FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|dd698b76-42f7-11e1-a1b6-14dae9ebcf89||asterisk -- SRTP Video Remote Crash Vulnerability|
Asterisk project reports:
An attacker attempting to negotiate a secure video stream can
crash Asterisk if video support has not been enabled and the
res_srtp Asterisk module is loaded.
|0c39bafc-6771-11e3-868f-0025905a4771||asterisk -- multiple vulnerabilities|
The Asterisk project reports:
A 16 bit SMS message that contains an odd message length value will
cause the message decoding loop to run forever. The message buffer is
not on the stack but will be overflowed resulting in corrupted memory
and an immediate crash.
External control protocols, such as the Asterisk Manager Interface,
often have the ability to get and set channel variables; this allows
the execution of dialplan functions. Dialplan functions within
Asterisk are incredibly powerful, which is wonderful for building
applications using Asterisk. But during the read or write execution,
certain diaplan functions do much more. For example, reading the SHELL()
function can execute arbitrary commands on the system Asterisk is
running on. Writing to the FILE() function can change any file that
Asterisk has write access to. When these functions are executed from an
external protocol, that execution could result in a privilege escalation.