Documents Associated to Asterisk Open Source

New User, Welcome! Login

Asterisk Open Source

AST-2009-008: SIP responses expose valid usernames

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           | Release |                                 |
   |                            | Series  |                                 |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.2.x  | All versions prior to 1.2.35    |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.4.x  | All versions prior to 1.4.26.3  |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    | 1.6.0.x | All versions prior to 1.6.0.17  |
   |----------------------------+---------+---------------------------------|

AST-2009-005: Remote Crash Vulnerability in SIP channel driver

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           |  Release   |                              |
   |                            |   Series   |                              |
   |----------------------------+------------+------------------------------|
   |    Asterisk Open Source    |   1.2.x    | All versions prior to 1.2.34 |
   |----------------------------+------------+------------------------------|
   |    Asterisk Open Source    |   1.4.x    | All versions prior to        |
   |                            |            | 1.4.26.1                     |
   |----------------------------+------------+------------------------------|
   |    Asterisk Open Source    |  1.6.0.x   | All versions prior to        |

AST-2009-002: Remote Crash Vulnerability in SIP channel driver

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           | Release |                                 |
   |                            | Series  |                                 |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.2.x  | Not affected                    |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.4.x  | Versions 1.4.22, 1.4.23,        |
   |                            |         | 1.4.23.1                        |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    | 1.6.0.x | All versions prior to 1.6.0.6   |

AST-2009-010: RTP Remote Crash Vulnerability

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              | Release Series |                    |
   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.2.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.4.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.6.x      | All versions       |
   |----------------------------------+----------------+--------------------|

AST-2009-006: IAX2 Call Number Resource Exhaustion

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              | Release Series |                    |
   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.2.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.4.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.6.x      | All versions       |
   |----------------------------------+----------------+--------------------|

AST-2009-009: Cross-site AJAX request vulnerability

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           | Release |                                 |
   |                            | Series  |                                 |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.2.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.4.x  | All versions prior to 1.4.26.3  |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    | 1.6.0.x | All versions prior to 1.6.0.17  |
   |----------------------------+---------+---------------------------------|

AST-2009-001: Information leak in IAX2 authentication

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           | Release |                                 |
   |                            | Series  |                                 |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.2.x  | All version prior to 1.2.31     |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.4.x  | All versions prior to           |
   |                            |         | 1.4.23-rc4                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.6.x  | All versions prior to           |

AST-2009-003: SIP responses expose valid usernames

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           |  Release   |                              |
   |                            |   Series   |                              |
   |----------------------------+------------+------------------------------|
   |    Asterisk Open Source    |   1.2.x    | All versions prior to 1.2.32 |
   |----------------------------+------------+------------------------------|
   |    Asterisk Open Source    |   1.4.x    | All versions prior to        |
   |                            |            | 1.4.24.1                     |
   |----------------------------+------------+------------------------------|
   |    Asterisk Open Source    |  1.6.0.x   | All versions prior to        |

AST-2011-006: Asterisk Manager User Shell Access

   Resolution Asterisk now performs the proper access check where appropriate 
              during the originate manager action.                            

                               Affected Versions
                Product              Release Series 
         Asterisk Open Source            1.4.x      All versions              
         Asterisk Open Source           1.6.1.x     All versions              
         Asterisk Open Source           1.6.2.x     All versions              
         Asterisk Open Source            1.8.x      All versions              
       Asterisk Business Edition         C.x.x      All versions

AST-2008-010: Asterisk IAX 'POKE' resource exhaustion

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              |   Release   |                       |
   |                                  |   Series    |                       |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.0.x    | All versions          |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.2.x    | All versions prior to |
   |                                  |             | 1.2.30                |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.4.x    | All versions prior to |

AST-2007-026 - SQL Injection issue in cdr_pgsql

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              |   Release    |                      |
   |                                  |    Series    |                      |
   |----------------------------------+--------------+----------------------|
   |       Asterisk Open Source       |    1.0.x     | All versions         |
   |----------------------------------+--------------+----------------------|
   |       Asterisk Open Source       |    1.2.x     | 1.2.24 and previous  |
   |----------------------------------+--------------+----------------------|
   |       Asterisk Open Source       |    1.4.x     | 1.4.14 and previous  |
   |----------------------------------+--------------+----------------------|

AST-2008-005: HTTP Manager ID is predictable

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           |   Release   |                             |
   |                            |   Series    |                             |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.0.x    | Not affected                |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.2.x    | Not affected                |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.4.x    | All versions prior to       |
   |                            |             | 1.4.19-rc3                  |

AST-2008-011: Traffic amplification in IAX2 firmware provisioning system

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              |   Release   |                       |
   |                                  |   Series    |                       |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.0.x    | All versions          |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.2.x    | All versions prior to |
   |                                  |             | 1.2.30                |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.4.x    | All versions prior to |

AST-2011-001: Stack buffer overflow in SIP channel driver

              strings passed to the URIENCODE dialplan function should be     
              limited in this manner.                                         

                               Affected Versions
                Product              Release Series 
         Asterisk Open Source            1.2.x      All versions              
         Asterisk Open Source            1.4.x      All versions              
         Asterisk Open Source            1.6.x      All versions              
         Asterisk Open Source            1.8.x      All versions              
       Asterisk Business Edition         C.x.x      All versions              
              AsteriskNOW                 1.5       All versions

AST-2007-027 - Database matching order permits host-based authentication to be ignored

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           |   Release   |                             |
   |                            |   Series    |                             |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.0.x    | Not affected                |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.2.x    | All versions prior to       |
   |                            |             | 1.2.26                      |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.4.x    | All versions prior to       |

AST-2011-005: File Descriptor Resource Exhaustion

              systems can be protected by disabling the vulnerable services   
              in their respective configuration files.                        

                               Affected Versions
                Product              Release Series 
         Asterisk Open Source            1.4.x      All versions              
         Asterisk Open Source           1.6.1.x     All versions              
         Asterisk Open Source           1.6.2.x     All versions              
         Asterisk Open Source            1.8.x      All versions              
       Asterisk Business Edition         C.x.x      All versions

AST-2008-006 - 3-way handshake in IAX2 incomplete

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |            Product            |  Release   |                           |
   |                               |   Series   |                           |
   |-------------------------------+------------+---------------------------|
   |     Asterisk Open Source      |   1.0.x    | All versions              |
   |-------------------------------+------------+---------------------------|
   |     Asterisk Open Source      |   1.2.x    | All versions prior to     |
   |                               |            | 1.2.28                    |
   |-------------------------------+------------+---------------------------|
   |     Asterisk Open Source      |   1.4.x    | All versions prior to     |

AST-2011-003:

    

   Affected Versions                 
   Product                           Release Series                           
   Asterisk Open Source              1.6.1.x         All versions             
   Asterisk Open Source              1.6.2.x         All versions             
   Asterisk Open Source              1.8.x           All versions

AST-2008-004: Format String Vulnerability in Logger and Manager

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           | Release |                                 |
   |                            | Series  |                                 |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.0.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.2.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.4.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|

AST-2010-001: T.38 Remote Crash Vulnerability

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              | Release Series |                    |
   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.6.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |    Asterisk Business Edition     |      C.3       | All versions       |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

AST-2007-025 - SQL Injection issue in res_config_pgsql

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |           Product            |   Release   |                           |
   |                              |   Series    |                           |
   |------------------------------+-------------+---------------------------|
   |     Asterisk Open Source     |    1.0.x    | None                      |
   |------------------------------+-------------+---------------------------|
   |     Asterisk Open Source     |    1.2.x    | None                      |
   |------------------------------+-------------+---------------------------|
   |     Asterisk Open Source     |    1.4.x    | 1.4.14 and previous       |
   |                              |             | versions                  |

AST-2007-022: Buffer overflows in voicemail when using IMAP storage

    |                           Affected Versions                            |
    |------------------------------------------------------------------------|
    |             Product              |   Release   |                       |
    |                                  |   Series    |                       |
    |----------------------------------+-------------+-----------------------|
    |       Asterisk Open Source       |    1.0.x    | Unaffected            |
    |----------------------------------+-------------+-----------------------|
    |       Asterisk Open Source       |    1.2.x    | Unaffected            |
    |----------------------------------+-------------+-----------------------|
    |       Asterisk Open Source       |    1.4.x    | All versions prior to |
    |                                  |             | 1.4.13                |

AST-2008-012: Remote crash vulnerability in IAX2

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product             | Release Series |                     |
   |---------------------------------+----------------+---------------------|
   |      Asterisk Open Source       |     1.2.x      | 1.2.26-1.2.30.3     |
   |---------------------------------+----------------+---------------------|
   |      Asterisk Open Source       |     1.4.x      | Unaffected          |
   |---------------------------------+----------------+---------------------|
   |      Asterisk Open Source       |     1.6.x      | Unaffected          |
   |---------------------------------+----------------+---------------------|

AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage

   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Since this is a minor issue, a new release is not         |
   |            | immediately planned. However, the issue will be fixed in  |
   |            | Asterisk Open Source version 1.4.12 when it is released.  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|

AST-2011-004:

    

   Affected Versions                 
   Product                           Release Series                           
   Asterisk Open Source              1.6.1.x         All versions             
   Asterisk Open Source              1.6.2.x         All versions             
   Asterisk Open Source              1.8.x           All versions

AST-2011-011: Possible enumeration of SIP users due to differing authentication responses

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              | Release Series |                    |
   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.4.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |    1.6.2.x     | All versions       |
   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.8.x      | All versions       |
   |----------------------------------+----------------+--------------------|

AST-2008-002: Two buffer overflows in RTP Codec Payload Handling

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           | Release |                                 |
   |                            | Series  |                                 |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.0.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.2.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.4.x  | All versions prior to 1.4.18.1  |
   |                            |         | and 1.4.19-rc3                  |

AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code

                                                                              
              noload => chan_ooh323                                           

                               Affected Versions
                Product              Release Series 
         Asterisk Open Source            1.4.x      All versions              
         Asterisk Open Source            1.6.x      All versions              
       Asterisk Business Edition         C.x.x      All versions              
              AsteriskNOW                 1.5       All versions              
      s800i (Asterisk Appliance)         1.2.x      All versions

AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              |   Release   |                       |
   |                                  |   Series    |                       |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.0.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.2.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.4.x    | All versions prior to |
   |                                  |             | 1.4.11                |

ASA-2007-019: Remote crash vulnerability in Skinny channel driver

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              |   Release   |                       |
   |                                  |   Series    |                       |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.0.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.2.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.4.x    | All versions prior to |
   |                                  |             | 1.4.10                |

Next Page>>

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!