FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  366223
Date:      2014-08-26
Time:      16:36:41Z
Committer: rene

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
fd2bf3b5-1001-11e3-ba94-0025905a4771asterisk -- multiple vulnerabilities

The Asterisk project reports:

Remote Crash From Late Arriving SIP ACK With SDP

Remote Crash when Invalid SDP is sent in SIP Request


Discovery 2013-08-27
Entry 2013-08-28
Modified 2013-08-29
asterisk11
gt 11.* lt 11.5.1

asterisk10
gt 10.* lt 10.12.3

asterisk18
gt 1.8.* lt 1.8.21.1

CVE-2013-5641
CVE-2013-5642
http://downloads.asterisk.org/pub/security/AST-2013-004.html
http://downloads.asterisk.org/pub/security/AST-2013-005.html
https://www.asterisk.org/security
03159886-a8a3-11e3-8f36-0025905a4771asterisk -- multiple vulnerabilities

The Asterisk project reports:

Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request.

Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers. An attacker can use all available file descriptors using SIP INVITE requests. Asterisk will respond with code 400, 420, or 422 for INVITEs meeting this criteria. Each INVITE meeting these conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly.

Remote Crash Vulnerability in PJSIP channel driver. A remotely exploitable crash vulnerability exists in the PJSIP channel driver if the "qualify_frequency" configuration option is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request. The response handling code wrongly assumes that a PJSIP endpoint will always be associated with an outgoing request which is incorrect.


Discovery 2014-03-10
Entry 2014-03-10
asterisk11
lt 11.8.1

asterisk18
lt 1.8.26.1

CVE-2014-2286
CVE-2014-2287
CVE-2014-2288
http://downloads.asterisk.org/pub/security/AST-2014-001.pdf
http://downloads.asterisk.org/pub/security/AST-2014-002.pdf
http://downloads.asterisk.org/pub/security/AST-2014-003.pdf
https://www.asterisk.org/security
0c39bafc-6771-11e3-868f-0025905a4771asterisk -- multiple vulnerabilities

The Asterisk project reports:

A 16 bit SMS message that contains an odd message length value will cause the message decoding loop to run forever. The message buffer is not on the stack but will be overflowed resulting in corrupted memory and an immediate crash.

External control protocols, such as the Asterisk Manager Interface, often have the ability to get and set channel variables; this allows the execution of dialplan functions. Dialplan functions within Asterisk are incredibly powerful, which is wonderful for building applications using Asterisk. But during the read or write execution, certain diaplan functions do much more. For example, reading the SHELL() function can execute arbitrary commands on the system Asterisk is running on. Writing to the FILE() function can change any file that Asterisk has write access to. When these functions are executed from an external protocol, that execution could result in a privilege escalation.


Discovery 2013-12-16
Entry 2013-12-17
asterisk10
lt 10.12.4

asterisk11
lt 11.6.1

asterisk18
lt 1.8.24.1

CVE-2013-7100
http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
http://downloads.asterisk.org/pub/security/AST-2013-007.pdf
https://www.asterisk.org/security
daf0a339-9850-11e2-879e-d43d7e0c7c02asterisk -- multiple vulnerabilities

Asterisk project reports:

Buffer Overflow Exploit Through SIP SDP Header

Username disclosure in SIP channel driver

Denial of Service in HTTP server


Discovery 2013-03-27
Entry 2013-03-29
asterisk11
gt 11.* lt 11.2.2

asterisk10
gt 10.* lt 10.12.2

asterisk18
gt 1.8.* lt 1.8.20.2

CVE-2013-2685
CVE-2013-2686
CVE-2013-2264
http://downloads.asterisk.org/pub/security/AST-2013-001.html
http://downloads.asterisk.org/pub/security/AST-2013-002.html
http://downloads.asterisk.org/pub/security/AST-2013-003.html
https://www.asterisk.org/security