search for: gauci

...possible without your participation. Thank you! The following issues are resolved in this release: Security bugs fixed in this release: ----------------------------------- * ASTERISK-27583 - Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute (Reported by Sandro Gauci) * ASTERISK-27582 - Segmentation fault occurs in Asterisk with an invalid SDP media format description (Reported by Sandro Gauci) * ASTERISK-27618 - Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport (Reported by Sandro Gau...

...ity bugs fixed in this release: ----------------------------------- * ASTERISK-27658 - WebSocket frames with 0 sized payload causes DoS (Reported by Sean Bright) * ASTERISK-27583 - Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute (Reported by Sandro Gauci) * ASTERISK-27582 - Segmentation fault occurs in Asterisk with an invalid SDP media format description (Reported by Sandro Gauci) * ASTERISK-27618 - Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport (Reported by Sandro Gau...

Hi, Got some great news a few days ago from Sandro Gauci (@SandroGauci) and we'll be talking about this with him this Friday at 1PM. SIPVicious, the free security tools for SIP scanning, now include a new tool: svcrash. It is aimed at helping system administrators stop bandwidth consuming scans making use of svwar and svcrack. Here is the announceme...

...possible without your participation. Thank you! The following issues are resolved in this release: Security bugs fixed in this release: ----------------------------------- * ASTERISK-27583 - Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute (Reported by Sandro Gauci) * ASTERISK-27582 - Segmentation fault occurs in Asterisk with an invalid SDP media format description (Reported by Sandro Gauci) * ASTERISK-27618 - Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport (Reported by Sandro Gau...

...and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Security bugs fixed in this release: ----------------------------------- * ASTERISK-29057 - pjsip: Crash on call rejection during high load (Reported by Sandro Gauci) Improvements made in this release: ----------------------------------- * ASTERISK-29056 - Increase reg_server column size for ps_contacts table realtime (Reported by sungtae kim) * ASTERISK-29055 - Create a Bridge with video_single mode (Reported by sungtae kim) Bugs fi...

Hi all, Today's jam-packed sessions include the security theme for the first hour or so, then a debate about hosted vs local VoIP services. Hour one guests are Sjur Usken, telecom consultant who has been working with VoIP since 2002 and helping companies migrate to an all IP world and Sandro Gauci, a security researcher and consultant based in, author of VoIP security tools SIPVicious, VOIPPACK and VOIPSCANNER.com. They'll be talking about a number of realistic VoIP attacks and what's being exploited by fraudsters for profit. Hour two we expect Mike Oeth, Junction Networks CEO to jo...

...t'll be next week) I can tell you that there are how-to talks on IPv6 (a double-session!) by the developers of the code (Viagenie), VoIP encryption techniques by the developer of some of the code (Terry Wilson), and a practical session on SIP security by the author of SIPVicious (Sandro Gauci.) If you've talked with me about giving a session, but not actually put it into the then it's not on the consideration list. I know that there are quite a few of you who are enthusiastic about giving a session but haven't quite gained the momentum to fill out the form - now...

...Sessions Severity Critical Exploits Known No Reported On 12 April, 2017 Reported By Sandro Gauci Posted On Last Updated On April 13, 2017 Advisory Contact Mark Michelson <mark DOT michelson AT digium DOT com>...

...Sessions Severity Critical Exploits Known No Reported On 13 April, 2017 Reported By Sandro Gauci Posted On Last Updated On April 13, 2017 Advisory Contact Mark Michelson <mark DOT michelson AT digium DOT com>...

...Sessions Severity Critical Exploits Known No Reported On April 13, 2017 Reported By Sandro Gauci Posted On Last Updated On April 13, 2017 Advisory Contact George Joseph <gjoseph AT digium DOT com> CVE Name Description A remote memory exhaust...

...ssions Severity Minor Exploits Known No Reported On January 15, 2018 Reported By Sandro Gauci Posted On February 21, 2018 Last Updated On February 19, 2018 Advisory Contact Kevin Harwell <kharwell AT diguim DOT com> CVE N...

...ssions Severity Minor Exploits Known No Reported On January 15, 2018 Reported By Sandro Gauci Posted On February 21, 2018 Last Updated On February 19, 2018 Advisory Contact Kevin Harwell <kharwell AT diguim DOT com> CVE N...

...Sessions Severity Major Exploits Known No Reported On January 30, 2018 Reported By Sandro Gauci Posted On February 21, 2018 Last Updated On February 21, 2018 Advisory Contact Joshua Colp <jcolp AT digium DOT com> CVE Na...

...ssions Severity Moderate Exploits Known No Reported On January 24, 2018 Reported By Sandro Gauci Posted On February 21, 2018 Last Updated On February 21, 2018 Advisory Contact gjoseph AT digium DOT com CVE Name...

...and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Security bugs fixed in this release: ----------------------------------- * ASTERISK-29057 - pjsip: Crash on call rejection during high load (Reported by Sandro Gauci) Improvements made in this release: ----------------------------------- * ASTERISK-29055 - Create a Bridge with video_single mode (Reported by sungtae kim) * ASTERISK-29056 - Increase reg_server column size for ps_contacts table realtime (Reported by sungtae kim) Bugs fi...

...ssions Severity Moderate Exploits Known No Reported On August 31, 2020 Reported By Sandro Gauci Posted On November 5, 2020 Last Updated On November 4, 2020 Advisory Contact kharwell AT sangoma DOT com CVE Name...

...and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Security bugs fixed in this release: ----------------------------------- * ASTERISK-29057 - pjsip: Crash on call rejection during high load (Reported by Sandro Gauci) New Features made in this release: ----------------------------------- * ASTERISK-29027 - Implement support for History-Info (Reported by Torrey Searle) Bugs fixed in this release: ----------------------------------- * ASTERISK-28933 - res_pjsip.so fails to load when bundled...

...and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Security bugs fixed in this release: ----------------------------------- * ASTERISK-29057 - pjsip: Crash on call rejection during high load (Reported by Sandro Gauci) New Features made in this release: ----------------------------------- * ASTERISK-29027 - Implement support for History-Info (Reported by Torrey Searle) Bugs fixed in this release: ----------------------------------- * ASTERISK-28933 - res_pjsip.so fails to load when bundled...

...s possible when using ACL with PJSIP (Reported by John) * ASTERISK-27658 - WebSocket frames with 0 sized payload causes DoS (Reported by Sean Bright) * ASTERISK-27583 - Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute (Reported by Sandro Gauci) * ASTERISK-27582 - Segmentation fault occurs in Asterisk with an invalid SDP media format description (Reported by Sandro Gauci) * ASTERISK-27618 - Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport (Reported by Sandro Gau...

...able (Reported by Stefan Engstr??m) * ASTERISK-26964 - res_pjsip_session: Wrong From on reinvite when request and To URI differ (Reported by Yasin CANER) * ASTERISK-26938 - Heap overflow in CSEQ header parsing affects Asterisk chan_pjsip and PJSIP (Reported by Sandro Gauci) * ASTERISK-26939 - Out of bound memory access in PJSIP multipart parser crashes Asterisk (Reported by Sandro Gauci) * ASTERISK-26940 - Asterisk Skinny memory exhaustion vulnerability leads to DoS (Reported by Sandro Gauci) * ASTERISK-26789 - Audit manipulation of c...