Skinny Channel Driver Remote Crash Vulnerability


A previously developed patch dealt with a denial of service attack exploitable in the Skinny channel driver that occurred when certain messages are sent after a previously registered station sends an Off Hook message. Unresolved in that patch is an issue in the Asterisk 10 releases, wherein, if a Station Key Pad Button Message is processed after an Off Hook message, the channel driver will inappropriately dereference a Null pointer. Similar to the problem solved with the previous patch, a remote attacker with a valid SCCP ID can use this vulnerability by closing a connection to the Asterisk server when a station is in the "Off Hook" call state and…

VoIP News 3.4 years ago 0 Answers

Remote Crash Vulnerability in SIP Channel Driver


Asterisk Project Security Advisory - AST-2012-006 Product Asterisk
Summary Remote Crash Vulnerability in SIP Channel Driver
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On April 16, 2012
Reported By Thomas Arimont
Posted On April 23, 2012
Last Updated On April 23, 2012
Advisory Contact Matt Jordan < mjordan AT digium DOT com >
CVE Name Description A remotely exploitable crash vulnerability exists in the
SIP channel driver if a SIP UPDATE request is processed
within a particular window of…

Asterisk Users 3.5 years ago 0 Answers

Heap Buffer Overflow in Skinny Channel Driver


In the Skinny channel driver, KEYPAD_BUTTON_MESSAGE events are queued for processing in a buffer allocated on the heap, where each DTMF value that is received is placed on the end of the buffer. Since the length of the buffer is never checked, an attacker could send sufficient KEYPAD_BUTTON_MESSAGE events such that the buffer is overrun. Now, the length of the buffer is now checked before appending a value to the end of the buffer. Affected Versions:

  • Product Release Series
  • Asterisk Open Source 1.6.2.x All Versions
  • Asterisk Open Source 1.8.x All Versions
  • Asterisk Open Source 10.x All Versions
Corrected In Product Release:

Driver for TOR3E ( Govarion ).


Hello List, I have one TOR3-E (E1 version) card from Govarion that i used some years
ago, but it seems company stopped work.
Since website is down.
Is there somebody with good heart that could help me to get a driver for an
x86 and x86_64 for
this card? Thank you so much, Richard Palmeron

Asterisk Users 3.7 years ago 0 Answers

Problem H323 asterisk


Do you have any network devices or VPN tunnels in between the Asterisk
and Avaya? The reason I am asking it looks like a potential networking issue. Has this setup ever worked before? -Vladimir
On 7/27/2011 1:32 PM, troxlinux wrote:
> Hi list , I am connecting one avaya with asterisk by h323 and when I
> call to avaya becomes disconnected, this is my debug
> ippbx*CLI> h323 set debug on
> H.323 Debugging Enabled
> == Using SIP RTP CoS mark 5
> == Using…

Asterisk Users 4.2 years ago 0 Answers

Asterisk unixODBC configuration files for MySQL and MariaDB


1.0 Asterisk + unixODBC

Having almost all of our Asterisk configuration based on our preferred Database Management System is one of the greatest advantages that we have at the moment to deploy a VoIP solution. Now, having the possibility of building and integrated and unified communication solution in a non-intrusive way for client's company, while at the same time assuring scalability and flexibility, that's a mayor thing. That's precisely what we have at the moment of using Asterisk+unixODBC. unixODBC "allows the user or the system administrator to easily configure an application to use any ODBC compliant data source. This is…

Initial Configuration of Asterisk 4.3 years ago 0 Answers

HANGUP problem


Hi I noticed that all my fax negociated in *V17 *hangup Here my conf fax show version
FAX For Asterisk Components:
Applications: 1.8.4-rc2
Digium FAX Driver: 1.8.4_1.3.0 (optimized for i686_32)
Here an example of failed fax:

Asterisk Users 4.6 years ago 0 Answers