Vigil@nce - Asterisk: multiple vulnerabilities
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Asterisk.
Impacted products: Asterisk Open Source
Severity: 2/4
Creation date: 29/01/2015
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Asterisk.
An attacker can create a file descriptor leak in PJSIP, in order
to trigger a denial of service. [severity:2/4; AST-2015-001,
CVE-2015-1558]
An attacker can use line feeds to inject HTTP headers in
func_curl.so and res_config_curl.so (VIGILANCE-VUL-15930).
[severity:2/4; AST-2015-002, CVE-2014-8150]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Asterisk-multiple-vulnerabilities-16075