New User, Welcome!     Login

<< Previous Next >>

Reported By

ASA-2007-018: Resource exhaustion vulnerability in IAX2 channel driver

   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | July 19, 2007                                     |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Russell Bryant, Digium, Inc. <russell@digium.com> |
   |--------------------+---------------------------------------------------|
   |     Posted On      | July 23, 2007                                     |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | July 25, 2007                                     |
   |--------------------+---------------------------------------------------|

ASA-2007-019: Remote crash vulnerability in Skinny channel driver

   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | August 7, 2007                                    |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Wei Wang of McAfee AVERT Labs                     |
   |--------------------+---------------------------------------------------|
   |     Posted On      | August 7, 2007                                    |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | August 7, 2007                                    |
   |--------------------+---------------------------------------------------|

AST-2008-002: Two buffer overflows in RTP Codec Payload Handling

   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | March 11, 2008                                    |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Mu Security Research Team                         |
   |--------------------+---------------------------------------------------|
   |     Posted On      | March 18, 2008                                    |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | March 18, 2008                                    |
   |--------------------+---------------------------------------------------|

AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver

     Nature of Advisory   Remote Crash                                        
       Susceptibility     Remote Authenticated Sessions                       
          Severity        Moderate                                            
       Exploits Known     No                                                  
        Reported On       April 16, 2012                                      
        Reported By       Thomas Arimont                                      
         Posted On        April 23, 2012                                      
      Last Updated On     April 23, 2012                                      
      Advisory Contact    Matt Jordan < mjordan AT digium DOT com >           
          CVE Name

AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver

     Nature of Advisory   Exploitable Heap Buffer Overflow                    
       Susceptibility     Remote Authenticated Sessions                       
          Severity        Minor                                               
       Exploits Known     No                                                  
        Reported On       March 26, 2012                                      
        Reported By       Russell Bryant                                      
         Posted On        April 23, 2012                                      
      Last Updated On     April 23, 2012                                      
      Advisory Contact    Matt Jordan < mjordan AT digium DOT com >           
          CVE Name

AST-2012-004: Asterisk Manager User Unauthorized Shell Access

     Nature of Advisory   Permission Escalation                               
       Susceptibility     Remote Authenticated Sessions                       
          Severity        Minor                                               
       Exploits Known     No                                                  
        Reported On       February 23, 2011                                   
        Reported By       David Woolley                                       
         Posted On        April 23, 2012                                      
      Last Updated On     April 23, 2012                                      
      Advisory Contact    Jonathan Rose < jrose AT digium DOT com >           
          CVE Name

Cyberoam Unified Threat Management: OS Command Execution

V. Disclosure
~~~~~~~~~~~~~

Reported By: Saurabh Harit, Senior Security Analyst, SensePost

Discovery Date:         2011-11-01


VI. References

Cyberoam Unified Threat Management: Insecure Password Handling

V. Disclosure
~~~~~~~~~~~~~

Reported By: Saurabh Harit, Senior Security Analyst, SensePost

Discovery Date:         2011-11-01


VI. References

AST-2012-003: Stack Buffer Overflow in HTTP Manager

     Nature of Advisory   Exploitable Stack Buffer Overflow                   
       Susceptibility     Remote Unauthenticated Sessions                     
          Severity        Critical                                            
       Exploits Known     No                                                  
        Reported On       03/15/2012                                          
        Reported By       Russell Bryant                                      
         Posted On        03/15/2012                                          
      Last Updated On     March 15, 2012                                      
      Advisory Contact    Matt Jordan < mjordan AT digium DOT com >           
          CVE Name

AST-2012-002: Remote Crash Vulnerability in Milliwatt Application

                        defined data                                          
      Susceptibility    Remote Unauthenticated Sessions                       
         Severity       Minor                                                 
      Exploits Known    No                                                    
       Reported On      03/14/2012                                            
       Reported By      Russell Bryant                                        
        Posted On       03/15/2012                                            
     Last Updated On    March 15, 2012                                        
     Advisory Contact   Matt Jordan <mjordan AT digium DOT com>               
         CVE Name

AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled

                        disabled by default                                   
      Susceptibility    Remote unauthenticated sessions                       
         Severity       Moderate                                              
      Exploits Known    Yes                                                   
       Reported On      November 2, 2011                                      
       Reported By      Kristijan Vrban                                       
        Posted On       2011-11-03                                            
     Last Updated On    December 7, 2011                                      
     Advisory Contact   Terry Wilson <twilson@digium.com>                     
         CVE Name

AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings

    Nature of Advisory  Unauthorized data disclosure                          
      Susceptibility    Remote unauthenticated sessions                       
         Severity       Minor                                                 
      Exploits Known    Yes                                                   
       Reported On      2011-07-18                                            
       Reported By      Ben Williams                                          
        Posted On       
     Last Updated On    December 7, 2011                                      
     Advisory Contact   Terry Wilson <twilson@digium.com>                     
         CVE Name

AST-2011-012: Remote crash vulnerability in SIP channel driver

     Nature of Advisory   Remote crash                                        
       Susceptibility     Remote authenticated sessions                       
          Severity        Critical                                            
       Exploits Known     No                                                  
        Reported On       October 4, 2011                                     
        Reported By       Ehsan Foroughi                                      
         Posted On        October 17, 2011                                    
      Last Updated On     October 17, 2011                                    
      Advisory Contact    Terry Wilson <twilson@digium.com>                   
          CVE Name        CVE-2011-4063

AST-2011-011: Possible enumeration of SIP users due to differing authentication responses

   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | June 11, 2011                                     |
   |--------------------+---------------------------------------------------|
   |    Reported By     |                                                   |
   |--------------------+---------------------------------------------------|
   |     Posted On      | June 28, 2011                                     |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | June 28, 2011                                     |
   |--------------------+---------------------------------------------------|

AST-2011-007

   |---------------------+--------------------------------------------------|
   |   Exploits Known    | No                                               |
   |---------------------+--------------------------------------------------|
   |     Reported On     | May 23, 2011                                     |
   |---------------------+--------------------------------------------------|
   |     Reported By     | Jonathan Rose jrose@digium.com                   |
   |---------------------+--------------------------------------------------|
   |      Posted On      | June 02, 2011                                    |
   |---------------------+--------------------------------------------------|
   |   Last Updated On   | June 02, 2011                                    |
   |---------------------+--------------------------------------------------|

AST-2011-006: Asterisk Manager User Shell Access

    Nature of Advisory  Permission Escalation                                 
      Susceptibility    Remote Authenticated Sessions                         
         Severity       Minor                                                 
      Exploits Known    Yes                                                   
       Reported On      February 10, 2011                                     
       Reported By      Mark Murawski <markm AT intellasoft DOT net>          
        Posted On       April 21, 2011                                        
     Last Updated On    April 21, 2011                                        
     Advisory Contact   Matthew Nicholson <mnicholson@digium.com>             
         CVE Name

AST-2011-005: File Descriptor Resource Exhaustion

     Susceptibility   Remote Unauthenticated TCP Based Sessions (TCP SIP,     
                      Skinny, Asterisk Manager Interface, and HTTP sessions)  
        Severity      Moderate                                                
     Exploits Known   Yes                                                     
      Reported On     March 18, 2011                                          
      Reported By     Tzafrir Cohen < tzafrir.cohen AT xorcom DOT com >       
       Posted On      April 21, 2011                                          
    Last Updated On   April 21, 2011                                          
    Advisory Contact  Matthew Nicholson <mnicholson@digium.com>               
        CVE Name      CVE-2011-1507

AST-2011-004:

   Nature of Advisory Denial of Service                                       
   Susceptibility     Remote Unauthenticated Sessions                         
   Severity           Critical                                                
   Exploits Known     No                                                      
   Reported On        March 1, 2011                                           
   Reported By        Blake Cornell <blake@remoteorigin.com> and Chris Maj          
                      <chris@penguinpbx.com>                                  
   Posted On          March 16, 2011                                          
   Last Updated On    March 14, 2011                                          
   Advisory Contact   Terry Wilson <twilson@digium.com>

AST-2011-003:

   Susceptibility     Remote Unauthenticated Sessions if manager interface is 
                      accessible                                              
   Severity           Moderate                                                
   Exploits Known     No                                                      
   Reported On        March 1, 2011                                           
   Reported By        Blake Cornell <blake@remoteorigin.com>
   Posted On          March 16, 2011                                          
   Last Updated On    March 14, 2011                                          
   Advisory Contact   Terry Wilson <twilson@digium.com>

AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code

   Nature of Advisory Exploitable Stack and Heap Array Overflows              
     Susceptibility   Remote Unauthenticated Sessions                         
        Severity      Critical                                                
     Exploits Known   No                                                      
      Reported On     January 27, 2011                                        
      Reported By     Matthew Nicholson                                       
       Posted On      February 21, 2011                                       
    Last Updated On   February 21, 2011                                       
    Advisory Contact  Matthew Nicholson <mnicholson@digium.com>               
        CVE Name

AST-2011-001: Stack buffer overflow in SIP channel driver

    Nature of Advisory  Exploitable Stack Buffer Overflow                     
      Susceptibility    Remote Authenticated Sessions                         
         Severity       Moderate                                              
      Exploits Known    No                                                    
       Reported On      January 11, 2011                                      
       Reported By      Matthew Nicholson                                     
        Posted On       January 18, 2011                                      
     Last Updated On    January 18, 2011                                      
     Advisory Contact   Matthew Nicholson <mnicholson@digium.com>             
         CVE Name

AST-2007-023 - SQL Injection Vulnerabilty in cdr_addon_mysql

   |--------------------+---------------------------------------------------|
   |   Exploits Known   | Yes                                               |
   |--------------------+---------------------------------------------------|
   |    Reported On     | October 16, 2007                                  |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Humberto Abdelnur <humberto.abdelnur AT loria DOT |
   |                    | fr>                                               |
   |--------------------+---------------------------------------------------|
   |     Posted On      | October 16, 2007                                  |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | October 16, 2007                                  |

AST-2007-025 - SQL Injection issue in res_config_pgsql

   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | November 29, 2007                               |
   |----------------------+-------------------------------------------------|
   |     Reported By      | P. Chisteas <p_christ AT hol DOT gr>            |
   |----------------------+-------------------------------------------------|
   |      Posted On       | November 29, 2007                               |
   |----------------------+-------------------------------------------------|
   |   Last Updated On    | November 29, 2007                               |
   |----------------------+-------------------------------------------------|

AST-2007-027 - Database matching order permits host-based authentication to be ignored

   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | October 30, 2007                                  |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Tilghman Lesher <tlesher AT digium DOT com>       |
   |--------------------+---------------------------------------------------|
   |     Posted On      | December 18, 2007                                 |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | December 18, 2007                                 |
   |--------------------+---------------------------------------------------|

AST-2009-008: SIP responses expose valid usernames

   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | October 26, 2009                                |
   |----------------------+-------------------------------------------------|
   |     Reported By      | Patrik Karlsson <patrik AT cqure DOT net>       |
   |----------------------+-------------------------------------------------|
   |      Posted On       | November 4, 2009                                |
   |----------------------+-------------------------------------------------|
   |   Last Updated On    | November 4, 2009                                |
   |----------------------+-------------------------------------------------|

/home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   |   Exploits Known   | None specific to Asterisk, but OpenSSL exploits   |
   |                    | are circulating                                   |
   |--------------------+---------------------------------------------------|
   |    Reported On     | 13 May 2008                                       |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Luciano Bello                                     |
   |--------------------+---------------------------------------------------|
   |     Posted On      | May 16, 2008                                      |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | May 22, 2008                                      |
   |--------------------+---------------------------------------------------|

AST-2007-022: Buffer overflows in voicemail when using IMAP storage

    |--------------------+---------------------------------------------------|
    |   Exploits Known   | No                                                |
    |--------------------+---------------------------------------------------|
    |    Reported On     | October 9, 2007                                   |
    |--------------------+---------------------------------------------------|
    |    Reported By     | Russell Bryant <russell@digium.com>               |
    |                    |                                                   |
    |                    | Mark Michelson <mmichelson@digium.com>            |
    |--------------------+---------------------------------------------------|
    |     Posted On      | October 9, 2007                                   |
    |--------------------+---------------------------------------------------|

AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver

   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | May 29, 2008                                      |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Tzafrir Cohen <tzafrir DOT cohen AT xorcom DOT    |
   |                    | com>                                              |
   |--------------------+---------------------------------------------------|
   |     Posted On      | June 4, 2008                                      |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | June 4, 2008                                      |

AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | May 29, 2008                                      |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Tzafrir Cohen <tzafrir DOT cohen AT xorcom DOT    |
   |                    | com>                                              |
   |--------------------+---------------------------------------------------|
   |     Posted On      | June 4, 2008                                      |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | June 4, 2008                                      |

AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode

   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | May 8, 2008                                       |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Hooi Ng (bugs.digium.com user hooi)               |
   |--------------------+---------------------------------------------------|
   |     Posted On      | May 8, 2008                                       |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | June 3, 2008                                      |
   |--------------------+---------------------------------------------------|
<<Previous Next>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!