Page 16 of 126 results (0.013 seconds)

CVSS: 5.0EPSS: 39%CPEs: 195EXPL: 0

chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. chan_iax2.c en el controlador de canal IAX2 en Asterisk Open Source v1.4.x anteriores a v1.4.41.1, v1.6.2.x anteriores a v1.6.2.18.1, y v1.8.x anteriores a v1.8.4.3, y Asterisk Business Edition vC.3 anteriores a vC.3.7.3, accede a una dirección de memoria contenida en un marco de control de opción, que permite a atacantes remotos causar una denegación de servicio (caída del demonio) o posiblemente tener un impacto no especificado a través de un marco manipulado. • http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff http://downloads.asterisk.org/pub/security/AST-2011-010.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html http://secunia.com/advisories/44973 http://secunia.com/advisories/45048 http://secunia.com/advisories/45201 http://secunia.com/advisories/45239 http://securitytracker.com/id?1025708 http://www.debian.org/security/2011/dsa-2276 http://www.osvdb.org/73309 http://www.secu • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 158EXPL: 0

The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536. La configuración por defecto del controlador del canal SIP en Asterisk Open Source 1.4.x hasta 1.1.41.2 y 1.6.2.x hasta 1.6.2.18.2 no activa la opción alwaysauthreject, lo que permite a atacantes remotos enumerar los nombres de las cuentas al hacer una serie de peticiones SIP inválidas y observando las diferencias en las respuestas para distintos nombres de usuario, es una vulnerabilidad distinta a CVE-2011-2536. • http://downloads.asterisk.org/pub/security/AST-2011-011.html https://exchange.xforce.ibmcloud.com/vulnerabilities/68472 • CWE-16: Configuration •

CVSS: 5.0EPSS: 6%CPEs: 162EXPL: 0

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet. chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.6.x anterior a v1.6.2.18.1 y v1.8.x anteriores a v1.8.4.3 no manejan adecuadamente los caracteres '\0' en los paquetes SIP, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener un impacto no especificado a través de un paquete diseñado. • http://downloads.asterisk.org/pub/security/AST-2011-008.diff http://downloads.asterisk.org/pub/security/AST-2011-008.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html http://secunia.com/advisories/45048 http://secunia.com/advisories/45201 http://secunia.com/advisories/45239 http://securitytracker.com/id?1025706 http://www.debian.org/security/2011/dsa-2276 http://www.osvdb.org/73307 http://www.securityfocus.com/bid/48431 https://exchange.xfo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 7%CPEs: 32EXPL: 0

reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character. reqresp_parser.c en el controlador de canal SIP en Asterisk Open Source v1.8.x anteriores a v1.8.4.3 permite a atacantes remotos provocar una denegación de servicio (desreferencia a puntero NULL y caída del demonio) a través de un paquete SIP con una cabecera Contact que carece de un carácter < (menos que). • http://downloads.asterisk.org/pub/security/AST-2011-009-1.8.diff http://downloads.asterisk.org/pub/security/AST-2011-009.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html http://secunia.com/advisories/45048 http://secunia.com/advisories/45201 http://secunia.com/advisories/45239 http://www.debian.org/security/2011/dsa-2276 •

CVSS: 5.0EPSS: 0%CPEs: 198EXPL: 0

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests. chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.4.x anteriores a v1.4.41.2, v1.6.2.x anteriores a v1.6.2.18.2, y v1.8.x anteriores a v1.8.4.4, y Asterisk Business Edition vC.3.x anteriores a vC.3.7.3,no tiene en cuenta la opción alwaysauthreject y genera diferentes respuestas no válidas para solicitudes SIP en función de si la cuenta de usuario existe, lo que permite a atacantes remotos enumerar los nombres de cuenta a través de una serie de peticiones. • http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff http://downloads.asterisk.org/pub/security/AST-2011-011.html http://www.securitytracker.com/id?1025734 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •