Grandstream 1.0.3.30 BETA Firmware

Report
Question

If you are using Grandstream GXP 21XXX and 14XX phones and you are doing
any kind of remote firmware updates or config updates DO NOT use the
1.0.3.30 BETA version. We have found a bug in it that causes HTTP updates
to not work if you are using a domain name and not an IP address for
pulling configs and firmware. It can put you in a state where you can't
update the configs or firmware without direct web or telnet contact to the
phone. Thanks Bryant

Asterisk Users 3.2 years ago 0 Answer

Problem with blank/empty voicemails

Report
Question

Hi,
I hope for a hint on this issue. I had a voicemail running on ast release 1.6.2 latest which i upgraded
to 1.8.11 latest release.
during this process I did add a couple of fields like minsecs and maxsecs. I do now get empty emails where the attached voicefile only contains the
voice header,
the message length written in the email is ok.
If I go to the voicemailbox during the recording then I can se the files
grow to the filesize i would expect, looks like everything is ok until then.…

Asterisk Users 3.2 years ago 0 Answer

Remote Crash Vulnerability in SIP Channel Driver

Report
Question

Asterisk Project Security Advisory - AST-2012-006 Product Asterisk
Summary Remote Crash Vulnerability in SIP Channel Driver
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On April 16, 2012
Reported By Thomas Arimont
Posted On April 23, 2012
Last Updated On April 23, 2012
Advisory Contact Matt Jordan < mjordan AT digium DOT com >
CVE Name Description A remotely exploitable crash vulnerability exists in the
SIP channel driver if a SIP UPDATE request is processed
within a particular window of…

Asterisk Users 3.2 years ago 0 Answer

Heap Buffer Overflow in Skinny Channel Driver

Report
Question

In the Skinny channel driver, KEYPAD_BUTTON_MESSAGE events are queued for processing in a buffer allocated on the heap, where each DTMF value that is received is placed on the end of the buffer. Since the length of the buffer is never checked, an attacker could send sufficient KEYPAD_BUTTON_MESSAGE events such that the buffer is overrun. Now, the length of the buffer is now checked before appending a value to the end of the buffer. Affected Versions:

  • Product Release Series
  • Asterisk Open Source 1.6.2.x All Versions
  • Asterisk Open Source 1.8.x All Versions
  • Asterisk Open Source 10.x All Versions
Corrected In Product Release: