New User, Welcome!     Login

Asterisk Addons

AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

               Asterisk Project Security Advisory - AST-2008-009

   +------------------------------------------------------------------------+
   |      Product       | Asterisk-Addons                                   |
   |--------------------+---------------------------------------------------|
   |      Summary       | Remote crash vulnerability in ooh323 channel      |
   |                    | driver                                            |
   |--------------------+---------------------------------------------------|
   | Nature of Advisory | Remote crash                                      |
   |--------------------+---------------------------------------------------|

AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver

               Asterisk Project Security Advisory - AST-2008-009

   +------------------------------------------------------------------------+
   |      Product       | Asterisk-Addons                                   |
   |--------------------+---------------------------------------------------|
   |      Summary       | Remote crash vulnerability in ooh323 channel      |
   |                    | driver                                            |
   |--------------------+---------------------------------------------------|
   | Nature of Advisory | Remote crash                                      |
   |--------------------+---------------------------------------------------|

AST-2007-023 - SQL Injection Vulnerabilty in cdr_addon_mysql

               Asterisk Project Security Advisory - AST-2007-023

   +------------------------------------------------------------------------+
   |      Product       | Asterisk-Addons                                   |
   |--------------------+---------------------------------------------------|
   |      Summary       | SQL Injection Vulnerability in cdr_addon_mysql    |
   |--------------------+---------------------------------------------------|
   | Nature of Advisory | SQL Injection                                     |
   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |

AST-2009-005: Remote Crash Vulnerability in SIP channel driver

   |                            |            | 1.6.0.12                     |
   |----------------------------+------------+------------------------------|
   |    Asterisk Open Source    |  1.6.1.x   | All versions prior to        |
   |                            |            | 1.6.1.4                      |
   |----------------------------+------------+------------------------------|
   |      Asterisk Addons       |   1.2.x    | Not affected                 |
   |----------------------------+------------+------------------------------|
   |      Asterisk Addons       |   1.4.x    | Not affected                 |
   |----------------------------+------------+------------------------------|
   |      Asterisk Addons       |  1.6.0.x   | Not affected                 |
   |----------------------------+------------+------------------------------|

AST-2010-003: Invalid parsing of ACL rules can compromise security

   |    Asterisk Open Source    |  1.4.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.6.x  | All 1.6.0, 1.6.1 and 1.6.2      |
   |                            |         | releases                        |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.2.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.4.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.6.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|

AST-2009-004: Remote Crash Vulnerability in RTP stack

   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.4.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.6.x      | All 1.6.1 versions    |
   |-------------------------------+----------------+-----------------------|
   |        Asterisk Addons        |     1.2.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |        Asterisk Addons        |     1.4.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |        Asterisk Addons        |     1.6.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|

AST-2009-008: SIP responses expose valid usernames

   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    | 1.6.0.x | All versions prior to 1.6.0.17  |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    | 1.6.1.x | All versions prior to 1.6.1.9   |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.2.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.4.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.6.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|

AST-2009-009: Cross-site AJAX request vulnerability

   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    | 1.6.0.x | All versions prior to 1.6.0.17  |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    | 1.6.1.x | All versions prior to 1.6.1.9   |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.2.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.4.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.6.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|

AST-2009-003: SIP responses expose valid usernames

   |                            |            | 1.4.24.1                     |
   |----------------------------+------------+------------------------------|
   |    Asterisk Open Source    |  1.6.0.x   | All versions prior to        |
   |                            |            | 1.6.0.8                      |
   |----------------------------+------------+------------------------------|
   |      Asterisk Addons       |   1.2.x    | Not affected                 |
   |----------------------------+------------+------------------------------|
   |      Asterisk Addons       |   1.4.x    | Not affected                 |
   |----------------------------+------------+------------------------------|
   |      Asterisk Addons       |   1.6.x    | Not affected                 |
   |----------------------------+------------+------------------------------|

AST-2009-007: ACL not respected on SIP INVITE

   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.4.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.6.x      | All 1.6.1 versions    |
   |-------------------------------+----------------+-----------------------|
   |        Asterisk Addons        |     1.2.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |        Asterisk Addons        |     1.4.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |        Asterisk Addons        |     1.6.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|

AST-2009-001: Information leak in IAX2 authentication

   |                            |         | 1.4.23-rc4                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.6.x  | All versions prior to           |
   |                            |         | 1.6.0.3-rc2                     |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.2.x  | Not affected                    |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.4.x  | Not affected                    |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.6.x  | Not affected                    |
   |----------------------------+---------+---------------------------------|

AST-2008-012: Remote crash vulnerability in IAX2

   |---------------------------------+----------------+---------------------|
   |      Asterisk Open Source       |     1.4.x      | Unaffected          |
   |---------------------------------+----------------+---------------------|
   |      Asterisk Open Source       |     1.6.x      | Unaffected          |
   |---------------------------------+----------------+---------------------|
   |         Asterisk Addons         |     1.2.x      | Unaffected          |
   |---------------------------------+----------------+---------------------|
   |         Asterisk Addons         |     1.4.x      | Unaffected          |
   |---------------------------------+----------------+---------------------|
   |         Asterisk Addons         |     1.6.x      | Unaffected          |
   |---------------------------------+----------------+---------------------|

AST-2009-002: Remote Crash Vulnerability in SIP channel driver

   |    Asterisk Open Source    | 1.6.0.x | All versions prior to 1.6.0.6   |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    | 1.6.1.x | All versions prior to           |
   |                            |         | 1.6.1.0-rc2                     |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.2.x  | Not affected                    |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.4.x  | Not affected                    |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.6.x  | Not affected                    |
   |----------------------------+---------+---------------------------------|

AST-2008-011: Traffic amplification in IAX2 firmware provisioning system

   |                                  |             | 1.2.30                |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.4.x    | All versions prior to |
   |                                  |             | 1.4.21.2              |
   |----------------------------------+-------------+-----------------------|
   |         Asterisk Addons          |    1.2.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |         Asterisk Addons          |    1.4.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    A.x.x    | All versions          |
   |----------------------------------+-------------+-----------------------|

AST-2008-010: Asterisk IAX 'POKE' resource exhaustion

   |                                  |             | 1.2.30                |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.4.x    | All versions prior to |
   |                                  |             | 1.4.21.2              |
   |----------------------------------+-------------+-----------------------|
   |         Asterisk Addons          |    1.2.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |         Asterisk Addons          |    1.4.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    A.x.x    | All versions          |
   |----------------------------------+-------------+-----------------------|


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!