Page 3 of 22 results (0.003 seconds)

CVSS: 7.5EPSS: 69%CPEs: 15EXPL: 1

An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind. Se ha descubierto un problema en chan_skinny.c en Asterisk Open Source en versiones 13.18.2 y anteriores, 14.7.2 y anteriores y 15.1.2 y anteriores y en Certified Asterisk 13.13-cert7 y anteriores. Si el controlador de canal chan_skinny (también conocido como protocolo SCCP) se inunda a base de determinadas peticiones, puede provocar que el proceso de asterisk utilice cantidades excesivas de memoria virtual, finalmente provocando que asterisk deje de procesar cualquier tipo de peticiones. • https://www.exploit-db.com/exploits/43992 http://downloads.digium.com/pub/security/AST-2017-013.html http://www.securityfocus.com/bid/102023 http://www.securitytracker.com/id/1039948 https://issues.asterisk.org/jira/browse/ASTERISK-27452 https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html https://www.debian.org/security/2017/dsa-4076 • CWE-459: Incomplete Cleanup •

CVSS: 7.5EPSS: 0%CPEs: 189EXPL: 0

In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report. En Asterisk enversiones 11.x anteriores a la 11.25.3, versiones 13.x anteriores a la 13.17.2 y versiones 14.x anteriores a la 14.6.2; y en Certified Asterisk en versiones 11.x anteriores a la 11.6-cert18 y versiones 13.x anteriores a la 13.13-cert6, una validación insuficiente de paquetes RTCP podría permitir la lectura de contenidos obsoletos del búfer y, cuando se combina con las opciones "nat" y "symmetric_rtp", permite las redirecciones en las que Asterisk envía el siguiente informe RTCP. • http://downloads.asterisk.org/pub/security/AST-2017-008.html http://www.debian.org/security/2017/dsa-3990 https://issues.asterisk.org/jira/browse/ASTERISK-27274 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 2%CPEs: 189EXPL: 0

In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. • http://downloads.asterisk.org/pub/security/AST-2017-005.html http://www.debian.org/security/2017/dsa-3964 http://www.securitytracker.com/id/1039251 https://bugs.debian.org/873907 https://issues.asterisk.org/jira/browse/ASTERISK-27013 https://rtpbleed.com https://security.gentoo.org/glsa/201710-29 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 96%CPEs: 189EXPL: 0

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection. En Asterisk 11.x en versiones anteriores a la 11.25.2, 13.x en versiones anteriores a la 13.17.1, y 14.x en versiones anteriores a la 14.6.1 y Certified Asterisk 11.x en versiones anteriores a la 11.6-cert17 y 13.x en versiones anteriores a la 13.13-cert5, es ejecutar comandos sin autorización. • http://downloads.asterisk.org/pub/security/AST-2017-006.html http://www.debian.org/security/2017/dsa-3964 http://www.securitytracker.com/id/1039252 https://bugs.debian.org/873908 https://issues.asterisk.org/jira/browse/ASTERISK-27103 https://security.gentoo.org/glsa/201710-29 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 1%CPEs: 50EXPL: 0

PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter. PJSIP, tal como es usado en Asterisk Open Source versiones 13.x y anteriores a 13.15.1 y versiones 14.x y anteriores a 14.4.1, Certified Asterisk versión 13.13 y anteriores a 13.13-cert4, y otros productos, permite a los atacantes remotos causar una denegación de servicio (desbordamiento de búfer y bloqueo de aplicación) por medio de un paquete SIP con un encabezado CSeq especialmente diseñado junto con un encabezado Via que carece de un parámetro branch. • http://downloads.asterisk.org/pub/security/AST-2017-002.txt http://www.debian.org/security/2017/dsa-3933 http://www.securityfocus.com/bid/98572 http://www.securitytracker.com/id/1038529 https://bugs.debian.org/863901 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •