what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 43 RSS Feed

Files from Sandro Gauci

Email addresssandro at sipvicious.org
First Active2007-08-01
Last Active2024-10-22
DTLS ClientHello Race Conditions In WebRTC Implementations
Posted Oct 22, 2024
Authored by Sandro Gauci, Alfred Farrugia | Site enablesecurity.com

This white paper, titled "DTLS 'ClientHello' Race Conditions in WebRTC Implementations," details a security vulnerability affecting multiple WebRTC implementations. The research uncovers a security flaw where certain implementations fail to properly verify the origin of DTLS "ClientHello" messages in WebRTC sessions, potentially leading to denial of service attacks. The paper includes methodology, affected systems, and recommendations for mitigation.

tags | paper, denial of service
SHA-256 | eb9b90060957ab9a31665bc8c84c603533eeccd79e0c24bfa578d26e43901509
FreeSWITCH 1.10.10 Denial Of Service
Posted Dec 26, 2023
Authored by Sandro Gauci | Site enablesecurity.com

When handling DTLS-SRTP for media setup, FreeSWITCH version 1.10.10 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack.

tags | exploit, denial of service, protocol
advisories | CVE-2023-51443
SHA-256 | 42111d854609afb4221ff75af6db4e27c366baa1bf5886242bf637a8ab822f76
RTPEngine mr11.5.1.6 Denial Of Service
Posted Dec 15, 2023
Authored by Sandro Gauci | Site enablesecurity.com

RTPEngine version mr11.5.1.6 suffers from a denial of service vulnerability via DTLS Hello packets during call initiation.

tags | exploit, denial of service
SHA-256 | 7938f478eab1d8bc840896b24b1e1e899b45b53e89a3e7429e87eaebcefdc333
Asterisk 20.1.0 Denial Of Service
Posted Dec 15, 2023
Authored by Sandro Gauci | Site enablesecurity.com

When handling DTLS-SRTP for media setup, Asterisk version 20.1.0 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack.

tags | exploit, denial of service, protocol
advisories | CVE-2023-49786
SHA-256 | 64a70704bf3c592f3c715409a2cca70dea12a637204ffa690f04e1d61f8e5387
FreeSWITCH 1.10.6 SRTP Packet Denial Of Service
Posted Oct 25, 2021
Authored by Sandro Gauci | Site enablesecurity.com

FreeSWITCH versions 1.10.6 and below suffer from a denial of service vulnerability when handling invalid SRTP packets.

tags | exploit, denial of service
advisories | CVE-2021-41105
SHA-256 | aaad28bb04ce46ebd565a967723a0e8afcd6f7dba90aee94656275d90698725d
FreeSWITCH 1.10.5 SIP SUBSCRIBE Missing Authentication
Posted Oct 25, 2021
Authored by Sandro Gauci | Site enablesecurity.com

FreeSWITCH versions 1.10.5 and below fail to authenticate SIP SUBSCRIBE requests by default.

tags | exploit
advisories | CVE-2021-41157
SHA-256 | ded0b19e81a7730e97640eb6c3d7fda36f567e10ebdd5b999d5b1929484ee8a4
FreeSWITCH 1.10.6 Missing SIP MESSAGE Authentication
Posted Oct 25, 2021
Authored by Sandro Gauci | Site enablesecurity.com

FreeSWITCH versions 1.10.6 and below fails to authenticate SIP MESSAGE requests, leading to spam and message spoofing vulnerabilities.

tags | exploit, spoof, vulnerability
advisories | CVE-2021-37624
SHA-256 | 68dea0d9742f3791b1526264955cdcec061eabf320255b7421f45362fb114013
FreeSWITCH 1.10.6 SIP Flooding Denial Of Service
Posted Oct 25, 2021
Authored by Sandro Gauci | Site enablesecurity.com

FreeSWITCH versions 1.10.6 and below suffer from a SIP flooding denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2021-41145
SHA-256 | 7c18e335775c034ea43225652189228c8adc2e373dc48c484ae01d61e8dc74a9
FreeSWITCH 1.10.6 SIP Digest Leak
Posted Oct 25, 2021
Authored by Sandro Gauci | Site enablesecurity.com

FreeSWITCH versions 1.10.6 and below suffer from a SIP digest leak vulnerability. An attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway.

tags | exploit
advisories | CVE-2021-41158
SHA-256 | f3e80023a973da7d0680ad72ce2905cfe9105bbb49758f1e37e5b0f8f8570020
VoIPmonitor 27.6 Buffer Overflow
Posted Mar 15, 2021
Authored by Sandro Gauci | Site enablesecurity.com

A buffer overflow was identified in the VoIPmonitor live sniffer feature. The description variable in the function save_packet_sql is defined as a fixed length array of 1024 characters. The description is set to the value of a SIP request or response line. By setting a long request or response line VoIPmonitor will trigger a buffer overflow.

tags | exploit, overflow
SHA-256 | 145c87a11821afdce38f061bdde93705011a5071747335b1d316604f3d48c582
VoIPmonitor 27.5 Missing Memory Protections
Posted Mar 15, 2021
Authored by Sandro Gauci | Site enablesecurity.com

Static binaries provided for VoIPmonitor version2 7.5 are built without any memory corruption protection in place.

tags | exploit
SHA-256 | 53af2b715bcd85faf66b4d8deafd9d7676f2c8e34de79dd80c738b81bc0fb6da
VoIPmonitor WEB GUI 24.55 Cross Site Scripting
Posted Mar 15, 2021
Authored by Sandro Gauci | Site enablesecurity.com

VoIPmonitor WEB GUI versions 24.53, 24.54, and 24.55 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | 3a7579f2a72cb2ec95aaa068756e5ed9c00e5774a0e0b1f2a2a7abaee0f242bb
Coturn 4.5.1.x Access Control Bypass
Posted Jan 11, 2021
Authored by Sandro Gauci | Site enablesecurity.com

Coturn version 4.5.1.x suffers from a loopback access control bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2020-26262
SHA-256 | 229c4e41914e88114f7a7cb31815c02ae2d943c82d215356fe5d583cf79c579d
Asterisk 17.6.0 / 17.5.1 Denial Of Service
Posted Nov 6, 2020
Authored by Sandro Gauci | Site enablesecurity.com

Asterisk versions 17.5.1 and 17.6.0 were found vulnerability to a denial of service condition where Asterisk segfaults when receiving an INVITE flood over TCP.

tags | exploit, denial of service, tcp
SHA-256 | 16f54da5d3c7145bd5aa998e183688a666211433fed046580666ec3e14e0913e
Asterisk Project Security Advisory - AST-2020-001
Posted Nov 6, 2020
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending upon some off nominal circumstances, and timing it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects were de-referenced, or accessed next by the initial creation thread.

tags | advisory
SHA-256 | 0ffdabc3873921af089a27d73efac1246b61b827d0d4706a0053ec41b4494fd6
Kamailio 5.4.0 Header Smuggling
Posted Sep 1, 2020
Authored by Sandro Gauci | Site rtcsec.com

Kamailio version 5.4.0 is vulnerable to header smuggling via a bypass of remove_hf.

tags | exploit, bypass
SHA-256 | 90b01227ec53c669668b75248613fb8d1d22b84fea63434c5f55b4a27dee1fe7
Kamailio 5.1.1 / 5.1.0 / 5.0.0 Heap Overflow
Posted Mar 20, 2018
Authored by Sandro Gauci, Alfred Farrugia

Kamailio versions 5.1.1, 5.1.0, and 5.0.0 suffer from an off-by-one heap overflow vulnerability.

tags | exploit, overflow
SHA-256 | b66a979516888fcd02663798f792032a195e6a13fb1ac62c080ec038c284f8d0
Asterisk 15.2.0 chan_pjsip INVITE Denial Of Service
Posted Feb 26, 2018
Authored by Sandro Gauci, Alfred Farrugia

Asterisk running chan_pjsip suffers from an INVITE message denial of service vulnerability. Versions affected include Versions affected include 15.2.0, 15.1.0, 15.0.0, 13.19.0, 13.11.2, and 14.7.5.

tags | exploit, denial of service
advisories | CVE-2018-7286
SHA-256 | f1253625e46f227de8752682b32d8862adf05b987de5b3ce80dd452d37d33ce3
Asterisk 15.2.0 chan_pjsip SDP Media Format Denial Of Service
Posted Feb 26, 2018
Authored by Sandro Gauci, Alfred Farrugia

Asterisk running chan_pjsip suffers from an SDP message related denial of service vulnerability. Versions affected include 13.10.0, 15.1.3, 15.1.4, 15.1.5, and 15.2.0.

tags | exploit, denial of service
SHA-256 | dcd272d0bdc191e8821a8ff0875bcb1f860b59d55a4d240aea12f18340ff7f74
Asterisk 15.2.0 chan_pjsip SDP fmtp Denial Of Service
Posted Feb 26, 2018
Authored by Sandro Gauci, Alfred Farrugia

Asterisk version 15.2.0 running chan_pjsip suffers from an SDP message related denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | bb991ba13071f908ba4e3a364bc5fd50ffb86a758000294812e5c584d0d94d00
Asterisk 15.2.0 chan_pjsip SUBSCRIBE Stack Corruption
Posted Feb 26, 2018
Authored by Sandro Gauci, Alfred Farrugia

Asterisk running chan_pjsip suffers from a SUBSCRIBE message stack corruption vulnerability. Vulnerable versions include 15.2.0, 13.19.0, 14.7.5, and 13.11.2.

tags | exploit
advisories | CVE-2018-7284
SHA-256 | 7ce6eb5d2b74840cec684d30e389db8a84881dd35088091f86c3e601f3984460
Asterisk Project Security Advisory - AST-2018-005
Posted Feb 23, 2018
Authored by Sandro Gauci | Site asterisk.org

Asterisk Project Security Advisory - A crash occurs when a number of authenticated INVITE messages are sent over TCP or TLS and then the connection is suddenly closed. This issue leads to a segmentation fault.

tags | advisory, tcp
advisories | CVE-2018-7286
SHA-256 | a4a7459638ce3f3a2f66643377d5f17ef2db0d79f31570e23b023b87b15030c9
Asterisk Project Security Advisory - AST-2018-004
Posted Feb 23, 2018
Authored by Joshua Colp, Sandro Gauci | Site asterisk.org

Asterisk Project Security Advisory - When processing a SUBSCRIBE request the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Accept headers were present the code would write outside of its memory and cause a crash.

tags | advisory
advisories | CVE-2018-7284
SHA-256 | 2ca83ced6bedaa74703ffe260735d9b6a5f8e6d560c01ef31601708735e0b831
Asterisk Project Security Advisory - AST-2018-003
Posted Feb 23, 2018
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to check if fmtp value is empty (set empty if previously parsed as invalid). The severity of this vulnerability is lessened since an endpoint must be authenticated prior to reaching the crash point, or it's configured with no authentication.

tags | advisory
SHA-256 | 9b8ed54f40c2eeeb8b0438fcc1f181112a56783842de914688edfeee94da5652
Asterisk Project Security Advisory - AST-2018-002
Posted Feb 21, 2018
Authored by Sandro Gauci, Kevin Harwell | Site asterisk.org

Asterisk Project Security Advisory - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. The severity of this vulnerability is lessened since an endpoint must be authenticated prior to reaching the crash point, or it's configured with no authentication.

tags | advisory
SHA-256 | 891c0434dd5c6146ed9c01205891569b4cbbd6cb0ddddb9c96165c020a8fe6ab
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close