Skinny Channel Driver Remote Crash Vulnerability

Report
Question

Asterisk Project Security Advisory - AST-2012-008 Product Asterisk
Summary Skinny Channel Driver Remote Crash Vulnerability
Nature of Advisory Denial of Service
Susceptibility Remote authenticated sessions
Severity Minor
Exploits Known No
Reported On May 22, 2012
Reported By Christoph Hebeisen
Posted On May 29, 2012
Last Updated On May 29, 2012
Advisory Contact Matt Jordan < mjordan AT digium DOT com >
CVE Name CVE-2012-2948 Description As reported by Telus Labs: "A Null-pointer dereference has been identified in the SCCP
(Skinny) channel driver of Asterisk. When an SCCP client

Asterisk Users 3.1 years ago 0 Answer

Remote crash vulnerability in IAX2 channel driver.

Report
Question

Asterisk Project Security Advisory - AST-2012-007 Product Asterisk
Summary Remote crash vulnerability in IAX2 channel driver.
Nature of Advisory Remote crash
Susceptibility Established calls
Severity Moderate
Exploits Known No
Reported On March 21, 2012
Reported By mgrobecker
Posted On May 29, 2012
Last Updated On May 29, 2012
Advisory Contact Richard Mudgett < rmudgett AT digium DOT com >
CVE Name CVE-2012-2947 Description A remotely exploitable crash vulnerability exists in the
IAX2 channel driver if an established call is placed on
hold without a suggested music class.…

Asterisk Users 3.1 years ago 0 Answer

Certified Asterisk 1.8.11-cert2; Asterisk 1.8.12.1, 10.4.1 Now Available (Security Release)

Report
Question

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert2, 1.8.12.1, and 10.4.1. These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve the following
two issues: * A remotely exploitable crash vulnerability exists in the IAX2 channel
driver if an established call is placed on hold without a suggested music
class. Asterisk will attempt to use an invalid pointer to the music
on hold class name,…

Asterisk Users 3.1 years ago 0 Answer

unable to create channel of type 'SIP'

Report
Question

I'm trying to use OpenBTS with Asterisk.
I have two phones that are connecting to OpenBTS correctly, but on the
Asterisk side the phones can't call each other. I followed this guide:
http://gnuradio.org/redmine/projects/gnuradio/wiki/OpenBTSSettingUpAsterisk
I set up two phones in sip.conf and extensions.conf. In my SIP output I see this:
WARNING[1689]: app_dial.c:2041 dial_exec_full: unable to create
channel of type 'SIP' (cause 20 - unknown) If I type sip show registry it says there are 0 SIP registrations.
Should I see both the phones registered at this point?
If that's what's wrong,…

Asterisk Users 3.1 years ago 0 Answer