Vigil@nce - Asterisk: multiple vulnerabilities
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Asterisk.
Impacted products: Asterisk Open Source
Severity: 2/4
Creation date: 13/06/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Asterisk.
An attacker can unsubscribe via the PJSIP Channel, in order to
trigger a denial of service. [severity:2/4; AST-2014-005,
CVE-2014-4045]
An attacker can execute shell commands via the Asterisk Manager,
in order to escalate his privileges. [severity:2/4; AST-2014-006,
CVE-2014-4046]
An attacker can use several HTTP sessions, in order to trigger a
denial of service. [severity:2/4; AST-2014-007, CVE-2014-4047]
An authenticated attacker can wait for a timeout in PJSIP, in
order to trigger a denial of service. [severity:2/4; AST-2014-008,
CVE-2014-4048]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Asterisk-multiple-vulnerabilities-14901