Showing 1 - 5 of 5

Files from Terry Wilson

Asterisk Project Security Advisory - AST-2012-010: Posted Jul 6, 2012; Authored by Terry Wilson, Steve Davies | Site asterisk.org; Asterisk Project Security Advisory - If Asterisk sends a re-invite and an endpoint responds to the re-invite with a provisional response but never sends a final response, then the SIP dialog structure is never freed and the RTP ports for the call are never released. If an attacker has the ability to place a call, they could create a denial of service by using all available RTP ports.; tags | advisory, denial of service; SHA-256 | 7393ac1f7dc8c09c81891ad81cc71a05d76badd9fadaf47998c0f0251965ab45; Download | Favorite | View

Asterisk Project Security Advisory - AST-2011-013: Posted Dec 9, 2011; Authored by Terry Wilson | Site asterisk.org; Asterisk Project Security Advisory - It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and 1.6.2, this would mean if one setting was nat=yes or nat=route and the other was either nat=no or nat=never. In 1.8 and 10, this would mean when one was nat=force_rport or nat=yes and the other was nat=no or nat=comedia.; tags | advisory; SHA-256 | dde4d639d451106635a87c7b3b2c41c2b6129d36252423186294aad787478c61; Download | Favorite | View

Asterisk Project Security Advisory - AST-2011-014: Posted Dec 9, 2011; Authored by Terry Wilson | Site asterisk.org; Asterisk Project Security Advisory - Asterisk suffers from a denial of service vulnerability. When the "automon" feature is enabled in features.conf, it is possible to send a sequence of SIP requests that cause Asterisk to dereference a NULL pointer and crash.; tags | advisory, denial of service; SHA-256 | 764385423a3949867f23f34eab90bf1bd82d2c863303fda2cdc21b2469443b1c; Download | Favorite | View

Asterisk Project Security Advisory - AST-2011-012: Posted Oct 17, 2011; Authored by Terry Wilson | Site asterisk.org; Asterisk Project Security Advisory - The SIP channel driver allows a remote authenticated user that ability to cause a crash with a malformed request due to an uninitialized variable.; tags | advisory, remote; advisories | CVE-2011-4063; SHA-256 | b509eac1a7bd80f502154119179b97cc5f8a658de84afa82695934841ff6a9f2; Download | Favorite | View

Asterisk Project Security Advisory - AST-2011-011: Posted Jun 29, 2011; Authored by Terry Wilson | Site asterisk.org; Asterisk Project Security Advisory - Asterisk may respond differently to SIP requests from an invalid SIP user than it does to a user configured on the system, even when the alwaysauthreject option is set in the configuration. This can leak information about what SIP users are valid on the Asterisk system.; tags | advisory; advisories | CVE-2011-2536; SHA-256 | 5b60a5f0651dd793f221422ae84407ad379322998ba39d3b47a0a855e825710d; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days