New User, Welcome!     Login

Next Page >>

Asterisk Project Security Advisory

AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings

      commonly used setting for the respective version in Asterisk 1.4.43,    
                             1.6.2.21, and 1.8.7.2.                           

            Links          

    Asterisk Project Security Advisories are posted at                        
    http://www.asterisk.org/security                                          
                                                                              
    This document may be superseded by later versions; if so, the latest      
    version will be posted at                                                 
    http://downloads.digium.com/pub/security/AST-2011-013.pdf and

AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage

   +------------------------------------------------------------------------+
   |      Links       | http://bugs.digium.com/view.php?id=10544            |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security.                                      |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/asa/AST-2007-021.pdf and               |

AST-2009-009: Cross-site AJAX request vulnerability

   +------------------------------------------------------------------------+
   |     Links      | https://issues.asterisk.org/view.php?id=16139         |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2009-009.pdf and          |

AST-2009-001: Information leak in IAX2 authentication

   +------------------------------------------------------------------------+
   |        Links        | http://code.google.com/p/iaxscan/                |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2009-001.pdf and          |

AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled

   http://downloads.asterisk.org/pub/security/AST-2011-014-1.6.2.diff 1.6.2.20 
   http://downloads.asterisk.org/pub/security/AST-2011-014-1.8.diff   1.8.7.1  

            Links          

    Asterisk Project Security Advisories are posted at                        
    http://www.asterisk.org/security                                          
                                                                              
    This document may be superseded by later versions; if so, the latest      
    version will be posted at                                                 
    http://downloads.digium.com/pub/security/AST-2011-014.pdf and

AST-2008-001: Crash from transfer using BYE with Also header

    +------------------------------------------------------------------------+
    |      Links       | http://bugs.digium.com/view.php?id=11637            |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    | Asterisk Project Security Advisories are posted at                     |
    | http://www.asterisk.org/security                                       |
    |                                                                        |
    | This document may be superseded by later versions; if so, the latest   |
    | version will be posted at                                              |
    | http://downloads.digium.com/pub/security/AST-2008-001.pdf and          |

AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2008-009.pdf and          |

AST-2011-012: Remote crash vulnerability in SIP channel driver

   http://downloads.asterisk.org/pub/security/AST-2011-012-1.8.diff 1.8       
   http://downloads.asterisk.org/pub/security/AST-2011-012-10.diff  10        

            Links          

    Asterisk Project Security Advisories are posted at                        
    http://www.asterisk.org/security                                          
                                                                              
    This document may be superseded by later versions; if so, the latest      
    version will be posted at                                                 
    http://downloads.digium.com/pub/security/AST-2011-012.pdf and

AST-2009-008: SIP responses expose valid usernames

   +------------------------------------------------------------------------+
   |        Links         |                                                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2009-008.pdf and          |

AST-2008-006 - 3-way handshake in IAX2 incomplete

   +------------------------------------------------------------------------+
   |   Links    | https://www.altsci.com/concepts/page.php?s=asteri&p=2     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2008-006.pdf and          |

AST-2007-027 - Database matching order permits host-based authentication to be ignored

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2007-027.pdf and          |

AST-2011-006: Asterisk Manager User Shell Access

   http://downloads.asterisk.org/pub/security/AST-2011-006-1.6.2.diff  1.6.2  
   http://downloads.asterisk.org/pub/security/AST-2011-006-1.8.diff    1.8    

          Links         

   Asterisk Project Security Advisories are posted at                         
   http://www.asterisk.org/security                                           
                                                                              
   This document may be superseded by later versions; if so, the latest       
   version will be posted at                                                  
   http://downloads.digium.com/pub/security/AST-2011-006.pdf and

AST-2008-011: Traffic amplification in IAX2 firmware provisioning system

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2008-011.pdf and          |

AST-2008-012: Remote crash vulnerability in IAX2

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2008-012.pdf and          |

AST-2009-010: RTP Remote Crash Vulnerability

   +------------------------------------------------------------------------+
   |     Links      | https://issues.asterisk.org/view.php?id=16242         |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2009-010.pdf and          |

AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code

   http://downloads.asterisk.org/pub/security/AST-2011-002-1.6.2.diff  1.6.2  
   http://downloads.asterisk.org/pub/security/AST-2011-002-1.8.diff    1.8    

          Links         

   Asterisk Project Security Advisories are posted at                         
   http://www.asterisk.org/security                                           
                                                                              
   This document may be superseded by later versions; if so, the latest       
   version will be posted at                                                  
   http://downloads.digium.com/pub/security/AST-2011-002.pdf and

AST-2008-002: Two buffer overflows in RTP Codec Payload Handling

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2008-002.pdf and          |

AST-2007-025 - SQL Injection issue in res_config_pgsql

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2007-025.pdf and          |

AST-2007-023 - SQL Injection Vulnerabilty in cdr_addon_mysql

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security.                                      |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2007-023.pdf and          |

AST-2011-007

   |-----------------------------------------------------------------+------|
   |Http://downloads.asterisk.org/pub/security/AST-2011-007-1.8.diff |1.8   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2011-007.pdf and          |

AST-2007-022: Buffer overflows in voicemail when using IMAP storage

    +------------------------------------------------------------------------+
    |        Links        |                                                  |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    | Asterisk Project Security Advisories are posted at                     |
    | http://www.asterisk.org/security.                                      |
    |                                                                        |
    | This document may be superseded by later versions; if so, the latest   |
    | version will be posted at                                              |
    | http://downloads.digium.com/pub/security/AST-2007-022.pdf and          |

AST-2011-001: Stack buffer overflow in SIP channel driver

   http://downloads.asterisk.org/pub/security/AST-2011-001-1.4.diff    1.4    
   http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.1.diff  1.6.1  
   http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff  1.6.2  
   http://downloads.asterisk.org/pub/security/AST-2011-001-1.8.diff    1.8    

   Asterisk Project Security Advisories are posted at                         
   http://www.asterisk.org/security                                           
                                                                              
   This document may be superseded by later versions; if so, the latest       
   version will be posted at                                                  
   http://downloads.digium.com/pub/security/AST-2011-001.pdf and

AST-2009-002: Remote Crash Vulnerability in SIP channel driver

   |                  |                                                     |
   |                  | http://bugs.digium.com/view.php?id=13547            |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2009-002.pdf and          |

ASA-2007-018: Resource exhaustion vulnerability in IAX2 channel driver

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | [LINK][LINK]http://www.asterisk.org/security[LINK][LINK].              |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://ftp.digium.com/pub/asa/ASA-2007-018.pdf.                        |

AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver

   |                  |                                                     |
   |                  | http://bugs.digium.com/view.php?id=10418            |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security.                                      |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/asa/AST-2007-020.pdf and               |

AST-2009-004: Remote Crash Vulnerability in RTP stack

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2009-004.pdf and          |

AST-2009-005: Remote Crash Vulnerability in SIP channel driver

   +------------------------------------------------------------------------+
   |   Links   | http://labs.mudynamics.com/advisories/MU-200908-01.txt     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2009-005.pdf and          |

AST-2008-010: Asterisk IAX 'POKE' resource exhaustion

|-----+----------------------------------------------------------------------------------------------------------------------|
|     |http://www.securityfocus.com/bid/30321/info                                                                           |
+----------------------------------------------------------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2008-010.pdf and          |

AST-2009-006: IAX2 Call Number Resource Exhaustion

   |                | https://issues.asterisk.org/view.php?id=12912         |
   |                | http://www.beyondsecurity.com/ssd.html                |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2009-006.pdf and          |

ASA-2007-019: Remote crash vulnerability in Skinny channel driver

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security.                                      |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/asa/ASA-2007-019.pdf and               |
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!