Debian Asterisk vulnerabilities

CVE-2011-4597 [MEDIUM] CVE-2011-4597: asterisk - The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6... The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. Scope: local bullseye: resolved (fixed in 1:1.8.8.0~dfsg-

CVE-2011-2536 [MEDIUM] CVE-2011-2536: asterisk - chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41... chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to e

CVE-2011-2666 [MEDIUM] CVE-2011-2666: asterisk - The default configuration of the SIP channel driver in Asterisk Open Source 1.4.... The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerab

CVE-2011-2535 [MEDIUM] CVE-2011-2535: asterisk - chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.... chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impac

CVE-2011-1147 [MEDIUM] CVE-2011-1147: asterisk - Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type... Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enab

CVE-2011-4063 [MEDIUM] CVE-2011-4063: asterisk - chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.... chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request. Scope: local bullseye: resolved (fixed in 1:1.8.7.1~dfsg-1) sid: resolved (fixed in 1:

CVE-2011-2529 [MEDIUM] CVE-2011-2529: asterisk - chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.... chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet. Scope: local bullseye: resolved (fixed in 1:1.8.4.3-1) si

CVE-2011-0495 [MEDIUM] CVE-2011-0495: asterisk - Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in As... Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP cha

CVE-2011-3389 [MEDIUM] CVE-2011-3389: asterisk - The SSL protocol, as used in certain configurations in Microsoft Windows and Mic... The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS s

CVE-2011-1175 [MEDIUM] CVE-2011-1175: asterisk - tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, ... tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API. Scope: local bullseye: resolved (fixed in 1:1.8.3.3-1) sid

CVE-2010-0685 [MEDIUM] CVE-2010-0685: asterisk - The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, a... The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated us

CVE-2010-0441 [MEDIUM] CVE-2010-0441: asterisk - Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2... Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large

CVE-2010-1224 [MEDIUM] CVE-2010-1224: asterisk - main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1... main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unautho

CVE-2009-2726 [HIGH] CVE-2009-2726: asterisk - The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before... The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which a

CVE-2009-2346 [HIGH] CVE-2009-2346: asterisk - The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.... The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many

CVE-2009-4055 [MEDIUM] CVE-2009-4055: asterisk - rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.... rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long dat

CVE-2009-3727 [MEDIUM] CVE-2009-3727: asterisk - Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before ... Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote at

CVE-2009-3723 [HIGH] CVE-2009-3723: asterisk - asterisk allows calls on prohibited networks asterisk allows calls on prohibited networks Scope: local bullseye: resolved (fixed in 1:1.6.2.0~rc3-2) sid: resolved (fixed in 1:1.6.2.0~rc3-2)

CVE-2009-0041 [MEDIUM] CVE-2009-0041: asterisk - IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1... IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumer

CVE-2009-2651 [MEDIUM] CVE-2009-2651: asterisk - main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers ... main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer. Scope: local bullseye: resolved (fixed in 1:1.6.2.0~dfsg~rc1-1) sid: resolved (fixed in 1:1.6.2.0~dfsg~