Remote crash possibility with SIP and the “automon” feature enabled

Report
Question

Asterisk Project Security Advisory - AST-2011-014

Summary:      Remote crash possibility with SIP and the "automon" Description:  When the "automon" feature is enabled in features.conf, it is possible to send a sequence of SIP requests that cause Asterisk to dereference a NULL pointer and crash. Resolution:    Applying the referenced patches that check that the pointer is not NULL before accessing it will resolve the issue. The "automon" feature can be disabled in features.conf as a workaround. Patches Download URL Revision http://downloads.asterisk.org/pub/security/AST-2011-014-1.6.2.diff 1.6.2.20 http://downloads.asterisk.org/pub/security/AST-2011-014-1.8.diff 1.8.7.1 Links Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document…

VoIP News 3.8 years ago 0 Answers

Discover the Asterisk-based innovation in ClarityLogic – Digium Innovation Award Winner

Report
Question

Congratulations to Clarity, a division of Plantronics, for being recognized as the Digium Innovation Award winner. The Digium Innovation Award is designed to recognize developers, customers and partners for outstanding achievements that are improving business processes, overcoming technology challenges and enhancing the company’s bottom line. Based in Chattanooga, Tenn., Clarity is the leading supplier of amplified telephones, notification systems, assistive listening devices and other communications devices for millions with hearing loss. With Asterisk-based technology, the company created ClarityLogic, a first-of-its-kind service that enables customer representatives to remotely retrieve and adjust settings, quickly resolving customer issues. This is critically important for…

VoIP News 3.8 years ago 0 Answers

Digium Releases Octal-Span Digital Card

Report
Question

Connecting Traditional Telephony Services with Asterisk Communications Systems

TE820 Offers Highest Single-Card Port Density Available for use with Asterisk

Digium®, Inc., the Asterisk® Company, today announced the availability of the TE820 Octal-Span digital card. This new high-density solution compliments Digium's existing broad suite of telephony card offerings designed specifically for Asterisk-based communications systems. The TE820 enables Asterisk integrators and OEMs to build large scale telephony deployments that are both high performance and cost-effective. Asterisk is the most widely used open source software for creating business phone systems and other communications applications. The combination of Digium hardware and Asterisk software…

VoIP News 3.9 years ago 0 Answers

Asterisk 10.0.0-rc1 Now Available

Report
Question

The Asterisk Development Team is pleased to announce the first release candidate of Asterisk 10.0.0. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/ All Asterisk users are encouraged to participate in the Asterisk 10 testing process. Please report any issues found to the issue tracker, https://issues.asterisk.org/jira. It is also very useful to see successful test reports. Please post those to the asterisk-dev mailing list. All Asterisk users are invited to participate in the #asterisk-testing channel on IRC to work together in testing the many parts of Asterisk. Asterisk 10 is the next major release series of…

VoIP News 3.9 years ago 0 Answers

Certified Digium Training Partner Modulis.ca Announces the Launch of Asterisk VoIP Training and dCAP Certification in Canada

Report
Question

"Modulis.ca, a Canadian leader in Asterisk based VoIP telephony solutions and installations is launching the Asterisk Advanced Training program in Canada starting in January 2012. Targeted at VoIP professionals and IT managers in corporations and governments, attendees will gain a thorough understanding of Asterisk and what it can do for their organization including how to install, configure, tune, and maintain a complete Asterisk PBX system. In addition they will be entitled to take the Digium Certified Asterisk Professional (dCAP) certification exam, allowing them to bring a new skill set to their career or organization." Read More:

VoIP News 3.9 years ago 0 Answers

Samsung Takes the Lead In the Smartphone Market

Report
Question

"Samsung shipped 27.8 million smartphones in the last quarter, taking 23.8 percent of the market, Milton Keynes, U.K.- based Strategy Analytics said in an e-mailed statement today. Apple’s 17.1 million shipments, comprising 14.6 percent of the market, pushed the Cupertino, California-based company to second place. Nokia Oyj (NOK1V) maintained its third position, it said. Apple, which released its iPhone 4S this month, held the top spot for only one quarter after dislodging Espoo, Finland- based Nokia earlier this year. Samsung, based in Suwon, South Korea, has turned to Google Inc. (GOOG)’s Android…

VoIP News 3.9 years ago 0 Answers

DAHDI-Linux 2.5.0.2 and DAHDI-Tools 2.5.0.2 Released

Report
Question

The Asterisk Development Team is pleased to announce the release of DAHDI-Linux 2.5.0.2 and DAHDI-Tools 2.5.0.2. 2.5.0.2 is a bug fix release. It is recommended that current users of v2.5 to upgrade. DAHDI-Linux 2.5.0.2, DAHDI-Tools 2.5.0.2, and DAHDI-Linux-Complete 2.5.0.1+2.5.0.1 are available for immediate download at: http://downloads.asterisk.org/pub/telephony/dahdi-linux http://downloads.asterisk.org/pub/telephony/dahdi-tools http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete Issues closed by this release: DAHLIN-257: wcb4xxp shows hardware EC in /proc/dahdi/* for B410P although vpmsupport=0 DAHLIN-260: wctdm24xxp/base.c fails to compile in 2.6.16 kernel The DAHDI-Linux short log from v2.5.0.1 is: Shaun Ruffell (8): dahdi: Decrease the initial coretimer delay to 4ms from 1 second. wctdm24xxp, wcte12xp: Advertise VPMOCT032…

VoIP News 3.9 years ago 0 Answers

Asterisk 1.8.7.1 Now Available (Security Release)

Report
Question

The Asterisk Development Team has announced a security release for Asterisk 1.8 The available security release is released as version 1.8.7.1 This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing which can lead to a remotely exploitable crash: Remote Crash Vulnerability in SIP channel driver (AST-2011-012) The issue and resolution is described in the AST-2011-012 security advisory. For more information about the details of this vulnerability, please read the security advisory AST-2011-012, which was released at the same time as this announcement. For a full list of…

VoIP News 3.9 years ago 0 Answers

Remote crash vulnerability in SIP channel driver

Report
Question

Product              Asterisk
Summary              Remote crash vulnerability in SIP channel driver
Nature of Advisory   Remote crash
Susceptibility       Remote authenticated sessions
Severity             Critical
Exploits Known       No
Reported On          October 4, 2011
Reported By          Ehsan Foroughi
Posted On            October 17, 2011
Last Updated On      October 17, 2011
Advisory Contact     Terry Wilson <twilson@digium.com>
CVE Name             CVE-2011-4063
Description A remote authenticated user can cause a crash with a malformed request due to an unitialized variable. Resolution Ensure variables are initialized in all cases when parsing the request. Affected Versions Product Release Series Asterisk Open Source 1.8.x All versions Asterisk Open Source 10.x All versions…

VoIP News 3.9 years ago 0 Answers

Mobile App for Digium's Unified Communications Solution Honored with Enterprise App Award from UBM Channel's CRN

Report
Question

"Digium®, Inc., the Asterisk® Company, today announced that it has received a 2011 Enterprise App Award from CRN for mobile applications that extend its Switchvox unified communications (UC) solution. Also known as “The Appys,” CRN's inaugural Enterprise App Awards were presented to the top mobile apps for business, recognizing outstanding achievement in driving enterprise IT into the palms of the market. Digium was one of only three companies to be honored out of more than 50 nominees. Digium's mobile applications integrate with the company's Switchvox Voice over IP (VoIP) unified communications solutions to bring advanced functionality to small and mid-size…

VoIP News 4 years ago 0 Answers