Computer Security
[EN] securityvulns.ru no-pyccku


Asterisk multiple security vulnerabilities
Published:13.06.2014
Source:
SecurityVulns ID:13817
Type:remote
Threat Level:
7/10
Description:DoS, restrictions bypass, code execution.
Affected:ASTERISK : Asterisk 12.3
CVE:CVE-2014-4048 (The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.)
 CVE-2014-4047 (Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.)
 CVE-2014-4046 (Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.)
 CVE-2014-4045 (The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.)
Original documentdocumentASTERISK, AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions (13.06.2014)
 documentASTERISK, AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections (13.06.2014)
 documentASTERISK, AST-2014-006: Asterisk Manager User Unauthorized Shell Access (13.06.2014)
 documentASTERISK, AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework (13.06.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod