similar to: AST-2009-007: ACL not respected on SIP INVITE

Asterisk Project Security Advisory - AST-2009-008 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SIP responses expose valid usernames |

Asterisk Project Security Advisory - AST-2010-003 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Invalid parsing of ACL rules can compromise | | | security

Asterisk Project Security Advisory - AST-2010-003 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Invalid parsing of ACL rules can compromise | | | security

Asterisk Project Security Advisory - AST-2008-012 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Remote crash vulnerability in IAX2 |

Asterisk Project Security Advisory - AST-2008-012 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Remote crash vulnerability in IAX2 |

Asterisk Project Security Advisory - AST-2007-022 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Buffer overflows in voicemail when using IMAP | | |

Asterisk Project Security Advisory - AST-2007-022 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Buffer overflows in voicemail when using IMAP | | |

Asterisk Project Security Advisory - AST-2007-023 +------------------------------------------------------------------------+ | Product | Asterisk-Addons | |--------------------+---------------------------------------------------| | Summary | SQL Injection Vulnerability in cdr_addon_mysql |

Asterisk Project Security Advisory - AST-2007-023 +------------------------------------------------------------------------+ | Product | Asterisk-Addons | |--------------------+---------------------------------------------------| | Summary | SQL Injection Vulnerability in cdr_addon_mysql |

Asterisk Project Security Advisory - AST-2008-007 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Asterisk installations using cryptographic keys | | | generated

Asterisk Project Security Advisory - AST-2009-005 +------------------------------------------------------------------------+ | Product | Asterisk | |---------------------+--------------------------------------------------| | Summary | Remote Crash Vulnerability in SIP channel driver |

Asterisk Project Security Advisory - AST-2009-005 +------------------------------------------------------------------------+ | Product | Asterisk | |---------------------+--------------------------------------------------| | Summary | Remote Crash Vulnerability in SIP channel driver |

Hello, Just in case someone hasn't upgraded yet, and is using IAX2. -------- Original Message -------- Subject: AST-2009-006: IAX2 Call Number Resource Exhaustion Date: Thu, 03 Sep 2009 17:47:35 -0500 From: Asterisk Security Team <security at asterisk.org> To: bugtraq at securityfocus.com Asterisk Project Security Advisory - AST-2009-006

Asterisk Project Security Advisory - AST-2008-003 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Unauthenticated calls allowed from SIP channel | | | driver

Asterisk Project Security Advisory - AST-2008-003 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Unauthenticated calls allowed from SIP channel | | | driver

Asterisk Project Security Advisory - AST-2007-020 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Resource Exhaustion vulnerability in SIP channel | | | driver

Asterisk Project Security Advisory - AST-2007-020 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Resource Exhaustion vulnerability in SIP channel | | | driver

Asterisk Project Security Advisory - AST-2008-010 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Asterisk IAX 'POKE' resource exhaustion |

Asterisk Project Security Advisory - AST-2008-011 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Traffic amplification in IAX2 firmware | | |

Asterisk Project Security Advisory - AST-2008-005 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | HTTP Manager ID is predictable |