Author : Asterisk Security

AST-2015-003: TLS Certificate Common Name NULL Byte Exploit

Posted April 8, 2015 by Asterisk Security & filed under Asterisk Users Comments: 0.

Asterisk Project Security Advisory – AST-2015-003 ProductAsterisk SummaryTLS Certificate Common name NULL byte exploit Nature of AdvisoryMan in the Middle AttackSusceptibilityRemote Authenticated Sessions Severity Major Exploits KnownNone Reported O..

Read more

AST-2015-002: Mitigation For LibcURL HTTP Request Injection Vulnerability

Posted January 28, 2015 by Asterisk Security & filed under Asterisk Users Comments: 0.

Tags: asterisk, Asterisk Project Security Advisory, Mark Michelson

Asterisk Project Security Advisory – AST-2015-002 ProductAsterisk SummaryMitigation for libcURL HTTP request injection vulnerability Nature of AdvisoryHTTP request injectionSusceptibilityRemote Authenticated Sessions Severity Major Exploits KnownNo Repor..

Read more

AST-2015-001: File Descriptor Leak When Incompatible Codecs Are Offered

Posted January 28, 2015 by Asterisk Security & filed under Asterisk Users Comments: 0.

Tags: asterisk, Asterisk Project Security Advisory, Mark Michelson

Asterisk Project Security Advisory – AST-2015-001 ProductAsterisk SummaryFile descriptor leak when incompatible codecs are offered Nature of AdvisoryResource exhaustion SusceptibilityRemote Authenticated Sessions Severity Major Exploits KnownNo Repor..

Read more

AST-2014-019: Remote Crash Vulnerability In WebSocket Server

Posted December 10, 2014 by Asterisk Security & filed under Asterisk Users Comments: 0.

Tags: asterisk, Asterisk Project Security Advisory, Badalian Vyacheslav, Joshua Colp

Asterisk Project Security Advisory – AST-2014-019 ProductAsterisk SummaryRemote Crash Vulnerability in WebSocket ServerNature of AdvisoryDenial of Service SusceptibilityRemote Unauthenticated Sessions Severity ModerateExploits KnownNo Reported On30 Octo..

Read more

AST-2014-018: AMI Permission Escalation Through DB Dialplan Function

Posted November 20, 2014 by Asterisk Security & filed under Asterisk Users Comments: 0.

Tags: asterisk, Asterisk Project Security Advisory, Gareth Palmer, Kevin Harwell

Asterisk Project Security Advisory – AST-2014-018 ProductAsterisk SummaryAMI permission escalation through DB dialplan functionNature of AdvisoryPermission Escalation SusceptibilityRemote Authenticated Sessions Severity Minor Exploits KnownNo Repor..

Read more

AST-2014-017: Permission Escalation Through ConfBridge Actions/dialplan Functions

Posted November 20, 2014 by Asterisk Security & filed under Asterisk Users Comments: 0.

Tags: asterisk, Asterisk Project Security Advisory, Gareth Palmer, Kevin Harwell

Asterisk Project Security Advisory – AST-2014-017 ProductAsterisk SummaryPermission escalation through ConfBridgeactions/dialplan functionsNature of AdvisoryPermission Escalation SusceptibilityRemote Authenticated Sessions Severity Minor Exploits Know..

Read more

AST-2014-016: Remote Crash Vulnerability In PJSIP Channel Driver

Posted November 20, 2014 by Asterisk Security & filed under Asterisk Users Comments: 0.

Tags: Advisory Denial of Service Susceptibility, asterisk, Asterisk Project Security Advisory, Joshua Colp, PJSIP channel driver, Product Release

Asterisk Project Security Advisory – AST-2014-016 ProductAsterisk SummaryRemote Crash Vulnerability in PJSIP channel driverNature of AdvisoryDenial of Service SusceptibilityRemote Unauthenticated Sessions Severity CriticalExploits KnownNo Reported O..

Read more

AST-2014-015: Remote Crash Vulnerability In PJSIP Channel Driver

Posted November 20, 2014 by Asterisk Security & filed under Asterisk Users Comments: 0.

Tags: Advisory Denial of Service Susceptibility, asterisk, Asterisk Project Security Advisory, Joshua Colp, Product Release, sip, Yaron Nahum

Asterisk Project Security Advisory – AST-2014-015 ProductAsterisk SummaryRemote Crash Vulnerability in PJSIP channel driverNature of AdvisoryDenial of Service SusceptibilityRemote Unauthenticated Sessions Severity ModerateExploits KnownNo Reported O..

Read more

AST-2014-014: High Call Load May Result In Hung Channels In ConfBridge.

Posted November 20, 2014 by Asterisk Security & filed under Asterisk Users Comments: 0.

Tags: Advisory Denial of Service Susceptibility, asterisk, Asterisk Project Security Advisory, Joshua Colp, Product Release

Asterisk Project Security Advisory – AST-2014-014 ProductAsterisk SummaryHigh call load may result in hung channels in ConfBridge. Nature of AdvisoryDenial of Service SusceptibilityRemote Unauthenticated Sessions Severity ModerateExploits KnownNo Repor..

Read more

AST-2014-013: PJSIP ACLs Are Not Loaded On Startup

Posted November 20, 2014 by Asterisk Security & filed under Asterisk Users Comments: 0.

Tags: Advisory Unauthorized Access, asterisk, Asterisk Project Security Advisory, Jonathan Rose, Product Release

Asterisk Project Security Advisory – AST-2014-013 ProductAsterisk SummaryPJSIP ACLs are not loaded on startupNature of AdvisoryUnauthorized Access SusceptibilityRemote unauthenticated sessions Severity ModerateExploits KnownNo Reported On28 Octob..

Read more