similar to: AST-2007-025 - SQL Injection issue in res_config_pgsql

Asterisk Project Security Advisory - AST-2007-025 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SQL Injection issue in res_config_pgsql |

Asterisk Project Security Advisory - AST-2007-026 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SQL Injection issue in cdr_pgsql |

Asterisk Project Security Advisory - AST-2007-026 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SQL Injection issue in cdr_pgsql |

Asterisk Project Security Advisory - AST-2007-023 +------------------------------------------------------------------------+ | Product | Asterisk-Addons | |--------------------+---------------------------------------------------| | Summary | SQL Injection Vulnerability in cdr_addon_mysql |

Asterisk Project Security Advisory - AST-2007-023 +------------------------------------------------------------------------+ | Product | Asterisk-Addons | |--------------------+---------------------------------------------------| | Summary | SQL Injection Vulnerability in cdr_addon_mysql |

Asterisk Project Security Advisory - AST-2008-011 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Traffic amplification in IAX2 firmware | | |

Asterisk Project Security Advisory - AST-2008-010 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Asterisk IAX 'POKE' resource exhaustion |

Asterisk Project Security Advisory - AST-2009-005 +------------------------------------------------------------------------+ | Product | Asterisk | |---------------------+--------------------------------------------------| | Summary | Remote Crash Vulnerability in SIP channel driver |

Asterisk Project Security Advisory - AST-2009-005 +------------------------------------------------------------------------+ | Product | Asterisk | |---------------------+--------------------------------------------------| | Summary | Remote Crash Vulnerability in SIP channel driver |

Asterisk Project Security Advisory - AST-2008-005 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | HTTP Manager ID is predictable |

Asterisk Project Security Advisory - AST-2008-005 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | HTTP Manager ID is predictable |

Hello, How do I use multiple postgresql databases using res_config_pgsql? I tried creating multiple contexts in res_pgsql.conf, but asterisk is only using the 'general' context. My res_pgsq.conf is [general] ;; Connect to mydb on localhost dbport=5432 dbname=mydb dbuser=pgdbuser requirements=warn [pgwritedb] ;; Connect to mydb2 on another host dbhost=<IP

Asterisk Project Security Advisory - AST-2008-003 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Unauthenticated calls allowed from SIP channel | | | driver

Asterisk Project Security Advisory - AST-2008-003 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Unauthenticated calls allowed from SIP channel | | | driver

Asterisk Project Security Advisory - AST-2009-008 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | SIP responses expose valid usernames |

Asterisk Project Security Advisory - AST-2007-020 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Resource Exhaustion vulnerability in SIP channel | | | driver

Asterisk Project Security Advisory - AST-2007-020 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Resource Exhaustion vulnerability in SIP channel | | | driver

The Asterisk.org development team has released Asterisk versions 1.4.15 and 1.2.25. These releases contain two fixes for security issues. http://downloads.digium.com/pub/asa/AST-2007-025.pdf * This is a SQL injection vulnerability in the res_config_pgsql module. Default installations of Asterisk are not affected. However, any system using the Postgres Realtime Engine may be remotely

The Asterisk.org development team has released Asterisk versions 1.4.15 and 1.2.25. These releases contain two fixes for security issues. http://downloads.digium.com/pub/asa/AST-2007-025.pdf * This is a SQL injection vulnerability in the res_config_pgsql module. Default installations of Asterisk are not affected. However, any system using the Postgres Realtime Engine may be remotely

Hello, Just in case someone hasn't upgraded yet, and is using IAX2. -------- Original Message -------- Subject: AST-2009-006: IAX2 Call Number Resource Exhaustion Date: Thu, 03 Sep 2009 17:47:35 -0500 From: Asterisk Security Team <security at asterisk.org> To: bugtraq at securityfocus.com Asterisk Project Security Advisory - AST-2009-006