Total Amount Of Asterisk Installations

Report
Question

Counting any Open Source package is difficult for many reasons. There is probably not a reliable answer to this question since there are at least 4 major “flavors” of Asterisk out there (1.4, 1.6, 1.8, 1.10) and open and commercial source. It is reliably > 10,000 and quite possibly over 100,000 or even over 1 million. The Asterisk folks might be willing to tell you how many downloads have been done from http://www.asterisk.org , but that wouldn’t tell you the real number. Maybe a good start point for an estimate would start at 200,000+ if you are including all of the versions and types. But then we might still think…

General 3 years ago 0 Answer

AST-2012-011: Remote Crash Vulnerability In Voice Mail Application

Report
Question

If a single voicemail account is manipulated by two parties simultaneously, a condition can occur where memory is freed twice causing a crash. Management of the memory in question has been reworked so that double frees and out of bounds array access do not occur. Upgrade to the latest release. Affected Versions

  • Product Release Series
  • Asterisk Open Source 1.8.x 1.8.11 and newer
  • Asterisk Open Source 10.x 10.3 and newer
  • Certified Asterisk 1.8.11-certx All versions
  • Asterisk Digiumphones 10.x.x-digiumphones All versions
Corrected In
  • Product Release
  • Asterisk Open Source 1.8.13.1, 10.5.2
  • Certified Asterisk 1.8.11-cert4
  • Asterisk Digiumphones 10.5.2-digiumphones

VoIP News 3 years ago 0 Answer

AST-2012-010: Possible Resource Leak On Uncompleted Re-invite Transactions

Report
Question

Asterisk Project Security Advisory - AST-2012-010

Product Asterisk Summary Possible resource leak on uncompleted re-invite transactions Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Reported On June 13, 2012 Reported By Steve Davies Posted On July 5, 2012 Last Updated On July 5, 2012 Advisory Contact Terry Wilson CVE Name TBD

Description If Asterisk sends a re-invite and an endpoint responds to the re-invite with a provisional response but never sends a final response, then the SIP dialog structure is never freed and the RTP ports for…

Asterisk Users 3 years ago 0 Answer

Open Source Realtime Dinner in Barcelona - June 13th

Report
Question

Hello! I will be running an Asterisk SIP Masterclass - the last one - in Barcelona in June. During this week, I will organize a dinner for everyone working with or interested in Asterisk, Kamailio and other Open Source platforms for realtime communication. It's June 13th somewhere in Barcelona - location will be announced later. You pay our own dinner (unless we can find sponsors) and enjoy the geeky company for free! To join the event, use this Facebook event https://www.facebook.com/events/307548349321608/ See you in Barcelona! /O

Asterisk Users 3.2 years ago 0 Answer

Heap Buffer Overflow in Skinny Channel Driver

Report
Question

In the Skinny channel driver, KEYPAD_BUTTON_MESSAGE events are queued for processing in a buffer allocated on the heap, where each DTMF value that is received is placed on the end of the buffer. Since the length of the buffer is never checked, an attacker could send sufficient KEYPAD_BUTTON_MESSAGE events such that the buffer is overrun. Now, the length of the buffer is now checked before appending a value to the end of the buffer. Affected Versions:

  • Product Release Series
  • Asterisk Open Source 1.6.2.x All Versions
  • Asterisk Open Source 1.8.x All Versions
  • Asterisk Open Source 10.x All Versions
Corrected In Product Release: