New User, Welcome!     Login

Next Page >>

Asterisk Appliance

AST-2008-005: HTTP Manager ID is predictable

   |----------------------------+-------------+-----------------------------|
   | Asterisk Business Edition  |    C.x.x    | All versions prior to C.1.6 |
   |----------------------------+-------------+-----------------------------|
   |        AsteriskNOW         | pre-release | All versions prior to 1.0.2 |
   |----------------------------+-------------+-----------------------------|
   |     Asterisk Appliance     |     SVN     | All revisions prior to      |
   |       Developer Kit        |             | 104704                      |
   |----------------------------+-------------+-----------------------------|
   | s800i (Asterisk Appliance) |    1.0.x    | All versions prior to       |
   |                            |             | 1.1.0.2                     |
   +------------------------------------------------------------------------+

AST-2009-008: SIP responses expose valid usernames

   | Asterisk Business Edition  |  C.x.x  | All versions prior to C.2.4.5   |
   |                            |         | and C.3.2.2                     |
   |----------------------------+---------+---------------------------------|
   |        AsteriskNOW         |   1.5   | All versions                    |
   |----------------------------+---------+---------------------------------|
   | s800i (Asterisk Appliance) |  1.2.x  | All versions prior to 1.3.0.5   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|

AST-2008-010: Asterisk IAX 'POKE' resource exhaustion

   |    Asterisk Business Edition     |   C.x.x.x   | All versions prior to |
   |                                  |             | C.1.10.3              |
   |----------------------------------+-------------+-----------------------|
   |           AsteriskNOW            | pre-release | All versions          |
   |----------------------------------+-------------+-----------------------|
   | Asterisk Appliance Developer Kit |    0.x.x    | All versions          |
   |----------------------------------+-------------+-----------------------|
   |    s800i (Asterisk Appliance)    |    1.0.x    | All versions prior to |
   |                                  |             | 1.2.0.1               |
   +------------------------------------------------------------------------+

AST-2007-027 - Database matching order permits host-based authentication to be ignored

   | Asterisk Business Edition  |    C.x.x    | All versions prior to       |
   |                            |             | C.1.0-beta8                 |
   |----------------------------+-------------+-----------------------------|
   |        AsteriskNOW         | pre-release | Not affected                |
   |----------------------------+-------------+-----------------------------|
   |     Asterisk Appliance     |    0.x.x    | Not affected                |
   |       Developer Kit        |             |                             |
   |----------------------------+-------------+-----------------------------|
   | s800i (Asterisk Appliance) |    1.0.x    | Not affected                |
   +------------------------------------------------------------------------+

AST-2008-006 - 3-way handshake in IAX2 incomplete

   |                               |            | C.1.8.1                   |
   |-------------------------------+------------+---------------------------|
   |          AsteriskNOW          |   1.0.x    | All versions prior to     |
   |                               |            | 1.0.3                     |
   |-------------------------------+------------+---------------------------|
   | Asterisk Appliance Developer  |   0.x.x    | All versions              |
   |              Kit              |            |                           |
   |-------------------------------+------------+---------------------------|
   |  s800i (Asterisk Appliance)   |   1.0.x    | All versions prior to     |
   |                               |            | 1.1.0.3                   |
   +------------------------------------------------------------------------+

AST-2008-004: Format String Vulnerability in Logger and Manager

   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  C.x.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |        AsteriskNOW         |  1.0.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |     Asterisk Appliance     |  0.x.x  | Unaffected                      |
   |       Developer Kit        |         |                                 |
   |----------------------------+---------+---------------------------------|
   | s800i (Asterisk Appliance) |  1.0.x  | Unaffected                      |
   +------------------------------------------------------------------------+

ASA-2007-018: Resource exhaustion vulnerability in IAX2 channel driver

   |----------------------------+-------------+-----------------------------|
   | Asterisk Business Edition  |    B.x.x    | Not affected                |
   |----------------------------+-------------+-----------------------------|
   |        AsteriskNOW         | pre-release | beta6                       |
   |----------------------------+-------------+-----------------------------|
   |     Asterisk Appliance     |    0.x.x    | 0.5.0                       |
   |       Developer Kit        |             |                             |
   |----------------------------+-------------+-----------------------------|
   | s800i (Asterisk Appliance) |    1.0.x    | 1.0.0-beta5 up to and       |
   |                            |             | including 1.0.2             |
   +------------------------------------------------------------------------+

AST-2009-010: RTP Remote Crash Vulnerability

   |----------------------------------+----------------+--------------------|
   |    Asterisk Business Edition     |     B.x.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |    Asterisk Business Edition     |     C.x.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |    s800i (Asterisk Appliance)    |     1.3.x      | All versions       |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|

AST-2009-006: IAX2 Call Number Resource Exhaustion

   |----------------------------------+----------------+--------------------|
   |    Asterisk Business Edition     |     B.x.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |    Asterisk Business Edition     |     C.x.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |    s800i (Asterisk Appliance)    |     1.3.x      | All versions       |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|

AST-2008-011: Traffic amplification in IAX2 firmware provisioning system

   |    Asterisk Business Edition     |    C.x.x    | All versions prior to |
   |                                  |             | C.1.10.3              |
   |----------------------------------+-------------+-----------------------|
   |           AsteriskNOW            | pre-release | All versions          |
   |----------------------------------+-------------+-----------------------|
   | Asterisk Appliance Developer Kit |    0.x.x    | All versions          |
   |----------------------------------+-------------+-----------------------|
   |    s800i (Asterisk Appliance)    |    1.0.x    | All versions prior to |
   |                                  |             | 1.2.0.1               |
   +------------------------------------------------------------------------+

AST-2008-001: Crash from transfer using BYE with Also header

    | Asterisk Business Edition  |    C.x.x    | All versions prior to       |
    |                            |             | C.1.0-beta8                 |
    |----------------------------+-------------+-----------------------------|
    |        AsteriskNOW         | pre-release | All versions prior to beta7 |
    |----------------------------+-------------+-----------------------------|
    |     Asterisk Appliance     |     SVN     | All versions prior to       |
    |       Developer Kit        |             | Asterisk 1.4 revision 95946 |
    |----------------------------+-------------+-----------------------------|
    | s800i (Asterisk Appliance) |    1.0.x    | All versions prior to       |
    |                            |             | 1.0.3.4                     |
    +------------------------------------------------------------------------+

AST-2009-003: SIP responses expose valid usernames

   | Asterisk Business Edition  |  C.2.x.x   | All versions prior to        |
   |                            |            | C.2.3.3                      |
   |----------------------------+------------+------------------------------|
   |        AsteriskNOW         |    1.5     | Not affected                 |
   |----------------------------+------------+------------------------------|
   | s800i (Asterisk Appliance) |   1.3.x    | All versions prior to        |
   |                            |            | 1.3.0.2                      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |

AST-2008-002: Two buffer overflows in RTP Codec Payload Handling

   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  C.x.x  | All versions prior to C.1.6.1   |
   |----------------------------+---------+---------------------------------|
   |        AsteriskNOW         |  1.0.x  | All versions prior to 1.0.2     |
   |----------------------------+---------+---------------------------------|
   |     Asterisk Appliance     |   SVN   | All versions prior to Asterisk  |
   |       Developer Kit        |         | 1.4 revision 109386             |
   |----------------------------+---------+---------------------------------|
   | s800i (Asterisk Appliance) |  1.1.x  | All versions prior to 1.1.0.2   |
   +------------------------------------------------------------------------+

AST-2009-001: Information leak in IAX2 authentication

   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  | C.2.x.x | All versions prior to C.2.1.2.1 |
   |----------------------------+---------+---------------------------------|
   |        AsteriskNOW         |   1.5   | Not affected                    |
   |----------------------------+---------+---------------------------------|
   | s800i (Asterisk Appliance) |  1.2.x  | All versions prior to 1.3.0     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|

AST-2009-005: Remote Crash Vulnerability in SIP channel driver

   |----------------------------+------------+------------------------------|
   | Asterisk Business Edition  |   C.3.x    | All versions prior to C.3.1  |
   |----------------------------+------------+------------------------------|
   |        AsteriskNOW         |    1.5     | Not affected                 |
   |----------------------------+------------+------------------------------|
   | s800i (Asterisk Appliance) |   1.2.x    | All versions prior to        |
   |                            |            | 1.3.0.3                      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |

/home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   |-----------------------------------+----------------+-------------------|
   |     Asterisk Business Edition     |     C.x.x      | N/A               |
   |-----------------------------------+----------------+-------------------|
   |            AsteriskNOW            |  pre-release   | N/A               |
   |-----------------------------------+----------------+-------------------|
   | Asterisk Appliance Developer Kit  |     0.x.x      | N/A               |
   |-----------------------------------+----------------+-------------------|
   |    s800i (Asterisk Appliance)     |     1.0.x      | N/A               |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage

   |--------------------------------+-------------+-------------------------|
   |   Asterisk Business Edition    |    B.x.x    | Not Affected            |
   |--------------------------------+-------------+-------------------------|
   |          AsteriskNOW           | pre-release | Not Affected            |
   |--------------------------------+-------------+-------------------------|
   |  Asterisk Appliance Developer  |    0.x.x    | Not Affected            |
   |              Kit               |             |                         |
   |--------------------------------+-------------+-------------------------|
   |   s800i (Asterisk Appliance)   |    1.0.x    | Not Affectted           |
   +------------------------------------------------------------------------+

AST-2007-025 - SQL Injection issue in res_config_pgsql

   |------------------------------+-------------+---------------------------|
   |  Asterisk Business Edition   |    B.x.x    | None                      |
   |------------------------------+-------------+---------------------------|
   |         AsteriskNOW          | pre-release | None                      |
   |------------------------------+-------------+---------------------------|
   | Asterisk Appliance Developer |    0.x.x    | None                      |
   |             Kit              |             |                           |
   |------------------------------+-------------+---------------------------|
   |  s800i (Asterisk Appliance)  |    1.0.x    | None                      |
   +------------------------------------------------------------------------+

AST-2010-003: Invalid parsing of ACL rules can compromise security

   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  C.x.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |        AsteriskNOW         |   1.5   | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   | s800i (Asterisk Appliance) |  1.2.x  | Unaffected                      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|

AST-2007-026 - SQL Injection issue in cdr_pgsql

   |----------------------------------+--------------+----------------------|
   |    Asterisk Business Edition     |    B.x.x     | B.2.3.3 and previous |
   |----------------------------------+--------------+----------------------|
   |           AsteriskNOW            | pre-release  | None                 |
   |----------------------------------+--------------+----------------------|
   | Asterisk Appliance Developer Kit |    0.x.x     | None                 |
   |----------------------------------+--------------+----------------------|
   |    s800i (Asterisk Appliance)    |    1.0.x     | None                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2007-022: Buffer overflows in voicemail when using IMAP storage

    |----------------------------------+-------------+-----------------------|
    |    Asterisk Business Edition     |    B.x.x    | Unaffected            |
    |----------------------------------+-------------+-----------------------|
    |           AsteriskNOW            | pre-release | Unaffected            |
    |----------------------------------+-------------+-----------------------|
    | Asterisk Appliance Developer Kit |    0.x.x    | Unaffected            |
    |----------------------------------+-------------+-----------------------|
    |    s800i (Asterisk Appliance)    |    1.0.x    | Unaffected            |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+

AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    C.x.x    | N/A                   |
   |----------------------------------+-------------+-----------------------|
   |           AsteriskNOW            | pre-release | N/A                   |
   |----------------------------------+-------------+-----------------------|
   | Asterisk Appliance Developer Kit |    0.x.x    | N/A                   |
   |----------------------------------+-------------+-----------------------|
   |    s800i (Asterisk Appliance)    |    1.0.x    | N/A                   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2009-002: Remote Crash Vulnerability in SIP channel driver

   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  B.x.x  | Not affected                    |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  C.x.x  | Only version C.2.3              |
   |----------------------------+---------+---------------------------------|
   | s800i (Asterisk Appliance) |  1.2.x  | Not affected                    |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|

AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver

   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    C.x.x    | N/A                   |
   |----------------------------------+-------------+-----------------------|
   |           AsteriskNOW            | pre-release | N/A                   |
   |----------------------------------+-------------+-----------------------|
   | Asterisk Appliance Developer Kit |    0.x.x    | N/A                   |
   |----------------------------------+-------------+-----------------------|
   |    s800i (Asterisk Appliance)    |    1.0.x    | N/A                   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2011-001: Stack buffer overflow in SIP channel driver

         Asterisk Open Source            1.4.x      All versions              
         Asterisk Open Source            1.6.x      All versions              
         Asterisk Open Source            1.8.x      All versions              
       Asterisk Business Edition         C.x.x      All versions              
              AsteriskNOW                 1.5       All versions              
      s800i (Asterisk Appliance)         1.2.x      All versions              

                                  Corrected In
            Product                              Release                      
     Asterisk Open Source       1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1,     
                                       1.6.2.16.1, 1.8.1.2, 1.8.2.1

AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code

                Product              Release Series 
         Asterisk Open Source            1.4.x      All versions              
         Asterisk Open Source            1.6.x      All versions              
       Asterisk Business Edition         C.x.x      All versions              
              AsteriskNOW                 1.5       All versions              
      s800i (Asterisk Appliance)         1.2.x      All versions              

                                  Corrected In
              Product                               Release                   
        Asterisk Open Source        1.4.39.2, 1.6.1.22, 1.6.2.16.2, 1.8.2.4   
     Asterisk Business Edition                      C.3.6.3

AST-2009-009: Cross-site AJAX request vulnerability

   | Asterisk Business Edition  |  C.x.x  | All versions prior to C.2.4.5   |
   |                            |         | and C.3.2.2                     |
   |----------------------------+---------+---------------------------------|
   |        AsteriskNOW         |   1.5   | All versions                    |
   |----------------------------+---------+---------------------------------|
   | s800i (Asterisk Appliance) |  1.2.x  | Unaffected                      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|

AST-2008-003: Unauthenticated calls allowed from SIP channel driver

   |------------------------------+---------+-------------------------------|
   |  Asterisk Business Edition   |  C.x.x  | All versions prior to C.1.6.2 |
   |------------------------------+---------+-------------------------------|
   |         AsteriskNOW          |  1.0.x  | All versions prior to 1.0.2   |
   |------------------------------+---------+-------------------------------|
   | Asterisk Appliance Developer |   SVN   | All versions prior to         |
   |             Kit              |         | Asterisk 1.4 revision 109393  |
   |------------------------------+---------+-------------------------------|
   |  s800i (Asterisk Appliance)  |  1.0.x  | All versions prior to 1.1.0.2 |
   +------------------------------------------------------------------------+

AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode

   |-------------------------------+------------+---------------------------|
   |   Asterisk Business Edition   |   C.x.x    | Not Affected              |
   |-------------------------------+------------+---------------------------|
   |          AsteriskNOW          |   1.0.x    | Not Affected              |
   |-------------------------------+------------+---------------------------|
   | Asterisk Appliance Developer  |   0.x.x    | Not Affected              |
   |              Kit              |            |                           |
   |-------------------------------+------------+---------------------------|
   |  s800i (Asterisk Appliance)   |   1.0.x    | Not Affected              |
   +------------------------------------------------------------------------+

ASA-2007-019: Remote crash vulnerability in Skinny channel driver

   |    Asterisk Business Edition     |    B.x.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |           AsteriskNOW            | pre-release | All versions prior to |
   |                                  |             | beta7                 |
   |----------------------------------+-------------+-----------------------|
   | Asterisk Appliance Developer Kit |    0.x.x    | All versions prior to |
   |                                  |             | 0.7.0                 |
   |----------------------------------+-------------+-----------------------|
   |    s800i (Asterisk Appliance)    |    1.0.x    | All versions prior to |
   |                                  |             | 1.0.3                 |
   +------------------------------------------------------------------------+
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!