search for: kharwel

...o have the encryption support, what is it actually used for? Maybe it is some old flag which is not needed anymore and so can be ignored for now and possibly removed from the configure/makefile stuff for future releases? Kind regards, Patrick Wakano On Wed, 26 Feb 2020 at 06:33, Kevin Harwell <kharwell at digium.com> wrote: > On Thu, Feb 20, 2020 at 9:38 PM Patrick Wakano <pwakano at gmail.com> wrote: > >> Hello list, >> Hope you are all doing well! >> >> I am facing a problem when compiling Asterisk 16.8.0 in a CentOS 6 box >> and I wonder if someon...

...Reported By John Bigelow <jbigelow AT digium DOT com> Posted On June 12, 2014 Last Updated On June 12, 2014 Advisory Contact Kevin Harwell <kharwell AT digium DOT com> CVE Name CVE-2014-4045 Description A remotely exploitable crash vulnerability exists in the PJSIP channel driver's pub/sub framework. If an attempt is made...

...Reported By Gareth Palmer Posted On 20 November, 2014 Last Updated On November 20, 2014 Advisory Contact Kevin Harwell <kharwell AT digium DOT com> CVE Name Pending Description The DB dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalatio...

...Reported By John Bigelow <jbigelow AT digium DOT com> Posted On June 12, 2014 Last Updated On June 12, 2014 Advisory Contact Kevin Harwell <kharwell AT digium DOT com> CVE Name CVE-2014-4045 Description A remotely exploitable crash vulnerability exists in the PJSIP channel driver's pub/sub framework. If an attempt is made...

...Reported By Gareth Palmer Posted On 20 November, 2014 Last Updated On November 20, 2014 Advisory Contact Kevin Harwell <kharwell AT digium DOT com> CVE Name Pending Description The DB dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalatio...

...Reported On March 27, 2017 Reported By Alex Villacis Lasso Posted On Last Updated On April 4, 2017 Advisory Contact kharwell AT digium DOT com CVE Name Description No size checking is done when setting the user field on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user fie...

...Reported On October 15, 2017 Reported By Correy Farrell Posted On Last Updated On October 19, 2017 Advisory Contact kharwell AT digium DOT com CVE Name Description A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the...

...Reported By Sandro Gauci Posted On February 21, 2018 Last Updated On February 19, 2018 Advisory Contact Kevin Harwell <kharwell AT diguim DOT com> CVE Name Description By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to...

...Reported By Sandro Gauci Posted On February 21, 2018 Last Updated On February 19, 2018 Advisory Contact Kevin Harwell <kharwell AT diguim DOT com> CVE Name Description By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to...

...Reported By Sean Bright Posted On June 11, 2018 Last Updated On June 11, 2018 Advisory Contact Kevin Harwell <kharwell AT digium DOT com> CVE Name Description When connected to Asterisk via TCP/TLS if the client abruptly disconnects, or sends a specially crafted message then Asterisk gets caught in an infinite loop while trying...

...Reported By Alexei Gradinari Posted On September 05, 2019 Last Updated On September 4, 2019 Advisory Contact kharwell AT sangoma DOT com CVE Name CVE-2019-15297 Description When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint responds with a declined...

...Reported On December 12, 2017 Reported By Ross Beer Posted On Last Updated On December 22, 2017 Advisory Contact Kevin Harwell <kharwell AT digium DOT com> CVE Name Description A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and using the PJSIP...

...Reported By Gareth Palmer Posted On 20 November, 2014 Last Updated On November 20, 2014 Advisory Contact Kevin Harwell <kharwell AT digium DOT com> CVE Name Pending Description The CONFBRIDGE dialplan function when executed from an external protocol (for instance AMI), could result in a privilege...

...Reported By Gareth Palmer Posted On 20 November, 2014 Last Updated On November 20, 2014 Advisory Contact Kevin Harwell <kharwell AT digium DOT com> CVE Name Pending Description The CONFBRIDGE dialplan function when executed from an external protocol (for instance AMI), could result in a privilege...

...Reported By Sandro Gauci Posted On November 5, 2020 Last Updated On November 4, 2020 Advisory Contact kharwell AT sangoma DOT com CVE Name Description Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a “gap” between the creation of the dia...

Dne 6.8.2015 v 21:00 Sylvain Boily napsal(a): > Hello, > > Le 2015-08-06 09:24, Marek Cervenka a ?crit : >> hi, >> >> there is updated skills based routing patch for asterisk queue >> please test if you have time >> >> https://issues.asterisk.org/jira/browse/ASTERISK-17366?jql=text%20~%20%22skills%22 >> >> > > You can find the latest

In the asterisk wiki instructions for Configuring Asterisk for WebRTC clients... https://wiki.asterisk.org/wiki/display/AST/Configuring+Asterisk+for+WebRTC+Clients "To communicate with websocket clients, Asterisk uses its built-in HTTP daemon. Configure /etc/asterisk/http.conf as follows: [general] enabled=yes bindaddr=0.0.0.0 bindport=8088 tlsenable=yes tlsbindaddr=0.0.0.0:8089

Hello list, Hope you are all doing well! I am facing a problem when compiling Asterisk 16.8.0 in a CentOS 6 box and I wonder if someone can put some light on it. Log history short, install_prereq fails to install the packages (not sure how important they actually are....): speexdsp-devel, gmime-devel, uriparser-devel, iksemel-devel, uw-imap-devel, hoard Then, I am running the following commands

On Fri, Mar 6, 2015 at 2:06 PM, Dmitriy Serov <serov.d.p at gmail.com> wrote: > Hello. > > Asterisk 13.2. > I transfer configs from chan_sip to res_pjsip. > In chan_sip i have "match_auth_username=yes" and have nothing in pjsip. > > I have a lot of endpoints and registrations on same SIP server. And it's > problem in pjsip now. Is not it? > > I

On Wed, Jan 22, 2020 at 5:32 PM Phil Mickelson <phil at cbasoftware.com> wrote: > I'm trying to get the Call-ID from the SIP HEADER using getChannelVar. > When I pass SIP_HEADER() and anything as the variable I get Unable to read > provided function. If use Call-ID I get Provided variable was not found. > > This is a connected call. Is it not possible to get SIP HEADER