Lucene search
Gentoo FoundationGLSA-201206-05HistoryJun 21, 2012 - 12:00 a.m.
Asterisk: Multiple vulnerabilities
2012-06-2100:00:00
Gentoo Foundation
security.gentoo.org
19
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.961
Percentile
99.5%
Background
Asterisk is an open source telephony engine and toolkit.
Description
Multiple vulnerabilities have been found in Asterisk:
- An error in manager.c allows shell access through the MixMonitor application, GetVar, or Status (CVE-2012-2414).
- An error in chan_skinny.c could cause a heap-based buffer overflow (CVE-2012-2415).
- An error in chan_sip.c prevents Asterisk from checking if a channel exists before connected line updates (CVE-2012-2416).
- An error in chan_iax2.c may cause an invalid pointer to be called (CVE-2012-2947).
- chan_skinny.c contains a NULL pointer dereference (CVE-2012-2948).
Impact
A remote attacker could execute arbitrary code with the privileges of the process or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Asterisk users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.12.1"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-misc/asterisk | < 1.8.12.1 | UNKNOWN |
Related
openvas
openvas
Gentoo Security Advisory GLSA 201206-05 (Asterisk)
2012-08-10 00:00:00
Gentoo Security Advisory GLSA 201206-05 (Asterisk)
2012-08-10 00:00:00
FreeBSD Ports: asterisk16
2012-04-30 00:00:00
nessus
nessus
GLSA-201206-05 : Asterisk: Multiple vulnerabilities
2012-06-21 00:00:00
Fedora 15 : asterisk-1.8.11.1-1.fc15 (2012-6724)
2012-05-07 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: asterisk-1.8.11.1-1.fc15
2012-05-04 20:29:45
[SECURITY] Fedora 17 Update: asterisk-10.3.1-1.fc17
2012-05-04 22:52:14
[SECURITY] Fedora 16 Update: asterisk-1.8.11.1-1.fc16
2012-05-03 22:53:54
freebsd
freebsd
asterisk -- multiple vulnerabilities
2012-04-23 00:00:00
asterisk -- multiple vulnerabilities
2012-05-29 00:00:00
securityvulns
securityvulns
Asterisk security vulnerabilities
2012-05-31 00:00:00
AST-2012-007: Remote crash vulnerability in IAX2 channel driver.
2012-05-31 00:00:00
AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability
2012-05-31 00:00:00
debian
debian
[SECURITY] [DSA 2493-1] asterisk security update
2012-06-12 19:38:06
[SECURITY] [DSA 2460-1] asterisk security update
2012-04-25 16:06:40
osv
osv
asterisk - denial of service
2012-06-12 00:00:00
asterisk - several
2012-04-25 00:00:00
cve
cve
nvd
nvd
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2012-06-02 15:55:00
Heap overflow
2012-04-30 20:55:00
Null pointer dereference
2012-06-02 15:55:00
debiancve
debiancve
cvelist
cvelist
checkpoint_advisories
checkpoint_advisories
Digium Asterisk Skinny Channel NULL-Pointer Dereference (CVE-2012-2948)
2012-08-27 00:00:00
Digium Asterisk Skinny Channel Driver Heap Buffer Overflow (CVE-2012-2415)
2012-08-27 00:00:00
Digium Asterisk Manager User Shell Command Execution - Ver2 (CVE-2012-2414)
2014-12-28 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.961
Percentile
99.5%
Related for GLSA-201206-05