Secunia Logo  
 Vulnerability InformationVulnerability ScanningCommunityBlog - new entry!Corporate InformationOnline ShopCustomer Login  
 Secunia AdvisoriesSecunia ResearchBinary Analysis  
Home > Vulnerability Information > Secunia Advisories > Advisories by Product > Asterisk 1.x
Secunia Advisories
Advisories
Search
Advisories by Product
Advisories by Vendor
Historic Advisories
Mailing Lists
Report Vulnerability
Contact Form
Business Solutions Restricted
Partner Solutions Restricted
About


Secunia PSI WorldMap 		 
Vulnerability Report: Asterisk 1.x
This vulnerability report for Asterisk 1.x contains a complete overview of all Secunia advisories affecting it. You can use this vulnerability report to ensure that you are aware of all vulnerabilities, both patched and unpatched, affecting this product allowing you to take the necessary precautions.

If you have information about a new or an existing vulnerability in Asterisk 1.x then you are more than welcome to contact us.


Table of Contents

1. Product Summary Only

2. Secunia Advisory Statistics (All time)
2.1. Statistics for 2009
2.2. Statistics for 2008
2.3. Statistics for 2007
2.4. Statistics for 2006
2.5. Statistics for 2005
2.6. Statistics for 2004
2.7. Statistics for 2003

3. List of Secunia Advisories (All time)
3.1. List for 2009
3.2. List for 2008
3.3. List for 2007
3.4. List for 2006
3.5. List for 2005
3.6. List for 2004
3.7. List for 2003

4. Send Feedback
 
Vendor, Links, and Unpatched Vulnerabilities

Vendor N/A

Product Link View Here (Link to external site)

Affected By 39 Secunia advisories
57 Vulnerabilities

Monitor Product Receive alerts for this product

Unpatched 0% (0 of 39 Secunia advisories)

Most Critical Unpatched
There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..




39 Secunia Advisories in 2003-2009
Secunia has issued a total of 39 Secunia advisories in 2003-2009 for Asterisk 1.x. Currently, 0% (0 out of 39) are marked as unpatched.

More information about the specific Secunia advisories affecting Asterisk 1.x can be found below. Each Secunia advisory is enclosed by a box highlighted with a color representing its current patch status. You can read the complete Secunia advisories for thorough descriptions of the issues covered and for solution suggestions by clicking either the Secunia advisory title or the "Read More" links available for each Secunia advisory.



Asterisk SIP REGISTER Response User Enumeration Weakness
Vendor Patch. Secunia Advisory 1 of 8 in 2009. 450 views.
Release Date:
2009-11-05		 Secunia Advisory ID:
SA37265		 Solution Status:
Vendor Patch
Criticality:
 Impact:
Exposure of system information
 Where:
From remote
Short Description:
A weakness has been reported in Asterisk, which can be exploited by malicious people to determine valid usernames. [Read More]

Asterisk SIP INVITE ACL Security Bypass
Vendor Patch. Secunia Advisory 2 of 8 in 2009. 421 views.
Release Date:
2009-10-27		 Secunia Advisory ID:
SA37056		 Solution Status:
Vendor Patch
Criticality:
 Impact:
Security Bypass
 Where:
From remote
Short Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to bypass certain security restrictions. [Read More]

Asterisk IAX2 Call Number Exhaustion Denial of Service
Vendor Patch. Secunia Advisory 3 of 8 in 2009. 760 views.
Release Date:
2009-09-04		 Secunia Advisory ID:
SA36593		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
 Where:
From local network
Short Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). [Read More]

Asterisk SIP Channel Driver Denial of Service
Vendor Patch. Secunia Advisory 4 of 8 in 2009. 680 views.
Release Date:
2009-08-11		 Secunia Advisory ID:
SA36227		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
 Where:
From remote
Short Description:
Some vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). [Read More]

Asterisk RTP Text Frames Denial of Service Vulnerability
Vendor Patch. Secunia Advisory 5 of 8 in 2009. 1,167 views.
Release Date:
2009-07-28		 Secunia Advisory ID:
SA36039		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
 Where:
From remote
Short Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). [Read More]

Asterisk SIP Response User Enumeration Weakness
Vendor Patch. Secunia Advisory 6 of 8 in 2009. 964 views.
Release Date:
2009-04-03		 Secunia Advisory ID:
SA34564		 Solution Status:
Vendor Patch
Criticality:
 Impact:
Exposure of system information
 Where:
From remote
Short Description:
A weakness has been reported in Asterisk, which can be exploited by malicious people to determine valid user names. [Read More]

Asterisk "pedantic" SIP Processing Denial of Service
Vendor Patch. Secunia Advisory 7 of 8 in 2009. 895 views.
Release Date:
2009-03-11		 Secunia Advisory ID:
SA34229		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
 Where:
From remote
Short Description:
Some vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). [Read More]

Asterisk User Account Enumeration Weakness
Vendor Patch. Secunia Advisory 8 of 8 in 2009. 2,733 views.
Release Date:
2009-01-09		 Secunia Advisory ID:
SA33453		 Solution Status:
Vendor Patch
Criticality:
 Impact:
Exposure of system information
 Where:
From local network
Short Description:
A weakness has been reported in Asterisk, which can be exploited by malicious people to identify valid user accounts. [Read More]

Asterisk IAX2 User Authentication Denial of Service
Vendor Patch. Secunia Advisory 1 of 7 in 2008. 1,662 views.
Release Date:
2008-12-11		 Secunia Advisory ID:
SA32956		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
 Where:
From local network
Short Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). [Read More]

Asterisk Two Denial of Service Vulnerabilities
Vendor Patch. Secunia Advisory 2 of 7 in 2008. 3,746 views.
Release Date:
2008-07-23		 Secunia Advisory ID:
SA31178		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
 Where:
From local network
Short Description:
Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) or to conduct DoS attacks. [Read More]

Asterisk "pedantic" SIP Processing Denial of Service
Vendor Patch. Secunia Advisory 3 of 7 in 2008. 3,843 views.
Release Date:
2008-06-04		 Secunia Advisory ID:
SA30517		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
 Where:
From remote
Short Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). [Read More]

Asterisk IAX2 Handshake Denial of Service
Vendor Patch. Secunia Advisory 4 of 7 in 2008. 6,048 views.
Release Date:
2008-04-23		 Secunia Advisory ID:
SA29927		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
 Where:
From local network
Short Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). [Read More]

Asterisk Predictable HTTP Manager ID Weakness
Vendor Workaround. Secunia Advisory 5 of 7 in 2008. 5,805 views.
Release Date:
2008-03-19		 Secunia Advisory ID:
SA29449		 Solution Status:
Vendor Workaround
Criticality:
 Impact:
Hijacking
 Where:
From local network
Short Description:
Dino A. Dai Zovi has reported a weakness in Asterisk, which can be exploited by malicious people to hijack a user session. [Read More]

Asterisk Multiple Vulnerabilities
Vendor Patch. Secunia Advisory 6 of 7 in 2008. 6,244 views.
Release Date:
2008-03-19		 Secunia Advisory ID:
SA29426		 Solution Status:
Vendor Patch
Criticality:
 Impact:
Security Bypass
DoS
System access
 Where:
From remote
Short Description:
Some vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. [Read More]

Asterisk "BYE/Also" Denial of Service Vulnerability
Vendor Patch. Secunia Advisory 7 of 7 in 2008. 6,913 views.
Release Date:
2008-01-03		 Secunia Advisory ID:
SA28312		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
 Where:
From remote
Short Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). [Read More]

Asterisk Registration Database Security Bypass
Vendor Patch. Secunia Advisory 1 of 15 in 2007. 7,333 views.
Release Date:
2007-12-19		 Secunia Advisory ID:
SA28149		 Solution Status:
Vendor Patch
Criticality:
 Impact:
Security Bypass
 Where:
From remote
Short Description:
A security issue has been reported in Asterisk, which can be exploited by malicious people to bypass certain security restrictions. [Read More]

Asterisk Call Detail Record Postgres SQL Injection
Vendor Patch. Secunia Advisory 2 of 15 in 2007. 10,534 views.
Release Date:
2007-11-30		 Secunia Advisory ID:
SA27827		 Solution Status:
Vendor Patch
Criticality:
 Impact:
Manipulation of data
 Where:
From remote
Short Description:
A vulnerability has been reported in Asterisk and Asterisk Business Edition, which can be exploited by malicious users to conduct SQL injection attacks. [Read More]

Asterisk Postgres Realtime Engine SQL Injection
Vendor Patch. Secunia Advisory 3 of 15 in 2007. 8,999 views.
Release Date:
2007-11-30		 Secunia Advisory ID:
SA27873		 Solution Status:
Vendor Patch
Criticality:
 Impact:
Manipulation of data
 Where:
From remote
Short Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to conduct SQL injection attacks. [Read More]

Asterisk IMAP Storage Voicemail Buffer Overflow
Vendor Patch. Secunia Advisory 4 of 15 in 2007. 6,912 views.
Release Date:
2007-10-11		 Secunia Advisory ID:
SA27184		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
System access
 Where:
From remote
Short Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system. [Read More]

Asterisk Voicemail IMAP Backend Invalid MIME Denial of Service
Vendor Workaround. Secunia Advisory 5 of 15 in 2007. 7,912 views.
Release Date:
2007-08-27		 Secunia Advisory ID:
SA26601		 Solution Status:
Vendor Workaround
Criticality:
 Impact:
DoS
 Where:
From remote
Short Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). [Read More]

Asterisk SIP Channel Driver Dialog History Memory Exhaustion
Vendor Patch. Secunia Advisory 6 of 15 in 2007. 9,056 views.
Release Date:
2007-08-22		 Secunia Advisory ID:
SA26553		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
 Where:
From remote
Short Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). [Read More]

Asterisk Skinny Channel Driver Denial of Service
Vendor Patch. Secunia Advisory 7 of 15 in 2007. 8,350 views.
Release Date:
2007-08-08		 Secunia Advisory ID:
SA26340		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
 Where:
From remote
Short Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious users to cause a DoS (Denial of Service). [Read More]

Asterisk IAX2 Channel Driver Denial of Service
Vendor Patch. Secunia Advisory 8 of 15 in 2007. 8,821 views.
Release Date:
2007-07-30		 Secunia Advisory ID:
SA26274		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
 Where:
From local network
Short Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). [Read More]

Asterisk Multiple Vulnerabilities
Vendor Patch. Secunia Advisory 9 of 15 in 2007. 9,216 views.
Release Date:
2007-07-18		 Secunia Advisory ID:
SA26099		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
System access
 Where:
From remote
Short Description:
Some vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. [Read More]

Asterisk IAX2 Channel Driver Information Disclosure
Vendor Workaround. Secunia Advisory 10 of 15 in 2007. 7,349 views.
Release Date:
2007-05-07		 Secunia Advisory ID:
SA25134		 Solution Status:
Vendor Workaround
Criticality:
 Impact:
Exposure of sensitive information
 Where:
From local network
Short Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious users to disclose potential sensitive information. [Read More]

Asterisk T.38 SDP Buffer Overflows and Management Interface Denial of Service
Vendor Patch. Secunia Advisory 11 of 15 in 2007. 11,892 views.
Release Date:
2007-04-25		 Secunia Advisory ID:
SA24977		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
System access
 Where:
From remote
Short Description:
Some vulnerabilities have been reported in Asterisk, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. [Read More]

Asterisk AEL Extensions Security Bypass
Vendor Workaround. Secunia Advisory 12 of 15 in 2007. 6,011 views.
Release Date:
2007-04-03		 Secunia Advisory ID:
SA24694		 Solution Status:
Vendor Workaround
Criticality:
 Impact:
Security Bypass
 Where:
From remote
Short Description:
A security issue has been reported in Asterisk, which can be exploited by malicious people to bypass certain security restrictions. [Read More]

Asterisk SIP Response Code Denial of Service
Vendor Patch. Secunia Advisory 13 of 15 in 2007. 14,426 views.
Release Date:
2007-03-22		 Secunia Advisory ID:
SA24579		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
 Where:
From remote
Short Description:
qwerty1979 has reported some vulnerabilities in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). [Read More]

Asterisk SIP INVITE Denial of Service Vulnerability
Vendor Patch. Secunia Advisory 14 of 15 in 2007. 9,446 views.
Release Date:
2007-03-21		 Secunia Advisory ID:
SA24564		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
 Where:
From remote
Short Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). [Read More]

Asterisk SIP Message Handling Denial of Service
Vendor Patch. Secunia Advisory 15 of 15 in 2007. 11,029 views.
Release Date:
2007-03-07		 Secunia Advisory ID:
SA24380		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
 Where:
From remote
Short Description:
MU Security Research Team has reported a vulnerability in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). [Read More]

Asterisk SCCP Integer Overflow and SIP Denial of Service Vulnerabilities
Vendor Patch. Secunia Advisory 1 of 5 in 2006. 10,922 views.
Release Date:
2006-10-20		 Secunia Advisory ID:
SA22480		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
System access
 Where:
From remote
Short Description:
Some vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. [Read More]

Asterisk MGCP AUEP Response Handling Buffer Overflow
Vendor Patch. Secunia Advisory 2 of 5 in 2006. 9,984 views.
Release Date:
2006-08-24		 Secunia Advisory ID:
SA21600		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
System access
 Where:
From local network
Short Description:
Mu Security has reported a vulnerability in Asterisk, which potentially can be exploited by malicious people to compromise a vulnerable system. [Read More]

Asterisk IAX2 Call Request Flooding Denial of Service
Vendor Patch. Secunia Advisory 3 of 5 in 2006. 8,796 views.
Release Date:
2006-07-17		 Secunia Advisory ID:
SA21071		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
 Where:
From local network
Short Description:
ISS X-Force has reported a vulnerability in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). [Read More]

Asterisk IAX2 Channel Driver Code Execution Vulnerability
Vendor Patch. Secunia Advisory 4 of 5 in 2006. 8,449 views.
Release Date:
2006-06-07		 Secunia Advisory ID:
SA20497		 Solution Status:
Vendor Patch
Criticality:
 Impact:
System access
 Where:
From local network
Short Description:
Core Security Technologies has reported a vulnerability in Asterisk, which can be exploited by malicious people to compromise a vulnerable system. [Read More]

Asterisk JPEG Image Handling Buffer Overflow Vulnerability
Vendor Patch. Secunia Advisory 5 of 5 in 2006. 8,742 views.
Release Date:
2006-04-24		 Secunia Advisory ID:
SA19800		 Solution Status:
Vendor Patch
Criticality:
 Impact:
DoS
System access
 Where:
From local network
Short Description:
Emmanouel Kellinis has reported a vulnerability in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. [Read More]

Asterisk "folder" Disclosure of Sound Files
Vendor Patch. Secunia Advisory 1 of 2 in 2005. 7,559 views.
Release Date:
2005-11-08		 Secunia Advisory ID:
SA17459		 Solution Status:
Vendor Patch
Criticality:
 Impact:
Exposure of sensitive information
 Where:
From remote
Short Description:
Assurance.com.au has reported a vulnerability in Asterisk, which can be exploited by malicious users to disclose sensitive information. [Read More]

Asterisk Manager Interface Command Processing Vulnerability
Vendor Patch. Secunia Advisory 2 of 2 in 2005. 7,469 views.
Release Date:
2005-06-23		 Secunia Advisory ID:
SA15791		 Solution Status:
Vendor Patch
Criticality:
 Impact:
System access
 Where:
From local network
Short Description:
Wade Alcorn has reported a vulnerability in Asterisk, which can be exploited by malicious users to compromise a vulnerable system. [Read More]

Asterisk CallerID SQL Injection Vulnerability
Vendor Patch. Secunia Advisory 1 of 2 in 2003. 7,563 views.
Release Date:
2003-09-13		 Secunia Advisory ID:
SA9718		 Solution Status:
Vendor Patch
Criticality:
 Impact:
Manipulation of data
Exposure of sensitive information
 Where:
From remote
Short Description:
A vulnerability has been identified in Asterisk, which can be exploited by malicious people to perform arbitrary database operations on a vulnerable system. [Read More]

Asterisk SIP Request Buffer Overflow Vulnerability
Vendor Patch. Secunia Advisory 2 of 2 in 2003. 7,766 views.
Release Date:
2003-09-05		 Secunia Advisory ID:
SA9674		 Solution Status:
Vendor Patch
Criticality:
 Impact:
System access
 Where:
From remote
Short Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to compromise a vulnerable system. [Read More]






Contact | Terms & Conditions and Copyright | Report Vulnerability | Press | Jobs (open positions) | About Secunia
Copyright Secunia 2002-2009