Displaying 20 results from an estimated 20000 matches similar to: "Asterisk 1.2.9.1 and 1.0.11.1 Released -- Security Fix"
2006 Jun 06
0
Asterisk 1.2.9.1 and 1.0.11.1 Released -- Security Fix
The Asterisk Development Team today re-released Asterisk 1.2.9.1 and
Asterisk 1.0.11.1 to address a security vulnerability in the IAX2
channel driver (chan_iax2). The vulnerability affects all users with
IAX2 clients that might be compromised or used by a malicious user, and
can lead to denial of service attacks and random Asterisk server crashes
via a relatively trivial exploit. These re-releases
2006 Jun 05
1
Asterisk 1.2.9 and 1.0.11 Released -- Security Fix
The Asterisk Development Team today released Asterisk 1.2.9 and Asterisk
1.0.11 to address a security vulnerability in the IAX2 channel driver
(chan_iax2). The vulnerability affects all users with IAX2 clients that
might be compromised or used by a malicious user, and can lead to denial
of service attacks and random Asterisk server crashes via a relatively
trivial exploit.
All users are urged to
2006 Jun 05
0
Asterisk 1.2.9 and 1.0.11 Released -- Security Fix
The Asterisk Development Team today released Asterisk 1.2.9 and Asterisk
1.0.11 to address a security vulnerability in the IAX2 channel driver
(chan_iax2). The vulnerability affects all users with IAX2 clients that
might be compromised or used by a malicious user, and can lead to denial
of service attacks and random Asterisk server crashes via a relatively
trivial exploit.
All users are urged to
2007 Jul 17
0
ASA-2007-015: Remote Crash Vulnerability in IAX2 channel driver
Asterisk Project Security Advisory - ASA-2007-015
+------------------------------------------------------------------------+
| Product | Asterisk |
|--------------------+---------------------------------------------------|
| Summary | Remote Crash Vulnerability in IAX2 channel driver |
2007 Jul 17
0
ASA-2007-015: Remote Crash Vulnerability in IAX2 channel driver
Asterisk Project Security Advisory - ASA-2007-015
+------------------------------------------------------------------------+
| Product | Asterisk |
|--------------------+---------------------------------------------------|
| Summary | Remote Crash Vulnerability in IAX2 channel driver |
2006 Oct 18
0
Asterisk 1.2.13 released - Security Vulnerability Fix
The Asterisk Development team has released an update to Asterisk 1.2,
Asterisk 1.2.13.
This release contains a fix for a security vulnerability recently found
in the chan_skinny channel driver (for Cisco SCCP phones). This
vulnerability would enable an attacker to remotely execute code as the
system user running Asterisk (frequently 'root'). The exploit does not
require that the
2006 Oct 18
0
Asterisk 1.2.13 released - Security Vulnerability Fix
The Asterisk Development team has released an update to Asterisk 1.2,
Asterisk 1.2.13.
This release contains a fix for a security vulnerability recently found
in the chan_skinny channel driver (for Cisco SCCP phones). This
vulnerability would enable an attacker to remotely execute code as the
system user running Asterisk (frequently 'root'). The exploit does not
require that the
2009 Sep 04
0
[Fwd: AST-2009-006: IAX2 Call Number Resource Exhaustion]
Hello,
Just in case someone hasn't upgraded yet, and is using IAX2.
-------- Original Message --------
Subject: AST-2009-006: IAX2 Call Number Resource Exhaustion
Date: Thu, 03 Sep 2009 17:47:35 -0500
From: Asterisk Security Team <security at asterisk.org>
To: bugtraq at securityfocus.com
Asterisk Project Security Advisory - AST-2009-006
1998 May 19
7
Bind Overrun Bug and Linux
[mod: Just to show you that people DO get bitten after a bugwarning has
gone out on linux-security..... -- REW]
-----BEGIN PGP SIGNED MESSAGE-----
Content-Type: text/plain; charset=us-ascii
Has anyone been hit with the Bind Inverse Query Buffer Overrun on
their Linux servers? We have had 3 servers attacked using this
expoit and all of the machines had several binaries replaced with
trojan
2008 Jul 22
0
AST-2008-010: Asterisk IAX 'POKE' resource exhaustion
Asterisk Project Security Advisory - AST-2008-010
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | Asterisk IAX 'POKE' resource exhaustion |
2007 May 04
1
ASA-2007-013: IAX2 users can cause unauthorized data disclosure
> Asterisk Project Security Advisory - ASA-2007-013
>
> +----------------------------------------------------------------------------------+
> | Product | Asterisk |
> |----------------------+-----------------------------------------------------------|
> | Summary | IAX2
2007 May 04
1
ASA-2007-013: IAX2 users can cause unauthorized data disclosure
> Asterisk Project Security Advisory - ASA-2007-013
>
> +----------------------------------------------------------------------------------+
> | Product | Asterisk |
> |----------------------+-----------------------------------------------------------|
> | Summary | IAX2
2007 Jul 17
0
ASA-2007-014: Stack buffer overflow in IAX2 channel driver
Asterisk Project Security Advisory - ASA-2007-014
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | Stack buffer overflow in IAX2 channel driver |
2007 Jul 17
0
ASA-2007-014: Stack buffer overflow in IAX2 channel driver
Asterisk Project Security Advisory - ASA-2007-014
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | Stack buffer overflow in IAX2 channel driver |
2004 Feb 18
2
is this mbuf problem real?
BM_207650
MEDIUM
Vulnerability
Version: 1 2/18/2004@03:47:29 GMT
Initial report
<https://ialert.idefense.com/KODetails.jhtml?irId=207650>
ID#207650:
FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability
(iDEFENSE Exclusive): Remote exploitation of a denial of service (DoS)
vulnerability in FreeBSD's memory buffers (mbufs) could allow attackers
to launch a DoS attack.
2004 Aug 06
3
(Fwd) [SA11578] Icecast Basic Authorization Denial of Service
For those who haven't yet received this warning yet.
Anybody from the core can tell about the background and possible
fixes?
<p>Regards,
Stefan
------- Forwarded message follows -------
Date sent: Wed, 12 May 2004 13:50:17 +0200
To: secunia_security_advisories@stefan-neufeind.de
Subject: [SA11578] Icecast Basic Authorization Denial of Service Vulnerability
2020 May 18
0
Multiple vulnerabilities in Dovecot
Dear subscribers,
we are sending notifications for three vulnerabilities,
- CVE-2020-10957
- CVE-2020-10958
- CVE-2020-10967
Please find them below
---
Aki Tuomi
Open-Xchange Oy
------------------
Open-Xchange Security Advisory 2020-05-18
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3784
Vulnerability type: NULL pointer dereference (CWE-476)
Vulnerable version:
2020 May 18
0
Multiple vulnerabilities in Dovecot
Dear subscribers,
we are sending notifications for three vulnerabilities,
- CVE-2020-10957
- CVE-2020-10958
- CVE-2020-10967
Please find them below
---
Aki Tuomi
Open-Xchange Oy
------------------
Open-Xchange Security Advisory 2020-05-18
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3784
Vulnerability type: NULL pointer dereference (CWE-476)
Vulnerable version:
1998 Dec 22
0
CERT Advisory CA-98.13 - TCP/IP Denial of Service (fwd)
The following advisory was issued by CERT yesterday. Because it affects
FreeBSD systems as well, we are forwarding it to the appropriate FreeBSD
mailing lists. We would like to thanks CERT for cooperation with the
FreeBSD security officer on this subject.
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-98-13-tcp-denial-of-service
Original Issue Date: December 21, 1998
Last Revised
2008 Feb 06
2
What about FreeBSD? - KAME Project "ipcomp6_input()" Denial of Service
TITLE:
KAME Project "ipcomp6_input()" Denial of Service
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
DESCRIPTION:
A vulnerability has been reported in the KAME Project, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the
"ipcomp6_input()" function in