Displaying 20 results from an estimated 3000 matches similar to: "AST-2020-002: Outbound INVITE loop on challenge with different nonce."
2020 Nov 05
0
Asterisk 13.37.1, 16.14.1, 17.8.1, 18.0.1 and 16.8-cert5 Now Available (Security)
The Asterisk Development Team would like to announce security releases for
Asterisk 13, 16, 17 and 18, and Certified Asterisk 16.8. The available releases
are released as versions 13.37.1, 16.14.1, 17.8.1, 18.0.1 and 16.8-cert5.
These releases are available for immediate download at
https://downloads.asterisk.org/pub/telephony/asterisk/releases
2020 Nov 05
0
AST-2020-001: Remote crash in res_pjsip_session
Asterisk Project Security Advisory - AST-2020-001
Product Asterisk
Summary Remote crash in res_pjsip_session
Nature of Advisory Denial of service
Susceptibility Remote authenticated sessions
Severity
2019 Nov 21
0
AST-2019-008: Re-invite with T.38 and malformed SDP causes crash.
Asterisk Project Security Advisory -
Product Asterisk
Summary Re-invite with T.38 and malformed SDP causes crash.
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions
Severity Minor
2019 Nov 21
0
AST-2019-006: SIP request can change address of a SIP peer.
Asterisk Project Security Advisory - AST-2019-006
Product Asterisk
Summary SIP request can change address of a SIP peer.
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Minor
2014 Mar 10
0
AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers
Asterisk Project Security Advisory - AST-2014-002
Product Asterisk
Summary Denial of Service Through File Descriptor Exhaustion
with chan_sip Session-Timers
Nature of Advisory Denial of Service
Susceptibility Remote
2014 Mar 10
0
AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers
Asterisk Project Security Advisory - AST-2014-002
Product Asterisk
Summary Denial of Service Through File Descriptor Exhaustion
with chan_sip Session-Timers
Nature of Advisory Denial of Service
Susceptibility Remote
2019 Nov 21
0
AST-2019-007: AMI user could execute system commands.
Asterisk Project Security Advisory - AST-2019-007
Product Asterisk
Summary AMI user could execute system commands.
Nature of Advisory Remote Code Execution
Susceptibility Remote Authenticated Sessions
Severity Minor
2018 Feb 21
0
AST-2018-006: WebSocket frames with 0 sized payload causes DoS
Asterisk Project Security Advisory - AST-2018-006
Product Asterisk
Summary WebSocket frames with 0 sized payload causes DoS
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate
2016 Apr 14
0
AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk
Asterisk Project Security Advisory - AST-2016-004
Product Asterisk
Summary Long Contact URIs in REGISTER requests can crash
Asterisk
Nature of Advisory Remote Crash
Susceptibility Remote
2014 Mar 10
0
AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.
Asterisk Project Security Advisory - AST-2014-001
Product Asterisk
Summary Stack Overflow in HTTP Processing of Cookie Headers.
Nature of Advisory Denial Of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate
2014 Mar 10
0
AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.
Asterisk Project Security Advisory - AST-2014-001
Product Asterisk
Summary Stack Overflow in HTTP Processing of Cookie Headers.
Nature of Advisory Denial Of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate
2017 Aug 31
0
AST-2017-006: Shell access command injection in app_minivm
Asterisk Project Security Advisory - AST-2017-006
Product Asterisk
Summary Shell access command injection in app_minivm
Nature of Advisory Unauthorized command execution
Susceptibility Remote Authenticated Sessions
Severity Moderate
2020 May 11
1
Asterisk versions?
Thanks for that info, Ben. I do like to test out the latest and most
up-to-date versions of things when I can, so I'll check those files
and see how it goes.
On 2020-05-11 17:20,
Ben Ford <bford at digium.com> put forth the proposition:
> Hey Dave,
>
> In the case of 13 and 16, these are LTS versions which means that they get
> long term service. 17 is a standard release.
2015 Apr 08
0
AST-2015-003: TLS Certificate Common name NULL byte exploit
Asterisk Project Security Advisory - AST-2015-003
Product Asterisk
Summary TLS Certificate Common name NULL byte exploit
Nature of Advisory Man in the Middle Attack
Susceptibility Remote Authenticated Sessions
Severity Major
2015 Apr 08
0
AST-2015-003: TLS Certificate Common name NULL byte exploit
Asterisk Project Security Advisory - AST-2015-003
Product Asterisk
Summary TLS Certificate Common name NULL byte exploit
Nature of Advisory Man in the Middle Attack
Susceptibility Remote Authenticated Sessions
Severity Major
2016 Apr 14
0
AST-2016-005: TCP denial of service in PJProject
Asterisk Project Security Advisory - AST-2016-005
Product Asterisk
Summary TCP denial of service in PJProject
Nature of Advisory Crash/Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Critical
2017 Aug 31
0
AST-2017-005: Media takeover in RTP stack
Asterisk Project Security Advisory - AST-2017-005
Product Asterisk
Summary Media takeover in RTP stack
Nature of Advisory Unauthorized data disclosure
Susceptibility Remote Unauthenticated Sessions
Severity Critical
2023 Jul 07
0
Asterisk Release certified-18.9-cert5
The Asterisk Development Team would like to announce security release
Certified Asterisk 18.9-cert5.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert5
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk
The following security advisories were resolved in this release:
2023 Jul 07
0
Asterisk Release certified-18.9-cert5
The Asterisk Development Team would like to announce security release
Certified Asterisk 18.9-cert5.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert5
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk
The following security advisories were resolved in this release:
2015 Mar 15
0
Asterisk 13.1.0/PJSIP outbound calling using SIP trunk: Unable to create request with auth.No auth credentials for any realms in challenge.
George,
I have the detailed log below. (Resending after trimming the email to 40KB.)
The sequence below just repeats ad-nauseam. Is this a SIP trunk issue?
Thanks!
---------------------
Transmitting SIP request (885 bytes) to UDP:65.254.44.194:5060 --->
INVITE sip:12025551212 at 65.254.44.194:5060 SIP/2.0
Via: SIP/2.0/UDP 18.18.19.123:5060