[asterisk-users] AST-2008-002: Two buffer overflows in RTP Codec Payload Handling

Asterisk Project Security Advisory - AST-2008-002 ++ | Product | Asterisk |

[asterisk-users] AST-2008-003: Unauthenticated calls allowed from SIP channel driver

Asterisk Project Security Advisory - AST-2008-003 ++ | Product | Asterisk |

[asterisk-users] AST-2008-004: Format String Vulnerability in Logger and Manager

Asterisk Project Security Advisory - AST-2008-004 ++ | Product | Asterisk |

[asterisk-users] AST-2008-005: HTTP Manager ID is predictable

Asterisk Project Security Advisory - AST-2008-005 ++ | Product| Asterisk|

[asterisk-users] /home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

Asterisk Project Security Advisory - AST-2008-007 ++ | Product | Asterisk |

[asterisk-users] AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

Asterisk Project Security Advisory - AST-2008-009 ++ | Product | Asterisk-Addons |

[asterisk-users] AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver

Asterisk Project Security Advisory - AST-2008-009 ++ | Product | Asterisk-Addons |

[asterisk-users] AST-2008-010: Asterisk IAX 'POKE' resource exhaustion

Asterisk Project Security Advisory - AST-2008-010 ++ | Product| Asterisk|

[asterisk-users] AST-2008-011: Traffic amplification in IAX2 firmware provisioning system

Asterisk Project Security Advisory - AST-2008-011 ++ | Product | Asterisk |

[asterisk-users] AST-2008-012: Remote crash vulnerability in IAX2

Asterisk Project Security Advisory - AST-2008-012 ++ | Product| Asterisk|

[asterisk-users] AST-2009-001: Information leak in IAX2 authentication

Asterisk Project Security Advisory - AST-2009-001 ++ | Product| Asterisk|

[asterisk-users] AST-2009-002: Remote Crash Vulnerability in SIP channel driver

Asterisk Project Security Advisory - AST-2009-002 ++ | Product | Asterisk |

[asterisk-users] AST-2009-003: SIP responses expose valid usernames

Asterisk Project Security Advisory - AST-2009-003 ++ | Product | Asterisk |

[asterisk-users] Asterisk 1.4.15 and 1.2.25 Released

The Asterisk.org development team has released Asterisk versions 1.4.15 and 1.2.25. These releases contain two fixes for security issues. http://downloads.digium.com/pub/asa/AST-2007-025.pdf * This is a SQL injection vulnerability in the res_config_pgsql module. Default installations of

[asterisk-users] AST-2007-025 - SQL Injection issue in res_config_pgsql

Asterisk Project Security Advisory - AST-2007-025 ++ | Product| Asterisk|

[asterisk-users] AST-2007-026 - SQL Injection issue in cdr_pgsql

Asterisk Project Security Advisory - AST-2007-026 ++ | Product| Asterisk|

[asterisk-users] AST-2008-001: Crash from transfer using BYE with Also header

Asterisk Project Security Advisory - AST-2008-001 ++ | Product | Asterisk |

[asterisk-users] AST-2009-004: Remote Crash Vulnerability in RTP stack

Asterisk Project Security Advisory - AST-2009-004 ++ | Product| Asterisk|

[asterisk-users] AST-2009-005: Remote Crash Vulnerability in SIP channel driver

Asterisk Project Security Advisory - AST-2009-005 ++ | Product | Asterisk |

[asterisk-users] AST-2009-006: IAX2 Call Number Resource Exhaustion

Asterisk Project Security Advisory - AST-2009-006 ++ | Product | Asterisk |

[asterisk-users] AST-2009-007: ACL not respected on SIP INVITE

Asterisk Project Security Advisory - AST-2009-007 ++ | Product | Asterisk |

[asterisk-users] AST-2009-008: SIP responses expose valid usernames

Asterisk Project Security Advisory - AST-2009-008 ++ | Product| Asterisk|

[asterisk-users] AST-2009-009: Cross-site AJAX request vulnerability

Asterisk Project Security Advisory - AST-2009-009 ++ | Product| Asterisk|

[asterisk-users] AST-2009-010: RTP Remote Crash Vulnerability

Asterisk Project Security Advisory - AST-2009-010 ++ | Product| Asterisk|

[asterisk-users] AST-2010-001: T.38 Remote Crash Vulnerability

Asterisk Project Security Advisory - AST-2010-001 ++ | Product| Asterisk|

[asterisk-users] AST-2010-002: Dialplan injection vulnerability

Asterisk Project Security Advisory - AST-2010-002 ++ | Product| Asterisk|

[asterisk-users] AST-2010-003: Invalid parsing of ACL rules can compromise security

Asterisk Project Security Advisory - AST-2010-003 ++ | Product | Asterisk |

[asterisk-users] AST-2011-001: Stack buffer overflow in SIP channel driver

Asterisk Project Security Advisory - AST-2011-001 ProductAsterisk SummaryStack buffer overflow in SIP channel driver Nature of Advisory Exploitable Stack Buffer Overflow

[asterisk-users] AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code

Asterisk Project Security Advisory - AST-2011-002 Product Asterisk Summary Multiple array overflow and crash vulnerabilities in UDPTL code

[asterisk-users] AST-2011-003:

ProductAsterisk SummaryResource exhaustion in Asterisk Manager Interface Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions if

[asterisk-users] AST-2011-004:

ProductAsterisk SummaryRemote crash vulnerability in TCP/TLS server Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions

[asterisk-users] AST-2011-005: File Descriptor Resource Exhaustion

Asterisk Project Security Advisory - AST-2011-005 Product Asterisk Summary File Descriptor Resource Exhaustion Nature of Advisory Denial of Service

[asterisk-users] AST-2011-006: Asterisk Manager User Shell Access

Asterisk Project Security Advisory - AST-2011-006 ProductAsterisk SummaryAsterisk Manager User Shell Access Nature of Advisory Permission Escalation

[asterisk-users] AST-2011-011: Possible enumeration of SIP users due to differing authentication responses

Asterisk Project Security Advisory - AST-2011-011 ++ | Product | Asterisk |

[asterisk-users] AST-2011-012: Remote crash vulnerability in SIP channel driver

Asterisk Project Security Advisory - AST-2011-012 Product Asterisk Summary Remote crash vulnerability in SIP channel driver Nature of Advisory Remote crash

[asterisk-users] AST-2012-001: SRTP Video Remote Crash Vulnerability

Asterisk Project Security Advisory - AST-2012-001 ++ | Product| Asterisk|

[asterisk-users] AST-2012-003: Stack Buffer Overflow in HTTP Manager

Asterisk Project Security Advisory - AST-2012-003 Product Asterisk Summary Stack Buffer Overflow in HTTP Manager Nature of Advisory Exploitable Stack Buffer Overflow

[asterisk-users] AST-2012-002: Remote Crash Vulnerability in Milliwatt Application

Asterisk Project Security Advisory - AST-2012-002 ProductAsterisk SummaryRemote Crash Vulnerability in Milliwatt Application Nature of Advisory Exploitable Stack Buffer Overflow with locally

[asterisk-users] AST-2012-004: Asterisk Manager User Unauthorized Shell Access

Asterisk Project Security Advisory - AST-2012-004 Product Asterisk Summary Asterisk Manager User Unauthorized Shell Access Nature of Advisory Permission Escalation

[asterisk-users] AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver

Asterisk Project Security Advisory - AST-2012-005 Product Asterisk Summary Heap Buffer Overflow in Skinny Channel Driver Nature of Advisory Exploitable Heap Buffer Overflow

[asterisk-users] AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver

Asterisk Project Security Advisory - AST-2012-006 Product Asterisk Summary Remote Crash Vulnerability in SIP Channel Driver Nature of Advisory Remote Crash

[asterisk-users] AST-2012-007: Remote crash vulnerability in IAX2 channel driver.

Asterisk Project Security Advisory - AST-2012-007 ProductAsterisk SummaryRemote crash vulnerability in IAX2 channel driver. Nature of Advisory Remote crash

[asterisk-users] AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability

Asterisk Project Security Advisory - AST-2012-008 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service

[asterisk-users] AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability

Asterisk Project Security Advisory - AST-2012-009 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service

[asterisk-users] AST-2012-012: Asterisk Manager User Unauthorized Shell Access

Asterisk Project Security Advisory - AST-2012-012 Product Asterisk Summary Asterisk Manager User Unauthorized Shell Access Nature of Advisory Permission Escalation

[asterisk-users] AST-2012-013: ACL rules ignored when placing outbound calls by certain IAX2 users

Asterisk Project Security Advisory - AST-2012-013 ProductAsterisk SummaryACL rules ignored when placing outbound calls by certain IAX2 users

[asterisk-users] AST-2012-014: Crashes due to large stack allocations when using TCP

Asterisk Project Security Advisory - AST-2012-014 ProductAsterisk SummaryCrashes due to large stack allocations when using TCP

[asterisk-users] AST-2012-015: Denial of Service Through Exploitation of Device State Caching

Asterisk Project Security Advisory - AST-2012-015 ProductAsterisk SummaryDenial of Service Through Exploitation of Device State Caching

[asterisk-users] AST-2013-001: Buffer Overflow Exploit Through SIP SDP Header

Asterisk Project Security Advisory - AST-2013-001 Product Asterisk Summary Buffer Overflow Exploit Through SIP SDP Header Nature of Advisory Exploitable Stack Buffer Overflow

[asterisk-users] AST-2013-002: Denial of Service in HTTP server

Asterisk Project Security Advisory - AST-2013-002 Product Asterisk Summary Denial of Service in HTTP server Nature of Advisory Denial of Service

[asterisk-users] AST-2013-003: Username disclosure in SIP channel driver

Asterisk Project Security Advisory - AST-2013-003 Product Asterisk Summary Username disclosure in SIP channel driver Nature of Advisory Unauthorized data disclosure

[asterisk-users] AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP

Asterisk Project Security Advisory - AST-2013-004 Product Asterisk Summary Remote Crash From Late Arriving SIP ACK With SDP Nature of Advisory Remote Crash

[asterisk-users] AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request

Asterisk Project Security Advisory - AST-2013-005 ProductAsterisk SummaryRemote Crash when Invalid SDP is sent in SIP Request Nature of Advisory Remote Crash

[asterisk-users] AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message

Asterisk Project Security Advisory - AST-2013-006 ProductAsterisk SummaryBuffer Overflow when receiving odd length 16 bit SMS message

[asterisk-users] AST-2013-007: Asterisk Manager User Dialplan Permission Escalation

Asterisk Project Security Advisory - AST-2013-007 ProductAsterisk SummaryAsterisk Manager User Dialplan Permission Escalation Nature of Advisory Permission Escalation

[asterisk-users] AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers

Asterisk Project Security Advisory - AST-2014-002 ProductAsterisk SummaryDenial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers

[asterisk-users] AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.

Asterisk Project Security Advisory - AST-2014-001 ProductAsterisk SummaryStack Overflow in HTTP Processing of Cookie Headers. Nature of Advisory Denial Of Service

[asterisk-users] AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver

Asterisk Project Security Advisory - AST-2014-003 ProductAsterisk SummaryRemote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service

[asterisk-users] AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling

Asterisk Project Security Advisory - AST-2014-004 ProductAsterisk SummaryRemote Crash Vulnerability in PJSIP Channel Driver Subscription Handling

[asterisk-users] AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework

Asterisk Project Security Advisory - AST-2014-005 ProductAsterisk SummaryRemote Crash in PJSIP Channel Driver's Publish/Subscribe Framework

[asterisk-users] AST-2014-006: Asterisk Manager User Unauthorized Shell Access

Asterisk Project Security Advisory - AST-2014-006 Product Asterisk Summary Asterisk Manager User Unauthorized Shell Access Nature of Advisory Permission Escalation

[asterisk-users] AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions

Asterisk Project Security Advisory - AST-2014-008 ProductAsterisk SummaryDenial of Service in PJSIP Channel Driver Subscriptions

[asterisk-users] AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections

Asterisk Project Security Advisory - AST-2014-007 Product Asterisk Summary Exhaustion of Allowed Concurrent HTTP Connections Nature of Advisory Denial Of Service

[asterisk-users] AST-2014-009: Remote crash based on malformed SIP subscription requests

Asterisk Project Security Advisory - AST-2014-009 ProductAsterisk SummaryRemote crash based on malformed SIP subscription requests

[asterisk-users] AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations

Asterisk Project Security Advisory - AST-2014-010 ProductAsterisk SummaryRemote crash when handling out of call message in certain dialplan configurations

[asterisk-users] AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability

Asterisk Project Security Advisory - AST-2014-011 ProductAsterisk SummaryAsterisk Susceptibility to POODLE Vulnerability Nature of Advisory Unauthorized Data Disclosure

[asterisk-users] AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic.

Asterisk Project Security Advisory - AST-2014-012 ProductAsterisk SummaryMixed IP address families in access control lists may permit unwanted traffic.

[asterisk-users] AST-2014-014: High call load may result in hung channels in ConfBridge.

Asterisk Project Security Advisory - AST-2014-014 ProductAsterisk SummaryHigh call load may result in hung channels in ConfBridge.

[asterisk-users] AST-2014-013: PJSIP ACLs are not loaded on startup

Asterisk Project Security Advisory - AST-2014-013 ProductAsterisk SummaryPJSIP ACLs are not loaded on startup Nature of Advisory Unauthorized Access

[asterisk-users] AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver

Asterisk Project Security Advisory - AST-2014-015 ProductAsterisk SummaryRemote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service

[asterisk-users] AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver

Asterisk Project Security Advisory - AST-2014-016 ProductAsterisk SummaryRemote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service

[asterisk-users] AST-2014-017: font size=3 style=font-size: 12ptPermission escalation through ConfBridge actions/dialplan functions/font

Asterisk Project Security Advisory - AST-2014-017 ProductAsterisk SummaryPermission escalation through ConfBridge actions/dialplan functions

[asterisk-users] AST-2014-018: AMI permission escalation through DB dialplan function

Asterisk Project Security Advisory - AST-2014-018 ProductAsterisk SummaryAMI permission escalation through DB dialplan function

[asterisk-users] AST-2014-019: Remote Crash Vulnerability in WebSocket Server

Asterisk Project Security Advisory - AST-2014-019 ProductAsterisk SummaryRemote Crash Vulnerability in WebSocket Server Nature of Advisory Denial of Service

[asterisk-users] AST-2015-001: File descriptor leak when incompatible codecs are offered

Asterisk Project Security Advisory - AST-2015-001 ProductAsterisk SummaryFile descriptor leak when incompatible codecs are offered

[asterisk-users] AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability

Asterisk Project Security Advisory - AST-2015-002 ProductAsterisk SummaryMitigation for libcURL HTTP request injection vulnerability

[asterisk-users] AST-2015-003: TLS Certificate Common name NULL byte exploit

Asterisk Project Security Advisory - AST-2015-003 ProductAsterisk SummaryTLS Certificate Common name NULL byte exploit Nature of Advisory Man in the Middle Attack

[asterisk-users] AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data.

Asterisk Project Security Advisory - AST-2016-003 ProductAsterisk SummaryRemote crash vulnerability when receiving UDPTL FAX data.

[asterisk-users] AST-2016-001: BEAST vulnerability in HTTP server

Asterisk Project Security Advisory - AST-2016-001 ProductAsterisk SummaryBEAST vulnerability in HTTP server Nature of Advisory Unauthorized data disclosure due to

[asterisk-users] AST-2016-002: File descriptor exhaustion in chan_sip

Asterisk Project Security Advisory - AST-2016-002 ProductAsterisk SummaryFile descriptor exhaustion in chan_sip Nature of Advisory Denial of Service

[asterisk-users] AST-2016-005: TCP denial of service in PJProject

Asterisk Project Security Advisory - AST-2016-005 ProductAsterisk SummaryTCP denial of service in PJProject Nature of Advisory Crash/Denial of Service

[asterisk-users] AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk

Asterisk Project Security Advisory - AST-2016-004 ProductAsterisk SummaryLong Contact URIs in REGISTER requests can crash Asterisk

[asterisk-users] AST-2016-007: RTP Resource Exhaustion

Asterisk Project Security Advisory - AST-2016-007 ProductAsterisk SummaryRTP Resource Exhaustion Nature of Advisory Denial of Service

[asterisk-users] AST-2016-006: Crash on ACK from unknown endpoint

Asterisk Project Security Advisory - AST-2016-006 ProductAsterisk SummaryCrash on ACK from unknown endpoint Nature of Advisory Remote Crash

[asterisk-users] AST-2016-007: UPDATE

On September 8, the Asterisk development team released the AST-2016-007 security advisory. The security advisory involved an RTP resource exhaustion that could be targeted due to a flaw in the "allowoverlap" option of chan_sip. Due to new information presented to us by Walter Doekes, we have made

[asterisk-users] AST-2016-008: Crash on SDP offer or answer from endpoint using Opus

Asterisk Project Security Advisory - AST-2016-008 ProductAsterisk SummaryCrash on SDP offer or answer from endpoint using Opus

[asterisk-users] AST-2016-009:

Asterisk Project Security Advisory - ASTERISK-2016-009 ProductAsterisk Summary Nature of Advisory Authentication Bypass SusceptibilityRemote unauthenticated

[asterisk-users] AST-2017-001: Buffer overflow in CDR's set user

Asterisk Project Security Advisory - AST-2017-001 ProductAsterisk SummaryBuffer overflow in CDR's set user Nature of Advisory Buffer Overflow

[asterisk-users] AST-2017-002: Buffer Overrun in PJSIP transaction layer

Asterisk Project Security Advisory - AST-2017-002 ProductAsterisk SummaryBuffer Overrun in PJSIP transaction layer Nature of Advisory Buffer Overrun/Crash

[asterisk-users] AST-2017-003: Crash in PJSIP multi-part body parser

Asterisk Project Security Advisory - AST-2017-003 ProductAsterisk SummaryCrash in PJSIP multi-part body parser Nature of Advisory Remote Crash

[asterisk-users] AST-2017-004: Memory exhaustion on short SCCP packets

Asterisk Project Security Advisory - AST-2017-004 Product Asterisk Summary Memory exhaustion on short SCCP packets Nature of Advisory Denial of Service

[asterisk-users] AST-2017-008: RTP/RTCP information leak

Asterisk Project Security Advisory - AST-2017-008 ProductAsterisk SummaryRTP/RTCP information leak Nature of Advisory Unauthorized data disclosure

[asterisk-users] AST-2017-007: Remote Crash Vulerability in res_pjsip

Asterisk Project Security Advisory - AST-2017-007 ProductAsterisk SummaryRemote Crash Vulerability in res_pjsip Nature of Advisory Denial of Service

[asterisk-users] AST-2017-005: Media takeover in RTP stack

Asterisk Project Security Advisory - AST-2017-005 ProductAsterisk SummaryMedia takeover in RTP stack Nature of Advisory Unauthorized data disclosure

[asterisk-users] AST-2017-006: Shell access command injection in app_minivm

Asterisk Project Security Advisory - AST-2017-006 ProductAsterisk SummaryShell access command injection in app_minivm Nature of Advisory Unauthorized command execution

[asterisk-users] AST-2017-012: Remote Crash Vulnerability in RTCP Stack

Asterisk Project Security Advisory - AST-2017-012 Product Asterisk Summary Remote Crash Vulnerability in RTCP Stack Nature of Advisory Denial of Service

[asterisk-users] AST-2017-011: Memory leak in pjsip session resource

Asterisk Project Security Advisory - AST-2017-011 ProductAsterisk SummaryMemory leak in pjsip session resource Nature of Advisory Memory leak

[asterisk-users] AST-2017-009: Buffer overflow in pjproject header parsing can cause crash in Asterisk

Asterisk Project Security Advisory - AST-2017-009 ProductAsterisk SummaryBuffer overflow in pjproject header parsing can cause crash in Asterisk

[asterisk-users] AST-2017-010: Buffer overflow in CDR's set user

Asterisk Project Security Advisory - AST-2017-010 ProductAsterisk SummaryBuffer overflow in CDR's set user Nature of Advisory Buffer Overflow

[asterisk-users] :

The Asterisk Development Team has announced security releases for Certified Asterisk 13.13 and Asterisk 13, 14 and 15. The available security releases are released as versions 13.13-cert8, 13.18.3, 14.7.3 and 15.1.3. These releases are available for immediate download at

  1   2   >