New User, Welcome!     Login

Jason Parker

AST-2008-003: Unauthenticated calls allowed from SIP channel driver

   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | March 12, 2008                                    |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Jason Parker <jparker@digium.com>                 |
   |--------------------+---------------------------------------------------|
   |     Posted On      | March 18, 2008                                    |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | March 18, 2008                                    |
   |--------------------+---------------------------------------------------|

[SECURITY] [DSA 1525-1] New asterisk packages fix several vulnerabilities

    configured to run without a password and only host-based
    authentication.

CVE-2008-1332

    Jason Parker discovered that insufficient validation of From:
    headers inside the SIP channel driver may lead to authentication
    bypass and the potential external initiation of calls.

This update also fixes a format string vulnerability, which can only
be triggered through configuration files under control of the local

[SECURITY] [DSA 1525-1] New asterisk packages fix several vulnerabilities

    configured to run without a password and only host-based
    authentication.

CVE-2008-1332

    Jason Parker discovered that insufficient validation of From:
    headers inside the SIP channel driver may lead to authentication
    bypass and the potential external initiation of calls.

This update also fixes a format string vulnerability, which can only
be triggered through configuration files under control of the local

ASA-2007-019: Remote crash vulnerability in Skinny channel driver

   |--------------------+---------------------------------------------------|
   |     Posted On      | August 7, 2007                                    |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | August 7, 2007                                    |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Jason Parker <jparker@digium.com>                 |
   |--------------------+---------------------------------------------------|
   |      CVE Name      |                                                   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!