New User, Welcome!     Login

Next Page >>

Asterisk Business Edition

AST-2009-005: Remote Crash Vulnerability in SIP channel driver

   |----------------------------+------------+------------------------------|
   |      Asterisk Addons       |  1.6.0.x   | Not affected                 |
   |----------------------------+------------+------------------------------|
   |      Asterisk Addons       |  1.6.1.x   | Not affected                 |
   |----------------------------+------------+------------------------------|
   | Asterisk Business Edition  |   A.x.x    | All versions                 |
   |----------------------------+------------+------------------------------|
   | Asterisk Business Edition  |   B.x.x    | All versions prior to        |
   |                            |            | B.2.5.9                      |
   |----------------------------+------------+------------------------------|
   | Asterisk Business Edition  |   C.2.x    | All versions prior to        |

AST-2009-001: Information leak in IAX2 authentication

   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.4.x  | Not affected                    |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.6.x  | Not affected                    |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  A.x.x  | All versions                    |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  B.x.x  | All versions prior to B.2.5.7   |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  | C.1.x.x | All versions prior to C.1.10.4  |
   |----------------------------+---------+---------------------------------|

AST-2009-003: SIP responses expose valid usernames

   |----------------------------+------------+------------------------------|
   |      Asterisk Addons       |   1.4.x    | Not affected                 |
   |----------------------------+------------+------------------------------|
   |      Asterisk Addons       |   1.6.x    | Not affected                 |
   |----------------------------+------------+------------------------------|
   | Asterisk Business Edition  |   A.x.x    | All versions                 |
   |----------------------------+------------+------------------------------|
   | Asterisk Business Edition  |   B.x.x    | All versions prior to        |
   |                            |            | B.2.5.8                      |
   |----------------------------+------------+------------------------------|
   | Asterisk Business Edition  |  C.1.x.x   | All versions prior to        |

AST-2009-009: Cross-site AJAX request vulnerability

   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.4.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.6.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  A.x.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  B.x.x  | All versions prior to B.2.5.12  |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  C.x.x  | All versions prior to C.2.4.5   |
   |                            |         | and C.3.2.2                     |

AST-2008-011: Traffic amplification in IAX2 firmware provisioning system

   |----------------------------------+-------------+-----------------------|
   |         Asterisk Addons          |    1.2.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |         Asterisk Addons          |    1.4.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    A.x.x    | All versions          |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    B.x.x    | All versions prior to |
   |                                  |             | B.2.5.4               |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    C.x.x    | All versions prior to |

AST-2008-010: Asterisk IAX 'POKE' resource exhaustion

   |----------------------------------+-------------+-----------------------|
   |         Asterisk Addons          |    1.2.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |         Asterisk Addons          |    1.4.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    A.x.x    | All versions          |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |   B.x.x.x   | All versions prior to |
   |                                  |             | B.2.5.4               |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |   C.x.x.x   | All versions prior to |

AST-2009-008: SIP responses expose valid usernames

   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.4.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.6.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  A.x.x  | All versions                    |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  B.x.x  | All versions prior to B.2.5.12  |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  C.x.x  | All versions prior to C.2.4.5   |
   |                            |         | and C.3.2.2                     |

AST-2009-010: RTP Remote Crash Vulnerability

   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.4.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.6.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |    Asterisk Business Edition     |     B.x.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |    Asterisk Business Edition     |     C.x.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |    s800i (Asterisk Appliance)    |     1.3.x      | All versions       |
   +------------------------------------------------------------------------+

AST-2008-006 - 3-way handshake in IAX2 incomplete

   |                               |            | 1.2.28                    |
   |-------------------------------+------------+---------------------------|
   |     Asterisk Open Source      |   1.4.x    | All versions prior to     |
   |                               |            | 1.4.20                    |
   |-------------------------------+------------+---------------------------|
   |   Asterisk Business Edition   |   A.x.x    | All versions              |
   |-------------------------------+------------+---------------------------|
   |   Asterisk Business Edition   |   B.x.x    | All versions prior to     |
   |                               |            | B.2.5.2                   |
   |-------------------------------+------------+---------------------------|
   |   Asterisk Business Edition   |   C.x.x    | All versions prior to     |

AST-2009-006: IAX2 Call Number Resource Exhaustion

   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.4.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.6.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |    Asterisk Business Edition     |     B.x.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |    Asterisk Business Edition     |     C.x.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |    s800i (Asterisk Appliance)    |     1.3.x      | All versions       |
   +------------------------------------------------------------------------+

AST-2007-027 - Database matching order permits host-based authentication to be ignored

   |                            |             | 1.2.26                      |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.4.x    | All versions prior to       |
   |                            |             | 1.4.16                      |
   |----------------------------+-------------+-----------------------------|
   | Asterisk Business Edition  |    A.x.x    | Not affected                |
   |----------------------------+-------------+-----------------------------|
   | Asterisk Business Edition  |    B.x.x    | All versions prior to       |
   |                            |             | B.2.3.6                     |
   |----------------------------+-------------+-----------------------------|
   | Asterisk Business Edition  |    C.x.x    | All versions prior to       |

AST-2009-002: Remote Crash Vulnerability in SIP channel driver

   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.4.x  | Not affected                    |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.6.x  | Not affected                    |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  A.x.x  | Not affected                    |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  B.x.x  | Not affected                    |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  C.x.x  | Only version C.2.3              |
   |----------------------------+---------+---------------------------------|

AST-2008-012: Remote crash vulnerability in IAX2

   |---------------------------------+----------------+---------------------|
   |         Asterisk Addons         |     1.4.x      | Unaffected          |
   |---------------------------------+----------------+---------------------|
   |         Asterisk Addons         |     1.6.x      | Unaffected          |
   |---------------------------------+----------------+---------------------|
   |    Asterisk Business Edition    |     A.x.x      | Unaffected          |
   |---------------------------------+----------------+---------------------|
   |    Asterisk Business Edition    |     B.x.x      | B.2.3.5-B.2.5.5     |
   |---------------------------------+----------------+---------------------|
   |    Asterisk Business Edition    |     C.x.x      | Unaffected          |
   |---------------------------------+----------------+---------------------|

AST-2008-005: HTTP Manager ID is predictable

   |                            |             | 1.4.19-rc3                  |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.6.x    | All versions prior to       |
   |                            |             | 1.6.0-beta6                 |
   |----------------------------+-------------+-----------------------------|
   | Asterisk Business Edition  |    A.x.x    | Not affected                |
   |----------------------------+-------------+-----------------------------|
   | Asterisk Business Edition  |    B.x.x    | Not affected                |
   |----------------------------+-------------+-----------------------------|
   | Asterisk Business Edition  |    C.x.x    | All versions prior to C.1.6 |
   |----------------------------+-------------+-----------------------------|

AST-2008-004: Format String Vulnerability in Logger and Manager

   |    Asterisk Open Source    |  1.4.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.6.x  | All versions prior to           |
   |                            |         | 1.6.0-beta6                     |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  A.x.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  B.x.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  C.x.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|

AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   |                                  |             | 1.2.9                 |
   |----------------------------------+-------------+-----------------------|
   |         Asterisk Addons          |    1.4.x    | All versions prior to |
   |                                  |             | 1.4.7                 |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    A.x.x    | N/A                   |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    B.x.x    | N/A                   |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    C.x.x    | N/A                   |
   |----------------------------------+-------------+-----------------------|

AST-2010-003: Invalid parsing of ACL rules can compromise security

   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.4.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |      Asterisk Addons       |  1.6.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  A.x.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  B.x.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  C.x.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|

AST-2007-026 - SQL Injection issue in cdr_pgsql

   |----------------------------------+--------------+----------------------|
   |       Asterisk Open Source       |    1.2.x     | 1.2.24 and previous  |
   |----------------------------------+--------------+----------------------|
   |       Asterisk Open Source       |    1.4.x     | 1.4.14 and previous  |
   |----------------------------------+--------------+----------------------|
   |    Asterisk Business Edition     |    A.x.x     | All versions         |
   |----------------------------------+--------------+----------------------|
   |    Asterisk Business Edition     |    B.x.x     | B.2.3.3 and previous |
   |----------------------------------+--------------+----------------------|
   |           AsteriskNOW            | pre-release  | None                 |
   |----------------------------------+--------------+----------------------|

AST-2009-007: ACL not respected on SIP INVITE

   |-------------------------------+----------------+-----------------------|
   |        Asterisk Addons        |     1.4.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |        Asterisk Addons        |     1.6.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |   Asterisk Business Edition   |     A.x.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |   Asterisk Business Edition   |     B.x.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |   Asterisk Business Edition   |     C.x.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|

AST-2009-004: Remote Crash Vulnerability in RTP stack

   |-------------------------------+----------------+-----------------------|
   |        Asterisk Addons        |     1.4.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |        Asterisk Addons        |     1.6.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |   Asterisk Business Edition   |     A.x.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |   Asterisk Business Edition   |     B.x.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |   Asterisk Business Edition   |     C.x.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|

AST-2008-003: Unauthenticated calls allowed from SIP channel driver

   |     Asterisk Open Source     |  1.2.x  | All versions prior to 1.2.27  |
   |------------------------------+---------+-------------------------------|
   |     Asterisk Open Source     |  1.4.x  | All versions prior to         |
   |                              |         | 1.4.18.1 and 1.4.19-rc3       |
   |------------------------------+---------+-------------------------------|
   |  Asterisk Business Edition   |  A.x.x  | All versions                  |
   |------------------------------+---------+-------------------------------|
   |  Asterisk Business Edition   |  B.x.x  | All versions prior to B.2.5.1 |
   |------------------------------+---------+-------------------------------|
   |  Asterisk Business Edition   |  C.x.x  | All versions prior to C.1.6.2 |
   |------------------------------+---------+-------------------------------|

AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver

   |                                  |             | 1.2.9                 |
   |----------------------------------+-------------+-----------------------|
   |         Asterisk Addons          |    1.4.x    | All versions prior to |
   |                                  |             | 1.4.7                 |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    A.x.x    | N/A                   |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    B.x.x    | N/A                   |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    C.x.x    | N/A                   |
   |----------------------------------+-------------+-----------------------|

/home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   |-----------------------------------+----------------+-------------------|
   |       Asterisk Open Source        |     1.2.x      | N/A               |
   |-----------------------------------+----------------+-------------------|
   |       Asterisk Open Source        |     1.4.x      | N/A               |
   |-----------------------------------+----------------+-------------------|
   |     Asterisk Business Edition     |     A.x.x      | N/A               |
   |-----------------------------------+----------------+-------------------|
   |     Asterisk Business Edition     |     B.x.x      | N/A               |
   |-----------------------------------+----------------+-------------------|
   |     Asterisk Business Edition     |     C.x.x      | N/A               |
   |-----------------------------------+----------------+-------------------|

AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode

   |     Asterisk Open Source      |   1.2.x    | All versions prior to     |
   |                               |            | 1.2.29                    |
   |-------------------------------+------------+---------------------------|
   |     Asterisk Open Source      |   1.4.x    | Not Affected              |
   |-------------------------------+------------+---------------------------|
   |   Asterisk Business Edition   |   A.x.x    | All versions              |
   |-------------------------------+------------+---------------------------|
   |   Asterisk Business Edition   |   B.x.x    | All versions prior to     |
   |                               |            | B.2.5.3                   |
   |-------------------------------+------------+---------------------------|
   |   Asterisk Business Edition   |   C.x.x    | Not Affected              |

AST-2008-002: Two buffer overflows in RTP Codec Payload Handling

   |                            |         | and 1.4.19-rc3                  |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.6.x  | All versions prior to           |
   |                            |         | 1.6.0-beta6                     |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  A.x.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  B.x.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  C.x.x  | All versions prior to C.1.6.1   |
   |----------------------------+---------+---------------------------------|

AST-2008-001: Crash from transfer using BYE with Also header

    |    Asterisk Open Source    |    1.2.x    | Unaffected                  |
    |----------------------------+-------------+-----------------------------|
    |    Asterisk Open Source    |    1.4.x    | All versions prior to       |
    |                            |             | 1.4.17                      |
    |----------------------------+-------------+-----------------------------|
    | Asterisk Business Edition  |    A.x.x    | Unaffected                  |
    |----------------------------+-------------+-----------------------------|
    | Asterisk Business Edition  |    B.x.x    | Unaffected                  |
    |----------------------------+-------------+-----------------------------|
    | Asterisk Business Edition  |    C.x.x    | All versions prior to       |
    |                            |             | C.1.0-beta8                 |

AST-2011-001: Stack buffer overflow in SIP channel driver

                Product              Release Series 
         Asterisk Open Source            1.2.x      All versions              
         Asterisk Open Source            1.4.x      All versions              
         Asterisk Open Source            1.6.x      All versions              
         Asterisk Open Source            1.8.x      All versions              
       Asterisk Business Edition         C.x.x      All versions              
              AsteriskNOW                 1.5       All versions              
      s800i (Asterisk Appliance)         1.2.x      All versions              

                                  Corrected In
            Product                              Release

AST-2011-011: Possible enumeration of SIP users due to differing authentication responses

   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |    1.6.2.x     | All versions       |
   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.8.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |    Asterisk Business Edition     |     C.3.x      | All versions       |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|

AST-2011-006: Asterisk Manager User Shell Access

                Product              Release Series 
         Asterisk Open Source            1.4.x      All versions              
         Asterisk Open Source           1.6.1.x     All versions              
         Asterisk Open Source           1.6.2.x     All versions              
         Asterisk Open Source            1.8.x      All versions              
       Asterisk Business Edition         C.x.x      All versions              

                                  Corrected In
              Product                               Release                   
        Asterisk Open Source        1.4.40.1, 1.6.1.25, 1.6.2.17.3, 1.8.3.3   
     Asterisk Business Edition                      C.3.6.4

AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage

   |--------------------------------+-------------+-------------------------|
   |      Asterisk Open Source      |    1.2.x    | Not Affected            |
   |--------------------------------+-------------+-------------------------|
   |      Asterisk Open Source      |    1.4.x    | Versions 1.4.5 - 1.4.11 |
   |--------------------------------+-------------+-------------------------|
   |   Asterisk Business Edition    |    A.x.x    | Not Affected            |
   |--------------------------------+-------------+-------------------------|
   |   Asterisk Business Edition    |    B.x.x    | Not Affected            |
   |--------------------------------+-------------+-------------------------|
   |          AsteriskNOW           | pre-release | Not Affected            |
   |--------------------------------+-------------+-------------------------|
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!