Showing 1 - 3 of 3

CVE-2015-3008

Status Candidate

Overview

Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Related Files

Debian Security Advisory 3700-1: Posted Oct 26, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3700-1 - Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service or incorrect certificate validation.; tags | advisory, denial of service, vulnerability; systems | linux, debian; advisories | CVE-2015-3008, CVE-2016-2232, CVE-2016-2316, CVE-2016-7551; SHA-256 | 9125c031bfa6573eba2f15a412d4b3e1902eae3695ad7cf7b0b301df9690d239; Download | Favorite | View

Mandriva Linux Security Advisory 2015-206: Posted Apr 27, 2015; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2015-206 - When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected.; tags | advisory; systems | linux, mandriva; advisories | CVE-2015-3008; SHA-256 | 0f49b40c5245b1a901652fda923ccb5d25207d1dc5ad349b0a1484d554d3794c; Download | Favorite | View

Asterisk Project Security Advisory - AST-2015-003: Posted Apr 9, 2015; Authored by Jonathan Rose | Site asterisk.org; Asterisk Project Security Advisory - When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected.; tags | advisory; advisories | CVE-2015-3008; SHA-256 | b08ef4b3d0f8ba0061a7cd3e5a8e37967a3286590dcc31a21c17c24ecb06371e; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 252 files
Ubuntu 59 files
Debian 19 files
LiquidWorm 17 files
Apple 9 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files
Google Security Research 3 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,945)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,987)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

CVE-2015-3008

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems