FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c0b13887-be44-11e6-b04f-001999f8d30basterisk -- Authentication Bypass

The Asterisk project reports:

The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace.

This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication.

If you do not use a proxy for authentication, then this issue does not affect you.

If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you.

If you use chan_pjsip instead of chan_sip, then this issue does not affect you.


Discovery 2016-11-28
Entry 2016-12-09
asterisk11
< 11.25.1

asterisk13
< 13.13.1

http://downloads.digium.com/pub/security/ASTERISK-2016-009.html
5cb18881-7604-11e6-b362-001999f8d30basterisk -- RTP Resource Exhaustion

The Asterisk project reports:

The overlap dialing feature in chan_sip allows chan_sip to report to a device that the number that has been dialed is incomplete and more digits are required. If this functionality is used with a device that has performed username/password authentication RTP resources are leaked. This occurs because the code fails to release the old RTP resources before allocating new ones in this scenario. If all resources are used then RTP port exhaustion will occur and no RTP sessions are able to be set up.

If overlap dialing support is not needed the "allowoverlap" option can be set to no. This will stop any usage of the scenario which causes the resource exhaustion.


Discovery 2016-08-05
Entry 2016-09-08
asterisk11
< 11.23.1

asterisk13
< 13.11.1

http://downloads.asterisk.org/pub/security/AST-2016-007.html
559f3d1b-cb1d-11e5-80a4-001999f8d30basterisk -- Multiple vulnerabilities

The Asterisk project reports:

AST-2016-001 - BEAST vulnerability in HTTP server

AST-2016-002 - File descriptor exhaustion in chan_sip

AST-2016-003 - Remote crash vulnerability when receiving UDPTL FAX data


Discovery 2016-02-03
Entry 2016-02-04
Modified 2016-03-07
asterisk
< 1.8.32.3_5

asterisk11
< 11.21.1

asterisk13
< 13.7.1

http://downloads.asterisk.org/pub/security/AST-2016-001.html
CVE-2011-3389
http://downloads.asterisk.org/pub/security/AST-2016-002.html
CVE-2016-2316
http://downloads.asterisk.org/pub/security/AST-2016-003.html
CVE-2016-2232
c2ea3b31-9d75-11e7-bb13-001999f8d30basterisk -- RTP/RTCP information leak

The Asterisk project reports:

This is a follow up advisory to AST-2017-005.

Insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.

The RTP stream qualification to learn the source address of media always accepted the first RTP packet as the new source and allowed what AST-2017-005 was mitigating. The intent was to qualify a series of packets before accepting the new source address.

The RTP/RTCP stack will now validate RTCP packets before processing them.


Discovery 2017-09-01
Entry 2017-09-19
asterisk11
< 11.25.3

asterisk13
< 13.17.2

https://downloads.asterisk.org/pub/security/AST-2017-008.html
CVE-2017-14099
c599f95c-8ee5-11e7-8be8-001999f8d30basterisk -- Unauthorized data disclosure and shell access command injection in app_minivm

The Asterisk project reports:

AST-2017-005 - A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected the new code allowed a new source address to be learned at all times.

AST-2017-006 - The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.


Discovery 2017-08-31
Entry 2017-09-01
asterisk11
< 11.25.2

asterisk13
< 13.17.1

https://downloads.asterisk.org/pub/security/AST-2017-005.html
CVE-2017-14099
https://downloads.asterisk.org/pub/security/AST-2017-006.html
CVE-2017-14100
5fee3f02-de37-11e4-b7c3-001999f8d30basterisk -- TLS Certificate Common name NULL byte exploit

The Asterisk project reports:

When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected. For example, if Asterisk is trying to register to www.domain.com, Asterisk will accept certificates of the form www.domain.com\x00www.someotherdomain.com


Discovery 2015-04-04
Entry 2015-04-08
asterisk
< 1.8.32.3

asterisk11
< 11.17.1

asterisk13
< 13.3.2

http://downloads.asterisk.org/pub/security/AST-2015-003.html
CVE-2015-3008