------+---------------------------------------------------|
    |   Susceptibility   | Local sessions                                    |
    |--------------------+---------------------------------------------------|
    |      Severity      | None                                              |
    |--------------------+---------------------------------------------------|
    |   Exploits Known   | None                                              |
    |--------------------+---------------------------------------------------|
    |    Reported On     | October 31, 2007                                  |
    |--------------------+---------------------------------------------------|
    |    Reported By     | Michael Bucko <michael DOT bucko AT eleytt DOT    |
    |                    | com>                                              |

AST-2011-005: File Descriptor Resource Exhaustion

        Summary       File Descriptor Resource Exhaustion                     
   Nature of Advisory Denial of Service                                       
     Susceptibility   Remote Unauthenticated TCP Based Sessions (TCP SIP,     
                      Skinny, Asterisk Manager Interface, and HTTP sessions)  
        Severity      Moderate                                                
     Exploits Known   Yes                                                     
      Reported On     March 18, 2011                                          
      Reported By     Tzafrir Cohen < tzafrir.cohen AT xorcom DOT com >       
       Posted On      April 21, 2011                                          
    Last Updated On   April 21, 2011                                          
    Advisory Contact  Matthew Nicholson <mnicholson@digium.com>

AST-2011-007

   |---------------------+--------------------------------------------------|
   |   Susceptibility    | Remote Authenticated Sessions                    |
   |---------------------+--------------------------------------------------|
   |      Severity       | Moderate                                         |
   |---------------------+--------------------------------------------------|
   |   Exploits Known    | No                                               |
   |---------------------+--------------------------------------------------|
   |     Reported On     | May 23, 2011                                     |
   |---------------------+--------------------------------------------------|
   |     Reported By     | Jonathan Rose jrose@digium.com                   |
   |---------------------+--------------------------------------------------|

AST-2012-002: Remote Crash Vulnerability in Milliwatt Application

         Summary        Remote Crash Vulnerability in Milliwatt Application   
    Nature of Advisory  Exploitable Stack Buffer Overflow with locally        
                        defined data                                          
      Susceptibility    Remote Unauthenticated Sessions                       
         Severity       Minor                                                 
      Exploits Known    No                                                    
       Reported On      03/14/2012                                            
       Reported By      Russell Bryant                                        
        Posted On       03/15/2012                                            
     Last Updated On    March 15, 2012                                        
     Advisory Contact   Matt Jordan <mjordan AT digium DOT com>

AST-2009-005: Remote Crash Vulnerability in SIP channel driver

   |---------------------+--------------------------------------------------|
   |   Susceptibility    | Remote Unauthenticated Sessions                  |
   |---------------------+--------------------------------------------------|
   |      Severity       | Critical in 1.6.1; minor in lesser versions      |
   |---------------------+--------------------------------------------------|
   |   Exploits Known    | No                                               |
   |---------------------+--------------------------------------------------|
   |     Reported On     | July 28, 2009                                    |
   |---------------------+--------------------------------------------------|
   |     Reported By     | Nick Baggott < nbaggott AT mudynamics DOT com >  |
   |---------------------+--------------------------------------------------|

AST-2009-002: Remote Crash Vulnerability in SIP channel driver

   |---------------------+--------------------------------------------------|
   |   Susceptibility    | Remote Authenticated Sessions                    |
   |---------------------+--------------------------------------------------|
   |      Severity       | Moderate                                         |
   |---------------------+--------------------------------------------------|
   |   Exploits Known    | No                                               |
   |---------------------+--------------------------------------------------|
   |     Reported On     | February 6, 2009                                 |
   |---------------------+--------------------------------------------------|
   |     Reported By     | bugs.digium.com user klaus3000                   |
   |---------------------+--------------------------------------------------|

AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled

                        feature enabled                                       
    Nature of Advisory  Remote crash vulnerability in a feature that is       
                        disabled by default                                   
      Susceptibility    Remote unauthenticated sessions                       
         Severity       Moderate                                              
      Exploits Known    Yes                                                   
       Reported On      November 2, 2011                                      
       Reported By      Kristijan Vrban                                       
        Posted On       2011-11-03                                            
     Last Updated On    December 7, 2011                                      
     Advisory Contact   Terry Wilson <twilson@digium.com>

AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings

         Summary        Possible remote enumeration of SIP endpoints with     
                        differing NAT settings                                
    Nature of Advisory  Unauthorized data disclosure                          
      Susceptibility    Remote unauthenticated sessions                       
         Severity       Minor                                                 
      Exploits Known    Yes                                                   
       Reported On      2011-07-18                                            
       Reported By      Ben Williams                                          
        Posted On       
     Last Updated On    December 7, 2011                                      
     Advisory Contact   Terry Wilson <twilson@digium.com>

AST-2011-012: Remote crash vulnerability in SIP channel driver

          Product         Asterisk                                            
          Summary         Remote crash vulnerability in SIP channel driver    
     Nature of Advisory   Remote crash                                        
       Susceptibility     Remote authenticated sessions                       
          Severity        Critical                                            
       Exploits Known     No                                                  
        Reported On       October 4, 2011                                     
        Reported By       Ehsan Foroughi                                      
         Posted On        October 17, 2011                                    
      Last Updated On     October 17, 2011                                    
      Advisory Contact    Terry Wilson <twilson@digium.com>

AST-2009-007: ACL not respected on SIP INVITE

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote unauthorized session                       |
   |--------------------+---------------------------------------------------|
   |      Severity      | Critical                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | October 18, 2009                                  |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Thomas Athineou <thom_winkler AT web DOT de>      |
   |--------------------+---------------------------------------------------|

AST-2007-023 - SQL Injection Vulnerabilty in cdr_addon_mysql

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Minor                                             |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | Yes                                               |
   |--------------------+---------------------------------------------------|
   |    Reported On     | October 16, 2007                                  |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Humberto Abdelnur <humberto.abdelnur AT loria DOT |
   |                    | fr>                                               |

AST-2008-001: Crash from transfer using BYE with Also header

    |---------------------+--------------------------------------------------|
    |   Susceptibility    | Remote Unauthenticated Sessions                  |
    |---------------------+--------------------------------------------------|
    |      Severity       | Critical                                         |
    |---------------------+--------------------------------------------------|
    |   Exploits Known    | No                                               |
    |---------------------+--------------------------------------------------|
    |     Reported On     | December 26, 2007                                |
    |---------------------+--------------------------------------------------|
    |     Reported By     | Grey VoIP (bugs.digium.com user greyvoip)        |
    |---------------------+--------------------------------------------------|

AST-2007-027 - Database matching order permits host-based authentication to be ignored

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Moderate                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | October 30, 2007                                  |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Tilghman Lesher <tlesher AT digium DOT com>       |
   |--------------------+---------------------------------------------------|

AST-2010-001: T.38 Remote Crash Vulnerability

   |----------------------+-------------------------------------------------|
   |    Susceptibility    | Remote unauthenticated sessions                 |
   |----------------------+-------------------------------------------------|
   |       Severity       | Critical                                        |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | 12/03/09                                        |
   |----------------------+-------------------------------------------------|
   |     Reported By      | issues.asterisk.org users bklang and elsto      |
   |----------------------+-------------------------------------------------|

AST-2011-006: Asterisk Manager User Shell Access

         Product        Asterisk                                              
         Summary        Asterisk Manager User Shell Access                    
    Nature of Advisory  Permission Escalation                                 
      Susceptibility    Remote Authenticated Sessions                         
         Severity       Minor                                                 
      Exploits Known    Yes                                                   
       Reported On      February 10, 2011                                     
       Reported By      Mark Murawski <markm AT intellasoft DOT net>          
        Posted On       April 21, 2011                                        
     Last Updated On    April 21, 2011                                        
     Advisory Contact   Matthew Nicholson <mnicholson@digium.com>

AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote unauthenticated sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Major                                             |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | May 29, 2008                                      |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Tzafrir Cohen <tzafrir DOT cohen AT xorcom DOT    |
   |                    | com>                                              |

AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver

          Product         Asterisk                                            
          Summary         Heap Buffer Overflow in Skinny Channel Driver       
     Nature of Advisory   Exploitable Heap Buffer Overflow                    
       Susceptibility     Remote Authenticated Sessions                       
          Severity        Minor                                               
       Exploits Known     No                                                  
        Reported On       March 26, 2012                                      
        Reported By       Russell Bryant                                      
         Posted On        April 23, 2012                                      
      Last Updated On     April 23, 2012                                      
      Advisory Contact    Matt Jordan < mjordan AT digium DOT com >
<<Previous

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!