Network Security

AERAsec
Network Security
Current Security Messages


Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!


This is some information you send:

Your Browser

CCBot/2.0 (http://commoncrawl.org/faq/)

Your IP address

ec2-54-204-249-184.compute-1.amazonaws.com [54.204.249.184]

Your referer

(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen message with ID ae-201205-073

System: Linux, Unix, OSX
Topic: Vulnerability in Certified Asterisk
Links: AST-2012-007, AST-2012-008, CVE-2012-2948, CVE-2012-2947, ESB-2012.0503
ID: ae-201205-073

A remotely exploitable crash vulnerability exists in the IAX2 channel driver of Asterisk. To exploit this vulneability the followin paramters must be matched: 1. The setting mohinterpret=passthrough must be set on the end placing the call on hold. 2. A call must be established. 3. The call is placed on hold without a suggested music-on-hold class name. When these conditions are true, Asterisk will attempt to use an invalid pointer to a music-on-hold class name. Use of the invalid pointer will either cause a crash or the music-on-hold class name will be garbage. Updated packages are now available.



(c) 2000-2014 AERAsec Network Services and Security GmbH