exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files from Russell Bryant

Email addressrussell at digium.com
First Active2007-07-18
Last Active2009-09-04
Asterisk Project Security Advisory - AST-2009-006
Posted Sep 4, 2009
Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - The IAX2 protocol uses a call number to associate messages with the call that they belong to. However, the protocol defines the call number field in messages as a fixed size 15 bit field. So, if all call numbers are in use, no additional sessions can be handled. A call number gets created at the start of an IAX2 message exchange. So, an attacker can send a large number of messages and consume the call number space. The attack is also possible using spoofed source IP addresses as no handshake is required before a call number is assigned.

tags | advisory, spoof, protocol
advisories | CVE-2009-2346
SHA-256 | b9b863efb0b85644076d3c974b98ce74f39e463464e8e6c41b443200a78dd088
AST-2007-022.txt
Posted Oct 11, 2007
Authored by Russell Bryant, Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Multiple buffer overflows were discovered due to the use of sprintf in Asterisk's IMAP-specific voicemail code.

tags | advisory, overflow, imap
SHA-256 | 5e6beed403d366c145b69ef187cb6e89c970ef02a7ab577a2744fdfb90213dcc
AST-2007-020.txt
Posted Aug 22, 2007
Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - Asterisk suffers from a resource exhaustion vulnerability in the SIP channel driver.

tags | advisory
advisories | CVE-2007-4455
SHA-256 | 9f1bbe7d514f8f84edf352d9addf36a922ec1472cdf8c0f4f013f1fc70f7480f
ASA-2007-018.txt
Posted Jul 31, 2007
Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - The IAX2 channel driver in Asterisk is vulnerable to a denial of service attack when configured to allow unauthenticated calls.

tags | advisory, denial of service
SHA-256 | a0b5106b8836479565cb2062ecc245c6c9ec7e134d97b1a2dc470e13cb1d6bc4
ASA-2007-015.txt
Posted Jul 18, 2007
Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk IAX2 channel driver, chan_iax2, has a remotely exploitable crash vulnerability. A NULL pointer exception can occur when Asterisk receives a LAGRQ or LAGRP frame that is part of a valid session and includes information elements. The session used to exploit this issue does not have to be authenticated. It can simply be a NEW packet sent with an invalid username. The code that parses the incoming frame correctly parses the information elements of IAX frames. It then sets a pointer to NULL to indicate that there is not a raw data payload associated with this frame. However, it does not set the variable that indicates the number of bytes in the raw payload back to zero. Since the raw data length is non-zero, the code handling LAGRQ and LAGRP frames tries to copy data from a NULL pointer, causing a crash.

tags | advisory
advisories | CVE-2007-3763
SHA-256 | 82005035f0af5942ecb9961ae6e9407bfeadba79e2de888767b6b9905cdf838f
ASA-2007-014.txt
Posted Jul 18, 2007
Authored by Russell Bryant | Site asterisk.org

Asterisk Project Security Advisory - The Asterisk IAX2 channel driver, chan_iax2, has a remotely exploitable stack buffer overflow vulnerability. It occurs when chan_iax2 is passed a voice or video frame with a data payload larger than 4 kB. This is exploitable by sending a very large RTP frame to an active RTP port number used by Asterisk when the other end of the call is an IAX2 channel. Exploiting this issue can cause a crash or allow arbitrary code execution on a remote machine.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2007-3762
SHA-256 | e4dc71a2fe12119c9e203636d801c336673cd5417bd25d738fda712d34d52222
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close