Page 6 of 42 results (0.010 seconds)

CVSS: 5.0EPSS: 95%CPEs: 36EXPL: 1

The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable. El gestor de dispositivo de canal IAX2 (chan_iax2) en Asterisk versiones anteriores a 1.2.22 y 1.4.x versiones anteriores a 1.4.8, Business Edition versiones anteriores a B.2.2.1, AsteriskNOW versiones anteriores a beta7, Appliance Developer Kit versiones anteriores a 0.5.0, y s800i versiones anteriores a 1.0.2 permite a atacantes remotos provocar una denegación de servicio (caída) mediante tramas (1) LAGRQ ó (2) LAGRP que contienen elementos de información de tramas IAX, que resulta en una referencia a puntero NULL cuando Asterisk no asigna apropiadamente una variable asociado. • https://www.exploit-db.com/exploits/4249 http://bugs.gentoo.org/show_bug.cgi?id=185713 http://ftp.digium.com/pub/asa/ASA-2007-015.pdf http://secunia.com/advisories/26099 http://secunia.com/advisories/29051 http://security.gentoo.org/glsa/glsa-200802-11.xml http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://www •

CVSS: 9.3EPSS: 18%CPEs: 36EXPL: 0

Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame. Desbordamiento de búfer basado en pila en el controlador de canal IAX2 (chan_iax2) de Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.1, AsteriskNOW anterior a beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos ejecutar código de su elección enviando una trama RTP larga de (1) voz o (2) vídeo. • http://bugs.gentoo.org/show_bug.cgi?id=185713 http://ftp.digium.com/pub/asa/ASA-2007-014.pdf http://secunia.com/advisories/26099 http://secunia.com/advisories/29051 http://security.gentoo.org/glsa/glsa-200802-11.xml http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/24949 http://www.securitytracker.com/id?1018407 http://www.vupen.com/english/advisories/2007/2563 https:&# •

CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 0

The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte. El controlador del canal IAX2 (chan_iax2) en Asterisk anterior a 20070504 no anula correctamente los datos terminales, lo cual permite a atacantes remotos disparar la pérdida de datos transmitidos, y posiblemente obtener información sensible (contenido de memoria) o provocar denegación de servicio (caida de aplicación), enviando un marco que carece 0 bytes. • http://ftp.digium.com/pub/asa/ASA-2007-013.pdf http://osvdb.org/35769 http://secunia.com/advisories/25134 http://secunia.com/advisories/25582 http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://www.securityfocus.com/bid/23824 http://www.vupen.com/english/advisories/2007/1661 https://exchange.xforce.ibmcloud.com/vulnerabilities/34085 •

CVSS: 7.8EPSS: 16%CPEs: 13EXPL: 0

The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash). El SIP channel driver (chan_sip) del Asterisk anterior al 1.2.18 y el 1.4.x anterior al 1.4.3 no analiza sintácticamente de forma correcta los paquetes SIP UDP que no contienen un código de respuesta válido, lo que permite a atacantes remotos provocar una denegación de servicio (caída). • http://bugs.digium.com/view.php?id=9313 http://secunia.com/advisories/25582 http://securityreason.com/securityalert/2644 http://www.asterisk.org/files/ASA-2007-011.pdf http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://www.securityfocus.com/archive/1/466882/100/0/threaded http://www.securityfocus.com/bid/24359 http://www.securitytracker.com/id?1017954 https://exchange.xforce.ibmcloud.com/vulnerabilities/3 •

CVSS: 7.8EPSS: 16%CPEs: 18EXPL: 0

The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference. El Manager Interface en Asterisk anterior a 1.2.18 y 1.4.x anterior a 1.4.3 permite a atacantes remotos provocar denegación de servicio (caida) utilizando validación MD5 para validar a un usuario que no tiene definida una contraseña en manager.conf, dando como resultado un puntero no referencia NULL. • http://secunia.com/advisories/24977 http://secunia.com/advisories/25582 http://securityreason.com/securityalert/2646 http://www.asterisk.org/files/ASA-2007-012.pdf http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://www.osvdb.org/35369 http://www.securityfocus.com/archive/1/466911/100/0/threaded http://www.securityfocus.com/bid/23649 http://www.securitytracker.com/id?1017955 http://www.vupen.com/ •