New User, Welcome!     Login

Next Page >>

Exploits Known

AST-2008-011: Traffic amplification in IAX2 firmware provisioning system

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote unauthenticated sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Critical                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | July 18, 2008                                     |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Tilghman Lesher < tlesher AT digium DOT com >     |
   |--------------------+---------------------------------------------------|

AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote unauthenticated sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Major                                             |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | May 29, 2008                                      |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Tzafrir Cohen <tzafrir DOT cohen AT xorcom DOT    |
   |                    | com>                                              |

AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled

                        feature enabled                                       
    Nature of Advisory  Remote crash vulnerability in a feature that is       
                        disabled by default                                   
      Susceptibility    Remote unauthenticated sessions                       
         Severity       Moderate                                              
      Exploits Known    Yes                                                   
       Reported On      November 2, 2011                                      
       Reported By      Kristijan Vrban                                       
        Posted On       2011-11-03                                            
     Last Updated On    December 7, 2011                                      
     Advisory Contact   Terry Wilson <twilson@digium.com>

AST-2009-002: Remote Crash Vulnerability in SIP channel driver

   |---------------------+--------------------------------------------------|
   |   Susceptibility    | Remote Authenticated Sessions                    |
   |---------------------+--------------------------------------------------|
   |      Severity       | Moderate                                         |
   |---------------------+--------------------------------------------------|
   |   Exploits Known    | No                                               |
   |---------------------+--------------------------------------------------|
   |     Reported On     | February 6, 2009                                 |
   |---------------------+--------------------------------------------------|
   |     Reported By     | bugs.digium.com user klaus3000                   |
   |---------------------+--------------------------------------------------|

AST-2010-001: T.38 Remote Crash Vulnerability

   |----------------------+-------------------------------------------------|
   |    Susceptibility    | Remote unauthenticated sessions                 |
   |----------------------+-------------------------------------------------|
   |       Severity       | Critical                                        |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | 12/03/09                                        |
   |----------------------+-------------------------------------------------|
   |     Reported By      | issues.asterisk.org users bklang and elsto      |
   |----------------------+-------------------------------------------------|

AST-2011-003:

   Summary            Resource exhaustion in Asterisk Manager Interface       
   Nature of Advisory Denial of Service                                       
   Susceptibility     Remote Unauthenticated Sessions if manager interface is 
                      accessible                                              
   Severity           Moderate                                                
   Exploits Known     No                                                      
   Reported On        March 1, 2011                                           
   Reported By        Blake Cornell <blake@remoteorigin.com>
   Posted On          March 16, 2011                                          
   Last Updated On    March 14, 2011                                          
   Advisory Contact   Terry Wilson <twilson@digium.com>

AST-2008-004: Format String Vulnerability in Logger and Manager

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Moderate                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | March 13, 2008                                    |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Steve Davies (bugs.digium.com user stevedavies)   |
   |                    |                                                   |

AST-2008-001: Crash from transfer using BYE with Also header

    |---------------------+--------------------------------------------------|
    |   Susceptibility    | Remote Unauthenticated Sessions                  |
    |---------------------+--------------------------------------------------|
    |      Severity       | Critical                                         |
    |---------------------+--------------------------------------------------|
    |   Exploits Known    | No                                               |
    |---------------------+--------------------------------------------------|
    |     Reported On     | December 26, 2007                                |
    |---------------------+--------------------------------------------------|
    |     Reported By     | Grey VoIP (bugs.digium.com user greyvoip)        |
    |---------------------+--------------------------------------------------|

AST-2009-001: Information leak in IAX2 authentication

   |----------------------+-------------------------------------------------|
   |    Susceptibility    | Remote Unauthenticated Sessions                 |
   |----------------------+-------------------------------------------------|
   |       Severity       | Minor                                           |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | Yes                                             |
   |----------------------+-------------------------------------------------|
   |     Reported On      | October 15, 2008                                |
   |----------------------+-------------------------------------------------|
   |     Reported By      | http://www.unprotectedhex.com                   |
   |----------------------+-------------------------------------------------|

AST-2010-002: Dialplan injection vulnerability

   |----------------------+-------------------------------------------------|
   |    Susceptibility    | Remote Unauthenticated Sessions                 |
   |----------------------+-------------------------------------------------|
   |       Severity       | Critical                                        |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | Yes                                             |
   |----------------------+-------------------------------------------------|
   |     Reported On      | 10/02/10                                        |
   |----------------------+-------------------------------------------------|
   |     Reported By      | Hans Petter Selasky                             |
   |----------------------+-------------------------------------------------|

AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | minor                                             |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | August 23, 2007                                   |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Kevin Stewart                                     |
   |--------------------+---------------------------------------------------|

AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code

        Summary       Multiple array overflow and crash vulnerabilities in    
                      UDPTL code                                              
   Nature of Advisory Exploitable Stack and Heap Array Overflows              
     Susceptibility   Remote Unauthenticated Sessions                         
        Severity      Critical                                                
     Exploits Known   No                                                      
      Reported On     January 27, 2011                                        
      Reported By     Matthew Nicholson                                       
       Posted On      February 21, 2011                                       
    Last Updated On   February 21, 2011                                       
    Advisory Contact  Matthew Nicholson <mnicholson@digium.com>

AST-2011-011: Possible enumeration of SIP users due to differing authentication responses

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote unauthenticated sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Moderate                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | June 11, 2011                                     |
   |--------------------+---------------------------------------------------|
   |    Reported By     |                                                   |
   |--------------------+---------------------------------------------------|

AST-2009-003: SIP responses expose valid usernames

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Minor                                             |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | February 23, 2009                                 |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Gentoo Linux Project: Kerin Millar ( kerframil on |
   |                    | irc.freenode.net ) and Fergal Glynn < FGlynn AT   |

AST-2008-012: Remote crash vulnerability in IAX2

   |----------------------+-------------------------------------------------|
   |    Susceptibility    | Remote Unauthenticated Sessions                 |
   |----------------------+-------------------------------------------------|
   |       Severity       | Major                                           |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | November 22, 2008                               |
   |----------------------+-------------------------------------------------|
   |     Reported By      |Jon Leren Scho/pzinsky                           |
   |----------------------+-------------------------------------------------|

AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote unauthenticated sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Major                                             |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | May 29, 2008                                      |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Tzafrir Cohen <tzafrir DOT cohen AT xorcom DOT    |
   |                    | com>                                              |

/home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   |   Susceptibility   | Users of RSA for IAX2 authentication and users of |
   |                    | DUNDi                                             |
   |--------------------+---------------------------------------------------|
   |      Severity      | Critical                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | None specific to Asterisk, but OpenSSL exploits   |
   |                    | are circulating                                   |
   |--------------------+---------------------------------------------------|
   |    Reported On     | 13 May 2008                                       |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Luciano Bello                                     |

AST-2008-010: Asterisk IAX 'POKE' resource exhaustion

   |----------------------+-------------------------------------------------|
   |    Susceptibility    | Remote Unauthenticated Sessions                 |
   |----------------------+-------------------------------------------------|
   |       Severity       | Critical                                        |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | Yes                                             |
   |----------------------+-------------------------------------------------|
   |     Reported On      | July 18, 2008                                   |
   |----------------------+-------------------------------------------------|
   |     Reported By      | Jeremy McNamara < jj AT nufone DOT net >        |
   |----------------------+-------------------------------------------------|

AST-2009-007: ACL not respected on SIP INVITE

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote unauthorized session                       |
   |--------------------+---------------------------------------------------|
   |      Severity      | Critical                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | October 18, 2009                                  |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Thomas Athineou <thom_winkler AT web DOT de>      |
   |--------------------+---------------------------------------------------|

AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Moderate                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | August 9, 2007                                    |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Jon Moldenauer (bugs.digium.com user              |
   |                    | jmoldenhauer)                                     |

AST-2011-006: Asterisk Manager User Shell Access

         Product        Asterisk                                              
         Summary        Asterisk Manager User Shell Access                    
    Nature of Advisory  Permission Escalation                                 
      Susceptibility    Remote Authenticated Sessions                         
         Severity       Minor                                                 
      Exploits Known    Yes                                                   
       Reported On      February 10, 2011                                     
       Reported By      Mark Murawski <markm AT intellasoft DOT net>          
        Posted On       April 21, 2011                                        
     Last Updated On    April 21, 2011                                        
     Advisory Contact   Matthew Nicholson <mnicholson@digium.com>

AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Critical                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | May 8, 2008                                       |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Hooi Ng (bugs.digium.com user hooi)               |
   |--------------------+---------------------------------------------------|

AST-2011-007

   |---------------------+--------------------------------------------------|
   |   Susceptibility    | Remote Authenticated Sessions                    |
   |---------------------+--------------------------------------------------|
   |      Severity       | Moderate                                         |
   |---------------------+--------------------------------------------------|
   |   Exploits Known    | No                                               |
   |---------------------+--------------------------------------------------|
   |     Reported On     | May 23, 2011                                     |
   |---------------------+--------------------------------------------------|
   |     Reported By     | Jonathan Rose jrose@digium.com                   |
   |---------------------+--------------------------------------------------|

AST-2009-006: IAX2 Call Number Resource Exhaustion

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote unauthenticated sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Major                                             |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | Yes - Published by Blake Cornell < blake AT       |
   |                    | remoteorigin DOT com > on voip0day.com            |
   |--------------------+---------------------------------------------------|
   |    Reported On     | June 22, 2008                                     |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Noam Rathaus < noamr AT beyondsecurity DOT com >, |

AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application

    |--------------------+---------------------------------------------------|
    |   Susceptibility   | Local sessions                                    |
    |--------------------+---------------------------------------------------|
    |      Severity      | None                                              |
    |--------------------+---------------------------------------------------|
    |   Exploits Known   | None                                              |
    |--------------------+---------------------------------------------------|
    |    Reported On     | October 31, 2007                                  |
    |--------------------+---------------------------------------------------|
    |    Reported By     | Michael Bucko <michael DOT bucko AT eleytt DOT    |
    |                    | com>                                              |

AST-2010-003: Invalid parsing of ACL rules can compromise security

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Moderate                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | Feb 24, 2010                                      |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Mark Michelson                                    |
   |--------------------+---------------------------------------------------|

AST-2011-001: Stack buffer overflow in SIP channel driver

         Product        Asterisk                                              
         Summary        Stack buffer overflow in SIP channel driver           
    Nature of Advisory  Exploitable Stack Buffer Overflow                     
      Susceptibility    Remote Authenticated Sessions                         
         Severity       Moderate                                              
      Exploits Known    No                                                    
       Reported On      January 11, 2011                                      
       Reported By      Matthew Nicholson                                     
        Posted On       January 18, 2011                                      
     Last Updated On    January 18, 2011                                      
     Advisory Contact   Matthew Nicholson <mnicholson@digium.com>

AST-2008-005: HTTP Manager ID is predictable

   |----------------------+-------------------------------------------------|
   |    Susceptibility    | All users using the HTTP manager port           |
   |----------------------+-------------------------------------------------|
   |       Severity       | Minor                                           |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | February 25, 2008                               |
   |----------------------+-------------------------------------------------|
   |     Reported By      | Dino A. Dai Zovi < ddz AT theta44 DOT org >     |
   |----------------------+-------------------------------------------------|

AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings

         Summary        Possible remote enumeration of SIP endpoints with     
                        differing NAT settings                                
    Nature of Advisory  Unauthorized data disclosure                          
      Susceptibility    Remote unauthenticated sessions                       
         Severity       Minor                                                 
      Exploits Known    Yes                                                   
       Reported On      2011-07-18                                            
       Reported By      Ben Williams                                          
        Posted On       
     Last Updated On    December 7, 2011                                      
     Advisory Contact   Terry Wilson <twilson@digium.com>

ASA-2007-019: Remote crash vulnerability in Skinny channel driver

   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Authenticated Sessions                     |
   |--------------------+---------------------------------------------------|
   |      Severity      | Moderate                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | August 7, 2007                                    |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Wei Wang of McAfee AVERT Labs                     |
   |--------------------+---------------------------------------------------|
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!