New User, Welcome!     Login

Next Page >>

Corrected In

AST-2009-010: RTP Remote Crash Vulnerability

   |             | remotely crash Asterisk.                                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Upgrade to one of the versions of Asterisk listed in the  |
   |            | "Corrected In" section, or apply a patch specified in the |
   |            | "Patches" section.                                        |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |

AST-2009-007: ACL not respected on SIP INVITE

   |             | registrations was not affected.                          |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Users should upgrade to a version listed in the           |
   |            | "Corrected In" section below.                             |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|

AST-2009-004: Remote Crash Vulnerability in RTP stack

   |             | remote code with this exploit.                           |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Users should upgrade to a version listed in the           |
   |            | "Corrected In" section below.                             |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|

AST-2010-001: T.38 Remote Crash Vulnerability

   |             | well.                                                    |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Upgrade to one of the versions of Asterisk listed in the  |
   |            | "Corrected In" section, or apply a patch specified in the |
   |            | "Patches" section.                                        |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |

AST-2008-012: Remote crash vulnerability in IAX2

   |---------------------------------+----------------+---------------------|
   |   s800i (Asterisk Appliance)    |     1.2.x      | Unaffected          |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                  Product                   |          Release          |
   |--------------------------------------------+---------------------------|
   |            Asterisk Open Source            |         1.2.30.4          |
   |--------------------------------------------+---------------------------|

AST-2011-012: Remote crash vulnerability in SIP channel driver

                               Affected Versions
           Product         Release Series  
    Asterisk Open Source       1.8.x       All versions                       
    Asterisk Open Source        10.x       All versions (currently in beta)   

                                  Corrected In
                  Product                              Release                
            Asterisk Open Source                 1.8.7.1, 10.0.0-rc1          

                                    Patches                         
                             Download URL                           Revision

AST-2011-003:

   Asterisk Open Source              1.6.2.x         All versions             
   Asterisk Open Source              1.8.x           All versions             

    

   Corrected In                     
   Product                          Release                                   
   Asterisk Open Source             1.6.1.23, 1.6.2.17.1, 1.8.3.1

AST-2009-005: Remote Crash Vulnerability in SIP channel driver

   | s800i (Asterisk Appliance) |   1.2.x    | All versions prior to        |
   |                            |            | 1.3.0.3                      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                   Product                   |         Release          |
   |---------------------------------------------+--------------------------|
   |            Asterisk Open Source             |          1.2.34          |
   |---------------------------------------------+--------------------------|

AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver

   |----------------------------------+-------------+-----------------------|
   |    s800i (Asterisk Appliance)    |    1.0.x    | N/A                   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                 Product                  |           Release           |
   |------------------------------------------+-----------------------------|
   |           Asterisk Addons 1.2            |            1.2.9            |
   |------------------------------------------+-----------------------------|

AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver

   |    s800i (Asterisk Appliance)    |    1.0.x    | All versions prior to |
   |                                  |             | 1.0.3                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |    Product    |                        Release                         |
   |---------------+--------------------------------------------------------|
   | Asterisk Open |                 1.4.11, available from                 |
   |    Source     |   http://downloads.digium.com/pub/telephony/asterisk   |

AST-2009-008: SIP responses expose valid usernames

   |----------------------------+---------+---------------------------------|
   | s800i (Asterisk Appliance) |  1.2.x  | All versions prior to 1.3.0.5   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                   Product                   |         Release          |
   |---------------------------------------------+--------------------------|
   |            Asterisk Open Source             |          1.2.35          |
   |---------------------------------------------+--------------------------|

AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings

                               Affected Versions
                Product              Release Series  
         Asterisk Open Source             All        All versions             

                                  Corrected In                                
     As this is more of an issue with SIP over UDP in general, there is no    
     fix supplied other than documentation on how to avoid the problem. The   
        default NAT setting has been changed to what we believe the most      
      commonly used setting for the respective version in Asterisk 1.4.43,    
                             1.6.2.21, and 1.8.7.2.

AST-2011-004:

   Asterisk Open Source              1.6.2.x         All versions             
   Asterisk Open Source              1.8.x           All versions             

    

   Corrected In                     
   Product                          Release                                   
   Asterisk Open Source             1.6.1.23, 1.6.2.17.1, 1.8.3.1

AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode

   |-------------------------------+------------+---------------------------|
   |  s800i (Asterisk Appliance)   |   1.0.x    | Not Affected              |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |    Product    |                        Release                         |
   |---------------+--------------------------------------------------------|
   | Asterisk Open |                 1.2.29, available from                 |
   |    Source     |   http://downloads.digium.com/pub/telephony/asterisk   |

AST-2008-004: Format String Vulnerability in Logger and Manager

   |----------------------------+---------+---------------------------------|
   | s800i (Asterisk Appliance) |  1.0.x  | Unaffected                      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |    Product    |                        Release                         |
   |---------------+--------------------------------------------------------|
   | Asterisk Open |              1.6.0-beta6, available from               |
   |    Source     |   http://downloads.digium.com/pub/telephony/asterisk   |

/home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   |-----------------------------------+----------------+-------------------|
   |    s800i (Asterisk Appliance)     |     1.0.x      | N/A               |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |              Product               |              Release              |
   |------------------------------------+-----------------------------------|
   |                N/A                 |                N/A                |
   |------------------------------------+-----------------------------------|

AST-2010-002: Dialplan injection vulnerability

|--------------------------------------------------------------------------------------+------|
|http://svn.asterisk.org/svn/asterisk/branches/1.6.2/README-SERIOUSLY.bestpractices.txt|v1.6.2|
+---------------------------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                 Product                  |           Release           |
   |------------------------------------------+-----------------------------|
   |           Open Source Asterisk           |           1.2.40            |
   +------------------------------------------------------------------------+

ASA-2007-019: Remote crash vulnerability in Skinny channel driver

   +------------------------------------------------------------------------+
   | Resolution | Asterisk code has been modified to limit the incoming     |
   |            | capabilities count.                                       |
   |            |                                                           |
   |            | Users with configured Skinny devices should upgrade to    |
   |            | the appropriate version listed in the corrected in        |
   |            | section of this advisory.                                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |

AST-2007-026 - SQL Injection issue in cdr_pgsql

   |----------------------------------+--------------+----------------------|
   |    s800i (Asterisk Appliance)    |    1.0.x     | None                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                   Product                   |         Release          |
   |---------------------------------------------+--------------------------|
   |            Asterisk Open Source             |          1.2.25          |
   |---------------------------------------------+--------------------------|

AST-2011-007

   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.8.x      | All versions          |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                 Product                  |           Release           |
   |------------------------------------------+-----------------------------|
   |           Asterisk Open Source           |           1.8.4.2           |
   +------------------------------------------------------------------------+

AST-2009-001: Information leak in IAX2 authentication

   |----------------------------+---------+---------------------------------|
   | s800i (Asterisk Appliance) |  1.2.x  | All versions prior to 1.3.0     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                  Product                   |          Release          |
   |--------------------------------------------+---------------------------|
   |            Asterisk Open Source            |          1.2.31           |
   |--------------------------------------------+---------------------------|

AST-2009-006: IAX2 Call Number Resource Exhaustion

   |----------------------------------+----------------+--------------------|
   |    s800i (Asterisk Appliance)    |     1.3.x      | All versions       |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                   Product                   |         Release          |
   |---------------------------------------------+--------------------------|
   |            Asterisk Open Source             |          1.2.35          |
   |---------------------------------------------+--------------------------|

AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application

    |-----------------+----------------+-------------------------------------|
    |     Zaptel      |     1.4.x      | All versions prior to 1.4.7         |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    |                              Corrected In                              |
    |------------------------------------------------------------------------|
    |          Product           |                  Release                  |
    |----------------------------+-------------------------------------------|
    |           Zaptel           |          1.2.22, when available           |
    |----------------------------+-------------------------------------------|

ASA-2007-018: Resource exhaustion vulnerability in IAX2 channel driver

   | s800i (Asterisk Appliance) |    1.0.x    | 1.0.0-beta5 up to and       |
   |                            |             | including 1.0.2             |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |    Product    |                        Release                         |
   |---------------+--------------------------------------------------------|
   | Asterisk Open |     1.2.23 and 1.4.9, available for download from      |
   |    Source     |           http://ftp.digium.com/pub/asterisk           |

AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled

                               Affected Versions
                Product              Release Series  
         Asterisk Open Source           1.6.2.x      All versions             
         Asterisk Open Source            1.8.x       All versions             

                                  Corrected In
                   Product                              Release               
            Asterisk Open Source                   1.6.2.21, 1.8.7.2          

                                     Patches                          
                              Download URL                            Revision

AST-2008-010: Asterisk IAX 'POKE' resource exhaustion

   |    s800i (Asterisk Appliance)    |    1.0.x    | All versions prior to |
   |                                  |             | 1.2.0.1               |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                   Product                   |         Release          |
   |---------------------------------------------+--------------------------|
   |            Asterisk Open Source             |          1.2.30          |
   |---------------------------------------------+--------------------------|

AST-2007-022: Buffer overflows in voicemail when using IMAP storage

    |----------------------------------+-------------+-----------------------|
    |    s800i (Asterisk Appliance)    |    1.0.x    | Unaffected            |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    |                              Corrected In                              |
    |------------------------------------------------------------------------|
    |                 Product                  |           Release           |
    |------------------------------------------+-----------------------------|
    |           Asterisk Open Source           |           1.4.13            |
    |------------------------------------------+-----------------------------|

AST-2009-002: Remote Crash Vulnerability in SIP channel driver

   |----------------------------+---------+---------------------------------|
   | s800i (Asterisk Appliance) |  1.2.x  | Not affected                    |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                  Product                  |          Release           |
   |-------------------------------------------+----------------------------|
   |           Asterisk Open Source            |          1.4.23.2          |
   |-------------------------------------------+----------------------------|

AST-2008-011: Traffic amplification in IAX2 firmware provisioning system

   |    s800i (Asterisk Appliance)    |    1.0.x    | All versions prior to |
   |                                  |             | 1.2.0.1               |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                   Product                   |         Release          |
   |---------------------------------------------+--------------------------|
   |            Asterisk Open Source             |          1.2.30          |
   |---------------------------------------------+--------------------------|

AST-2008-002: Two buffer overflows in RTP Codec Payload Handling

   |----------------------------+---------+---------------------------------|
   | s800i (Asterisk Appliance) |  1.1.x  | All versions prior to 1.1.0.2   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |    Product    |                        Release                         |
   |---------------+--------------------------------------------------------|
   | Asterisk Open |    1.4.18.1/1.4.19-rc3/1.6.0-beta6, available from     |
   |    Source     |   http://downloads.digium.com/pub/telephony/asterisk   |
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!