Skinny Channel Driver Remote Crash Vulnerability

Report
Question

Asterisk Project Security Advisory - AST-2012-008 Product Asterisk
Summary Skinny Channel Driver Remote Crash Vulnerability
Nature of Advisory Denial of Service
Susceptibility Remote authenticated sessions
Severity Minor
Exploits Known No
Reported On May 22, 2012
Reported By Christoph Hebeisen
Posted On May 29, 2012
Last Updated On May 29, 2012
Advisory Contact Matt Jordan < mjordan AT digium DOT com >
CVE Name CVE-2012-2948 Description As reported by Telus Labs: "A Null-pointer dereference has been identified in the SCCP
(Skinny) channel driver of Asterisk. When an SCCP client

Asterisk Users 3.3 years ago 0 Answers

Remote crash vulnerability in IAX2 channel driver.

Report
Question

Asterisk Project Security Advisory - AST-2012-007 Product Asterisk
Summary Remote crash vulnerability in IAX2 channel driver.
Nature of Advisory Remote crash
Susceptibility Established calls
Severity Moderate
Exploits Known No
Reported On March 21, 2012
Reported By mgrobecker
Posted On May 29, 2012
Last Updated On May 29, 2012
Advisory Contact Richard Mudgett < rmudgett AT digium DOT com >
CVE Name CVE-2012-2947 Description A remotely exploitable crash vulnerability exists in the
IAX2 channel driver if an established call is placed on
hold without a suggested music class.…

Asterisk Users 3.3 years ago 0 Answers

unable to create channel of type 'SIP'

Report
Question

I'm trying to use OpenBTS with Asterisk.
I have two phones that are connecting to OpenBTS correctly, but on the
Asterisk side the phones can't call each other. I followed this guide:
http://gnuradio.org/redmine/projects/gnuradio/wiki/OpenBTSSettingUpAsterisk
I set up two phones in sip.conf and extensions.conf. In my SIP output I see this:
WARNING[1689]: app_dial.c:2041 dial_exec_full: unable to create
channel of type 'SIP' (cause 20 - unknown) If I type sip show registry it says there are 0 SIP registrations.
Should I see both the phones registered at this point?
If that's what's wrong,…

Asterisk Users 3.3 years ago 0 Answers

Certified Asterisk 1.8.11-cert2; Asterisk 1.8.12.1, 10.4.1 Now Available (Security Release)

Report
Question

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert2, 1.8.12.1, and 10.4.1. These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve the following
two issues: * A remotely exploitable crash vulnerability exists in the IAX2 channel
driver if an established call is placed on hold without a suggested music
class. Asterisk will attempt to use an invalid pointer to the music
on hold class name,…

Asterisk Users 3.3 years ago 0 Answers

axfer with simple CDR

Report
Question

hi, i read a lot about CDR problems
this document is the best description of CDRs problem in Asterisk
http://svn.digium.com/svn/asterisk/team/murf/RFCs/CDRfix2.rfc.docx i found but
i cant still answer my question is it possible with simple CDR fully describe axfer? (axfer is asterisk
native, not phone function)
scenario
A - customer
B - secretary
C - consultant1
D - consultant2 A -> B
B axfer C
C axfer D i need to know
time B with C (consultation)
time A with C
time C with…

Asterisk Users 3.3 years ago 3 Answers

IMAP Voicemail

Report
Question

Hello all, I quickly searched online prior to sending this, but if this was previously brought up, I sincerely apologize. I noticed IMAP Voicemail remains as a build option in later versions of Asterisk 1.8 but the only latest version I've found working is 1.8.8.0. Is this an error in the latest source, or will IMAP no longer be supported? Also note, I am using C-Client v2007f. Any insight to this issue is greatly appreciated.
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Asterisk Users 3.3 years ago 3 Answers