Page 5 of 38 results (0.029 seconds)

CVSS: 5.0EPSS: 11%CPEs: 224EXPL: 0

Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections. Asterisk Open Source v1.4.x antes de v1.4.40.1, v1.6.1.x antes de v1.6.1.25, v1.6.2.x antes v1.6.2.17.3, y v1.8.x antes de v1.8.3.3 y Asterisk Business Edition Cxx antes vC.3.6 0.4 no restringen el número de sesiones no autenticadas a ciertas interfaces, que permite a atacantes remotos provocar una denegación de servicio (agotamiento de descriptor de archivo y el agotamiento de espacio en disco) a través de una serie de conexiones TCP. • http://downloads.digium.com/pub/security/AST-2011-005.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html http://secunia.com/advisories/44197 http://secunia.com/advisories/44529 http://securitytracker.com/id?1025432 http://www.debian.org/security/2011/dsa-2225 http://www.vupen.com/english/advisories/2011/1086 http://www.vupen.com/english/advisories/2011/1107 http://www& • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 15%CPEs: 94EXPL: 0

tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API. tcptls.c en el servidor TCP/TLS en Asterisk Open Source v1.6.1.x anterior a v1.6.1.23, v1.6.2.x anterior a v1.6.2.17.1, y v1.8.x anterior a v1.8.3.1 permite a atacantes remotos causar una denegación de servicio (desreferencia a un puntero NUL) mediante el establecimiento de muchas sesiones TCP cortas a los servicios que utilizan una cierta API de TLS. • http://downloads.asterisk.org/pub/security/AST-2011-004.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html http://openwall.com/lists/oss-security/2011/03/17/5 http://openwall.com/lists/oss-security/2011/03/21/12 http://securitytracker.com/id?1025224 http://www.debian.org/security/2011/dsa-22 •

CVSS: 5.0EPSS: 9%CPEs: 97EXPL: 0

manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data. manager.c en Asterisk Open Source v1.6.1.x anterior a v1.6.1.24, v1.6.2.x anterior a v1.6.2.17.2, y v1.8.x anterior a v1.8.3.2 permite a atacantes remotos generar una denegación de servicio (agotamiento de memoria y CPU) mediante una conjunto de sesiones que comprenden datos no válidos. • http://downloads.asterisk.org/pub/security/AST-2011-003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html http://openwall.com/lists/oss-security/2011/03/17/5 http://openwall.com/lists/oss-security/2011/03/21/12 http://securitytracker.com/id?1025223 http://www.debian.org/security/2011/dsa-22 • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 93%CPEs: 203EXPL: 0

Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet. Múltiples desbordamientos de búfer en las funciones (1) decode_open_type y (2) udptl_rx_packet en main/udptl.c en Asterisk Open Source v1.4.x anterior a v1.4.39.2, v1.6.1.x antes de v1.6.1.22, v1.6.2.x antes de v1.6.2.16.2, y v1.8 antes de v1.8.2.4; Business Edition vC.x.x antes de vC.3.6.3; AsteriskNOW v1.5; y s800i (Asterisk Appliance), cuando el soporte T.38 está activo, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de un paquete UDPTL manipulado • http://downloads.asterisk.org/pub/security/AST-2011-002.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html http://secunia.com/advisories/43429 http://secunia.com/advisories/43702 http://www.debian.org/security/2011/dsa-2225 http://www.openwall.com/lists/oss-security/2011/03/11/2 http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.0EPSS: 3%CPEs: 15EXPL: 0

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function. Desbordamiento de búfer basado en pila en la función ast_uri_encode, en main/utils.c, en Asterisk Open Source before v.1.4.38.1, v.1.4.39.1, v.1.6.1.21, v.1.6.2.15.1, v.1.6.2.16.1, v.1.8.1.2, v.1.8.2.; y Business Edition before v.C.3.6.2; cuando se ejecuta en modo "pedantic" permite a usuarios autenticados ejectuar código de su elección manipulados con el dato llamador ID en vectores que involucran el (1) el driver del SIP, (2) la función URIENCODE dialplan, o la función AGI dialplan. • http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff http://downloads.asterisk.org/pub/security/AST-2011-001.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html http://osvdb.org/70518 http://secunia.com/advisories/42935 http://secunia.com/advisories/43119 http://secunia.com/advisories/43373 http://www.debian.org/security/2011/dsa-2171 http://www&# • CWE-787: Out-of-bounds Write •