Posts Tagged Asterisk Security Advisories
Asterisk Security Advisory – AST-2009-005: Remote Crash Vulnerability in SIP channel driver
Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories, sip on August 11, 2009
Asterisk The Open Source PBX & Telephony Platform
Additionally note that while this can crash Asterisk, execution of arbitrary code is not possible with this vector.
Upgrade Asterisk to one of the releases listed below.
|
Product |
Asterisk |
|
Summary |
Remote Crash Vulnerability in SIP channel driver |
|
Nature of Advisory |
Denial of Service |
|
Susceptibility |
Remote Unauthenticated Sessions |
|
Severity |
Critical in 1.6.1; minor in lesser versions |
|
Exploits Known |
No |
|
Reported On |
July 28, 2009 |
|
Reported By |
Nick Baggott < nbaggott AT mudynamics DOT com > |
|
Posted On |
August 10, 2009 |
|
Last Updated On |
August 10, 2009 |
|
Advisory Contact |
Tilghman Lesher < tlesher AT digium DOT com > |
|
CVE Name |
CVE-2009-2726 |
Asterisk Security Advisory – AST-2009-004
Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories on August 3, 2009
Asterisk The Open Source PBX & Telephony Platform
Asterisk Project Security Advisory – AST-2009-004
An attacker can cause Asterisk to crash remotely by sending malformed RTP text frames. While the attacker can cause Asterisk to crash, he cannot execute arbitrary remote code with this exploit.
Users should upgrade to a version listed in the “Corrected In” section below.
|
Product |
Asterisk |
|
Summary |
Remote Crash Vulnerability in RTP stack |
|
Nature of Advisory |
Exploitable Crash |
|
Susceptibility |
Remote unauthenticated sessions |
|
Severity |
Critical |
|
Exploits Known |
No |
|
Reported On |
July 27, 2009 |
|
Reported By |
Marcus Hunger <hunger AT sipgate DOT de> |
|
Posted On |
August 2, 2009 |
|
Last Updated On |
August 2, 2009 |
|
Advisory Contact |
Mark Michelson <mmichelson AT digium DOT com> |
|
CVE Name |
Asterisk 1.6.0.11-rc2, 1.6.1.2, 1.6.1.3-rc1, and 1.6.2.0-beta4 Release Announcement
Posted by admin in asterisk, Asterisk Security Advisories, Release Candidates, Releases, Security Advisories, t.38 on August 3, 2009
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team is pleased to announce the the second release candidate of 1.6.0.11, the release of 1.6.1.2, the first release candidate of 1.6.1.3, and the fourth beta of 1.6.2.0. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/.
The release of 1.6.1.2 fixes a remote crash security vulnerability in the RTP stack. The related security advisory AST-2009-004 has been released along with this announcement. Please read that advisory for more information.
The release candidates and betas, in addition to other fixes, contain a major re-work of the T.38 support in Asterisk. If you’ve been having trouble with T.38 in the 1.6 series, you are strongly encouraged to try one of these release candidates to determine if these changes fixed your T.38 issues.
