Page 6 of 35 results (0.004 seconds)

CVSS: 9.3EPSS: 18%CPEs: 36EXPL: 0

Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame. Desbordamiento de búfer basado en pila en el controlador de canal IAX2 (chan_iax2) de Asterisk anterior a 1.2.22 y 1.4.x anterior a 1.4.8, Business Edition anterior a B.2.2.1, AsteriskNOW anterior a beta7, Appliance Developer Kit anterior a 0.5.0, y s800i anterior a 1.0.2 permite a atacantes remotos ejecutar código de su elección enviando una trama RTP larga de (1) voz o (2) vídeo. • http://bugs.gentoo.org/show_bug.cgi?id=185713 http://ftp.digium.com/pub/asa/ASA-2007-014.pdf http://secunia.com/advisories/26099 http://secunia.com/advisories/29051 http://security.gentoo.org/glsa/glsa-200802-11.xml http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_15_sr.html http://www.securityfocus.com/bid/24949 http://www.securitytracker.com/id?1018407 http://www.vupen.com/english/advisories/2007/2563 https:&# •

CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 0

The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte. El controlador del canal IAX2 (chan_iax2) en Asterisk anterior a 20070504 no anula correctamente los datos terminales, lo cual permite a atacantes remotos disparar la pérdida de datos transmitidos, y posiblemente obtener información sensible (contenido de memoria) o provocar denegación de servicio (caida de aplicación), enviando un marco que carece 0 bytes. • http://ftp.digium.com/pub/asa/ASA-2007-013.pdf http://osvdb.org/35769 http://secunia.com/advisories/25134 http://secunia.com/advisories/25582 http://www.debian.org/security/2007/dsa-1358 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://www.securityfocus.com/bid/23824 http://www.vupen.com/english/advisories/2007/1661 https://exchange.xforce.ibmcloud.com/vulnerabilities/34085 •

CVSS: 7.8EPSS: 93%CPEs: 37EXPL: 0

The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet. La función handle_response en chan_sip.c de Asterisk before 1.2.17 y 1.4.x versiones anteriores a 1.4.2 permite a atacantes remotos provocar una denegación de servicio (caída) mediante una respuesta SIP código 0 en un paquete SIP. • http://bugs.digium.com/view.php?id=9313 http://secunia.com/advisories/24579 http://secunia.com/advisories/24719 http://secunia.com/advisories/25582 http://security.gentoo.org/glsa/glsa-200704-01.xml http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907&r2=59038 http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html http://www.asterisk.org/node/48338 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://www.sec •

CVSS: 7.8EPSS: 95%CPEs: 18EXPL: 1

Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference. Asterisk versiones 1.4 anteriores a 1.4.1 y versiones 1.2 anteriores a 1.2.16, permite a atacantes remotos causar una denegación de servicio (bloqueo) enviando un paquete de Session Initiation Protocol (SIP) sin una URI y Encabezado SIP-version, lo que resulta en una desreferencia del puntero NULL. • https://www.exploit-db.com/exploits/3407 http://asterisk.org/node/48319 http://asterisk.org/node/48320 http://labs.musecurity.com/advisories/MU-200703-01.txt http://secunia.com/advisories/24380 http://secunia.com/advisories/24578 http://secunia.com/advisories/25582 http://security.gentoo.org/glsa/glsa-200703-14.xml http://www.debian.org/security/2007/dsa-1358 http://www.kb.cert.org/vuls/id/228032 http://www.novell.com/linux/security/advisories/2007_34_asterisk •

CVSS: 7.5EPSS: 96%CPEs: 26EXPL: 2

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. Desbordamiento de entero en la función get_input en el controlador de canal Skinny (chan_skinny.c) en Asterisk 1.0.x anteriores a 1.0.12 y 1.2.x anteriores a 1.2.13, utilizados en los teléfonos Cisco SCCP, permite a atacantes remotos ejecutar código de su elección mediante un cierto valor dlen que pasa una comparación de entero con signo y lleva a un desbordamiento de búfer basado en montón. • https://www.exploit-db.com/exploits/2597 http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12 http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html http://secunia.com/advisories/22480 http://secunia.com/advisories/22651 http://secunia.com/advisories/22979 http://secunia.com/advisories/23212 http://securitytracker.com/id?1017089 http://www.asterisk.org/node/109 http://www.gent •