CVE-2017-16672
https://notcve.org/view.php?id=CVE-2017-16672
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash. Se descubrió un problema en Asterisk Open Source en versiones 13 anteriores a la 13.18.1, versiones 14 anteriores a la 14.7.1 y versiones 15 antes de la 15.1.1 y en Certified Asterisk 13.13 en versiones anteriores a la 13.13-cert7. • http://downloads.digium.com/pub/security/AST-2017-011.html http://www.securityfocus.com/bid/101765 https://issues.asterisk.org/jira/browse/ASTERISK-27345 https://security.gentoo.org/glsa/201811-11 https://www.debian.org/security/2017/dsa-4076 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2017-16671
https://notcve.org/view.php?id=CVE-2017-16671
A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer. Una vulnerabilidad de desbordamiento de búfer se descubrió en Asterisk Open Source en versiones 13 anteriores a la 13.18.1, versiones 14 anteriores a la 14.7.1 y versiones 15 antes de la 15.1.1 y en Certified Asterisk 13.13 en versiones anteriores a la 13.13-cert7. • http://downloads.digium.com/pub/security/AST-2017-010.html http://www.securityfocus.com/bid/101760 https://issues.asterisk.org/jira/browse/ASTERISK-27337 https://security.gentoo.org/glsa/201811-11 https://www.debian.org/security/2017/dsa-4076 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-14603
https://notcve.org/view.php?id=CVE-2017-14603
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report. En Asterisk enversiones 11.x anteriores a la 11.25.3, versiones 13.x anteriores a la 13.17.2 y versiones 14.x anteriores a la 14.6.2; y en Certified Asterisk en versiones 11.x anteriores a la 11.6-cert18 y versiones 13.x anteriores a la 13.13-cert6, una validación insuficiente de paquetes RTCP podría permitir la lectura de contenidos obsoletos del búfer y, cuando se combina con las opciones "nat" y "symmetric_rtp", permite las redirecciones en las que Asterisk envía el siguiente informe RTCP. • http://downloads.asterisk.org/pub/security/AST-2017-008.html http://www.debian.org/security/2017/dsa-3990 https://issues.asterisk.org/jira/browse/ASTERISK-27274 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-14099
https://notcve.org/view.php?id=CVE-2017-14099
In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. • http://downloads.asterisk.org/pub/security/AST-2017-005.html http://www.debian.org/security/2017/dsa-3964 http://www.securitytracker.com/id/1039251 https://bugs.debian.org/873907 https://issues.asterisk.org/jira/browse/ASTERISK-27013 https://rtpbleed.com https://security.gentoo.org/glsa/201710-29 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-14100
https://notcve.org/view.php?id=CVE-2017-14100
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection. En Asterisk 11.x en versiones anteriores a la 11.25.2, 13.x en versiones anteriores a la 13.17.1, y 14.x en versiones anteriores a la 14.6.1 y Certified Asterisk 11.x en versiones anteriores a la 11.6-cert17 y 13.x en versiones anteriores a la 13.13-cert5, es ejecutar comandos sin autorización. • http://downloads.asterisk.org/pub/security/AST-2017-006.html http://www.debian.org/security/2017/dsa-3964 http://www.securitytracker.com/id/1039252 https://bugs.debian.org/873908 https://issues.asterisk.org/jira/browse/ASTERISK-27103 https://security.gentoo.org/glsa/201710-29 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •