Mandriva Linux Security Advisory 2014-138 - Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action. Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service inactive or incomplete HTTP connections. The updated packages has been upgraded to the 11.11.0 version which is not vulnerable to these issues.
d0b6e36b5ffeb369a37f9f40b9aca3279792173c43c84fd7774bdaa4ea81c34bGentoo Linux Security Advisory 201406-25 - Multiple vulnerabilities have been discovered in Asterisk, the worst of which could allow privileged users to execute arbitrary system shell commands. Versions less than 11.10.2 are affected.
2f76e2b58cb0cbdbb77bba0f6a0aae5851cfc9aaac21444656a427bd4a831a5bAsterisk Project Security Advisory - Establishing a TCP or TLS connection to the configured HTTP or HTTPS port respectively in http.conf and then not sending or completing a HTTP request will tie up a HTTP session. By doing this repeatedly until the maximum number of open HTTP sessions is reached, legitimate requests are blocked.
e6779aabe2219ce71ab967736150fa4798031e2d5a8f66d132a104297bd2b824
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed