Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Asterisk
Опубликовано:13 марта 2014 г.
Источник:
SecurityVulns ID:13599
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера, DoS.
Затронутые продукты:ASTERISK : Asterisk 12.0
CVE:CVE-2014-2289 (res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.)
 CVE-2014-2288 (The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.)
 CVE-2014-2287 (channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.)
 CVE-2014-2286 (main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.)
Оригинальный текстdocumentASTERISK, AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling (13.03.2014)
 documentASTERISK, AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver (13.03.2014)
 documentASTERISK, AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers (13.03.2014)
 documentASTERISK, AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers. (13.03.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород