Skip to main content

Tags Security Advisory

Asterisk PJSIP: stack corruption via large Accept header in SUBSCRIBE

Published on Feb 22, 2018 in , , , , ,

Description

A large SUBSCRIBE message with multiple malformed Accept headers will crash Asterisk due to stack corruption.

Impact

Abuse of this vulnerability leads to denial of service in Asterisk when chan_pjsip is in use. Brief analysis indicates that this is an exploitable vulnerability that may lead to remote code execution.

Read more about Asterisk PJSIP: stack corruption via large Accept header in SUBSCRIBE

Asterisk PJSIP: crash via repeated INVITE messages over TCP/TLS

Published on Feb 22, 2018 in , , , ,

Description

A crash occurs when a number of INVITE messages are sent over TCP or TLS and then the connection is suddenly closed. This issue leads to a segmentation fault.

Read more about Asterisk PJSIP: crash via repeated INVITE messages over TCP/TLS

Asterisk PJSIP: crash via invalid SDP media format description

Published on Feb 22, 2018 in , , , ,

Description

A specially crafted SDP message body with an invalid media format description causes a segmentation fault in asterisk using chan_pjsip.

Impact

Abuse of this vulnerability leads to denial of service in Asterisk when chan_pjsip is in use.

Read more about Asterisk PJSIP: crash via invalid SDP media format description

Asterisk: RTP Bleed vulnerability

Published on Sep 1, 2017 in , , ,

Description

When Asterisk is configured with the nat=yes and strictrtp=yes (on by default) options, it is vulnerable to an attack which we call RTP Bleed. Further information about the attack can be found at https://rtpbleed.com.

Read more about Asterisk: RTP Bleed vulnerability

Asterisk Skinny: memory exhaustion denial of service

Published on May 23, 2017 in , ,

Description

Sending one malformed Skinny message to port 2000 will exhaust Asterisk’s memory resulting in a crash.

Impact

Abuse of this issue allows attackers to crash Asterisk when Skinny is exposed to attackers.

How to reproduce the issue

Start Asterisk and make sure the chan_skinny module is loaded. Then execute:

Read more about Asterisk Skinny: memory exhaustion denial of service

Asterisk PJSIP: out-of-bound memory access in multipart parser

Published on May 23, 2017 in , , ,

Description

A specially crafted SIP message with a malformed multipart body was found to cause a segmentation fault.

Impact

Abuse of this vulnerability leads to denial of service (DoS), and potentially remote code execution (RCE), in Asterisk when chan_pjsip is in use. This vulnerability is likely to affect other code that makes use of PJSIP.

Read more about Asterisk PJSIP: out-of-bound memory access in multipart parser

Asterisk PJSIP: heap overflow in CSeq header parsing

Published on May 23, 2017 in , , , ,

Description

A specially crafted SIP message with a long CSEQ value will cause a heap overflow in PJSIP.

Impact

Abuse of this vulnerability leads to denial of service in Asterisk when chan_pjsip is in use. This vulnerability is likely to be abused for remote code execution and may affect other code that makes use of PJSIP.

Read more about Asterisk PJSIP: heap overflow in CSeq header parsing

Liferay: XML External Entity vulnerability in OpenID component

Published on Jan 1, 2016 in , ,

Description

Liferay supports OpenID login which was found to make use of a version of openid4java that is vulnerable to XML External Entity (XXE) attacks.

Impact

Abuse of the XXE vulnerability can (at least) lead to local file disclosure, server-side request forgery (SSRF) and denial of service. This vulnerability was abused to read local files on the web server that the web application had access to.

Read more about Liferay: XML External Entity vulnerability in OpenID component

Juniper VPN SSL: client-side cross-site scripting

Published on Sep 12, 2013 in , , ,

Description

The Juniper VPN SSL system was found to be vulnerable to a client-side cross site scripting vulnerability.

Impact

Exploitation of this vulnerability may allow hijack of VPN SSL sessions. This usually involves a social engineering attack in order to convince a logged in victim to click on an attacker-supplied URL. Therefore such an attack would typically be the result of a targeted attack rather than an opportunistic one.

Read more about Juniper VPN SSL: client-side cross-site scripting

Applicure dotDefender: stored cross-site scripting in admin interface

Published on Jun 1, 2010 in , ,

An advisory by EnableSecurity.

Description

Applicure dotDefender is a Web Application Firewall that can be installed on Windows and Linux servers.

From their website (applicure.com):

“dotDefender is the market-leading software Web Application Firewall (WAF). dotDefender boasts enterprise-class security, advanced integration capabilities, easy maintenance and low total cost of ownership (TCO). dotDefender is the perfect choice for protecting your website and web applications today.”

Read more about Applicure dotDefender: stored cross-site scripting in admin interface

Subscribe

Receive high-quality, low-volume RTC security research, news and occasional updates about what we're up to.

Interested in our services? Let's collaborate.
Get in touch

We hate spam and are committed to protecting and respecting your privacy. You can unsubscribe from our communications at any time. By subscribing, you are agreeing to the Privacy Policy.