ID CVE-2012-3812
Summary Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.
References
Vulnerable Configurations
  • Digium Asterisk 1.8.0 Release Candidate 5
    cpe:2.3:a:digium:asterisk:1.8.0:rc5
  • Digium Asterisk 1.8.0 Release Candidate 4
    cpe:2.3:a:digium:asterisk:1.8.0:rc4
  • Digium Asterisk 1.8.0 Release Candidate 3
    cpe:2.3:a:digium:asterisk:1.8.0:rc3
  • Digium Asterisk 1.8.0 Release Candidate 2
    cpe:2.3:a:digium:asterisk:1.8.0:rc2
  • Digium Asterisk 1.8.0 Beta 5
    cpe:2.3:a:digium:asterisk:1.8.0:beta5
  • Digium Asterisk 1.8.0 Beta 4
    cpe:2.3:a:digium:asterisk:1.8.0:beta4
  • Digium Asterisk 1.8.0 Beta 3
    cpe:2.3:a:digium:asterisk:1.8.0:beta3
  • Digium Asterisk 1.8.0 Beta 2
    cpe:2.3:a:digium:asterisk:1.8.0:beta2
  • Digium Asterisk 1.8.0 Beta 1
    cpe:2.3:a:digium:asterisk:1.8.0:beta1
  • Digium Asterisk 1.8.0
    cpe:2.3:a:digium:asterisk:1.8.0
  • Digium Asterisk 1.8.1.2
    cpe:2.3:a:digium:asterisk:1.8.1.2
  • Digium Asterisk 1.8.1.1
    cpe:2.3:a:digium:asterisk:1.8.1.1
  • Digium Asterisk 1.8.1 Release Candidate 1
    cpe:2.3:a:digium:asterisk:1.8.1:rc1
  • Digium Asterisk 1.8.1
    cpe:2.3:a:digium:asterisk:1.8.1
  • Digium Asterisk 1.8.2.3
    cpe:2.3:a:digium:asterisk:1.8.2.3
  • Digium Asterisk 1.8.2.2
    cpe:2.3:a:digium:asterisk:1.8.2.2
  • Digium Asterisk 1.8.2.1
    cpe:2.3:a:digium:asterisk:1.8.2.1
  • Digium Asterisk 1.8.2
    cpe:2.3:a:digium:asterisk:1.8.2
  • Digium Asterisk 1.8.2.4
    cpe:2.3:a:digium:asterisk:1.8.2.4
  • Digium Asterisk 1.8.3.3
    cpe:2.3:a:digium:asterisk:1.8.3.3
  • Digium Asterisk 1.8.3
    cpe:2.3:a:digium:asterisk:1.8.3
  • Digium Asterisk 1.8.3 Release Candidate 3
    cpe:2.3:a:digium:asterisk:1.8.3:rc3
  • Digium Asterisk 1.8.3.1
    cpe:2.3:a:digium:asterisk:1.8.3.1
  • Digium Asterisk 1.8.3 Release Candidate 1
    cpe:2.3:a:digium:asterisk:1.8.3:rc1
  • Digium Asterisk 1.8.3 Release Candidate 2
    cpe:2.3:a:digium:asterisk:1.8.3:rc2
  • Digium Asterisk 1.8.3.2
    cpe:2.3:a:digium:asterisk:1.8.3.2
  • Digium Asterisk 1.8.4 Release Candidate 3
    cpe:2.3:a:digium:asterisk:1.8.4:rc3
  • Digium Asterisk 1.8.4 Release Candidate 2
    cpe:2.3:a:digium:asterisk:1.8.4:rc2
  • Digium Asterisk 1.8.4 Release Candidate 1
    cpe:2.3:a:digium:asterisk:1.8.4:rc1
  • Digium Asterisk 1.8.4
    cpe:2.3:a:digium:asterisk:1.8.4
  • Digium Asterisk 1.8.4.1
    cpe:2.3:a:digium:asterisk:1.8.4.1
  • Digium Asterisk 1.8.4.3
    cpe:2.3:a:digium:asterisk:1.8.4.3
  • Digium Asterisk 1.8.4.2
    cpe:2.3:a:digium:asterisk:1.8.4.2
  • Digium Asterisk 1.8.4.4
    cpe:2.3:a:digium:asterisk:1.8.4.4
  • Digium Asterisk 1.8.5
    cpe:2.3:a:digium:asterisk:1.8.5
  • Digium Asterisk 1.8.5.0
    cpe:2.3:a:digium:asterisk:1.8.5.0
  • Digium Asterisk 1.8.5 release candidate 1
    cpe:2.3:a:digium:asterisk:1.8.5:rc1
  • Digium Asterisk 1.8.6.0 release candidate 1
    cpe:2.3:a:digium:asterisk:1.8.6.0:rc1
  • Digium Asterisk 1.8.6.0
    cpe:2.3:a:digium:asterisk:1.8.6.0
  • Digium Asterisk 1.8.6.0 release candidate 3
    cpe:2.3:a:digium:asterisk:1.8.6.0:rc3
  • Digium Asterisk 1.8.6.0 release candidate 2
    cpe:2.3:a:digium:asterisk:1.8.6.0:rc2
  • Digium Asterisk 1.8.7.0 release candidate 1
    cpe:2.3:a:digium:asterisk:1.8.7.0:rc1
  • Digium Asterisk 1.8.7.0
    cpe:2.3:a:digium:asterisk:1.8.7.0
  • Digium Asterisk 1.8.7.0 release candidate 2
    cpe:2.3:a:digium:asterisk:1.8.7.0:rc2
  • Digium Asterisk 1.8.7.1
    cpe:2.3:a:digium:asterisk:1.8.7.1
  • Digium Asterisk 1.8.8.0 release candidate 2
    cpe:2.3:a:digium:asterisk:1.8.8.0:rc2
  • Digium Asterisk 1.8.8.0 release candidate 1
    cpe:2.3:a:digium:asterisk:1.8.8.0:rc1
  • Digium Asterisk 1.8.8.0
    cpe:2.3:a:digium:asterisk:1.8.8.0
  • Digium Asterisk 1.8.8.0 release candidate 3
    cpe:2.3:a:digium:asterisk:1.8.8.0:rc3
  • cpe:2.3:a:digium:asteriske:1.8.8.0:rc4
    cpe:2.3:a:digium:asteriske:1.8.8.0:rc4
  • Digium Asterisk 1.8.8.0 release candidate 5
    cpe:2.3:a:digium:asterisk:1.8.8.0:rc5
  • Digium Asterisk 1.8.8.1
    cpe:2.3:a:digium:asterisk:1.8.8.1
  • Digium Asterisk 1.8.8.2
    cpe:2.3:a:digium:asterisk:1.8.8.2
  • Digium Asterisk 1.8.9.0 Release Candidate 3
    cpe:2.3:a:digium:asterisk:1.8.9.0:rc3
  • cpe:2.3:a:digium:asteriske:1.8.9.1
    cpe:2.3:a:digium:asteriske:1.8.9.1
  • Digium Asterisk 1.8.9.2
    cpe:2.3:a:digium:asterisk:1.8.9.2
  • Digium Asterisk 1.8.9.3
    cpe:2.3:a:digium:asterisk:1.8.9.3
  • Digium Asterisk 1.8.9.0
    cpe:2.3:a:digium:asterisk:1.8.9.0
  • Digium Asterisk 1.8.9.0 Release Candidate 1
    cpe:2.3:a:digium:asterisk:1.8.9.0:rc1
  • Digium Asterisk 1.8.9.0 Release Candidate 2
    cpe:2.3:a:digium:asterisk:1.8.9.0:rc2
  • Asterisk Certified Asterisk 1.8.11-cert
    cpe:2.3:a:digium:certified_asterisk:1.8.11:cert
  • Asterisk Certified Asterisk 1.8.11-cert1
    cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1
  • Digium Asterisk Open Source 1.8.11.0 Release Candidate 2
    cpe:2.3:a:digium:asterisk:1.8.11.0:rc2
  • Digium Asterisk 1.8.11.0
    cpe:2.3:a:digium:asterisk:1.8.11.0
  • Digium Asterisk 1.8.11.1
    cpe:2.3:a:digium:asterisk:1.8.11.1
  • Digium Asterisk Open Source 1.8.11.0 Release Candidate 3
    cpe:2.3:a:digium:asterisk:1.8.11.0:rc3
  • Digium Asterisk 1.8.13.0
    cpe:2.3:a:digium:asterisk:1.8.13.0
  • Digium Asterisk 1.8.13.0 Release Candidate 1
    cpe:2.3:a:digium:asterisk:1.8.13.0:rc1
  • Digium Asterisk 1.8.13.0 Release Candidate 2
    cpe:2.3:a:digium:asterisk:1.8.13.0:rc2
  • Digium Asterisk 10.0.1
    cpe:2.3:a:digium:asterisk:10.0.1
  • Digium Asterisk 10.0.0 release candidate 2
    cpe:2.3:a:digium:asterisk:10.0.0:rc2
  • Digium Asterisk 10.0.0 release candidate 3
    cpe:2.3:a:digium:asterisk:10.0.0:rc3
  • Digium Asterisk 10.0.0 beta2
    cpe:2.3:a:digium:asterisk:10.0.0:beta2
  • Digium Asterisk 10.0.0 release candidate 1
    cpe:2.3:a:digium:asterisk:10.0.0:rc1
  • Digium Asterisk 10.0.0
    cpe:2.3:a:digium:asterisk:10.0.0
  • Digium Asterisk 10.0.0 beta1
    cpe:2.3:a:digium:asterisk:10.0.0:beta1
  • Digium Asterisk 10.1.3
    cpe:2.3:a:digium:asterisk:10.1.3
  • Digium Asterisk 10.1.2
    cpe:2.3:a:digium:asterisk:10.1.2
  • Digium Asterisk 10.1.1
    cpe:2.3:a:digium:asterisk:10.1.1
  • Digium Asterisk 10.1.0 release candidate 2
    cpe:2.3:a:digium:asterisk:10.1.0:rc2
  • Digium Asterisk 10.1.0 release candidate 1
    cpe:2.3:a:digium:asterisk:10.1.0:rc1
  • Digium Asterisk 10.1.0
    cpe:2.3:a:digium:asterisk:10.1.0
  • Digium Asterisk 10.2.1
    cpe:2.3:a:digium:asterisk:10.2.1
  • Digium Asterisk 10.2.0 release candidate 4
    cpe:2.3:a:digium:asterisk:10.2.0:rc4
  • Digium Asterisk 10.2.0 release candidate 3
    cpe:2.3:a:digium:asterisk:10.2.0:rc3
  • Digium Asterisk 10.2.0 release candidate 2
    cpe:2.3:a:digium:asterisk:10.2.0:rc2
  • Digium Asterisk 10.2.0 release candidate 1
    cpe:2.3:a:digium:asterisk:10.2.0:rc1
  • Digium Asterisk 10.2.0
    cpe:2.3:a:digium:asterisk:10.2.0
  • Digium Asterisk 10.3.1
    cpe:2.3:a:digium:asterisk:10.3.1
  • Digium Asterisk 10.3.0 release candidate 3
    cpe:2.3:a:digium:asterisk:10.3.0:rc3
  • Digium Asterisk 10.3.0 release candidate 2
    cpe:2.3:a:digium:asterisk:10.3.0:rc2
  • Digium Asterisk 10.3.0
    cpe:2.3:a:digium:asterisk:10.3.0
  • Digium Asterisk 10.4.0
    cpe:2.3:a:digium:asterisk:10.4.0
  • Digium Asterisk 10.4.2
    cpe:2.3:a:digium:asterisk:10.4.2
  • Digium Asterisk 10.4.0 release candidate 1
    cpe:2.3:a:digium:asterisk:10.4.0:rc1
  • Digium Asterisk 10.4.0 release candidate 2
    cpe:2.3:a:digium:asterisk:10.4.0:rc2
  • Digium Asterisk 10.4.0 release candidate 3
    cpe:2.3:a:digium:asterisk:10.4.0:rc3
  • Digium Asterisk 10.4.1
    cpe:2.3:a:digium:asterisk:10.4.1
  • Digium Asterisk 10.5.0 release candidate 2
    cpe:2.3:a:digium:asterisk:10.5.0:rc2
  • Digium Asterisk 10.5.0 release candidate 1
    cpe:2.3:a:digium:asterisk:10.5.0:rc1
  • Digium Asterisk 10.5.1
    cpe:2.3:a:digium:asterisk:10.5.1
  • Digium Asterisk 10.5.0
    cpe:2.3:a:digium:asterisk:10.5.0
  • Asterisk Certified Asterisk 1.8.11-cert
    cpe:2.3:a:digium:certified_asterisk:1.8.11:cert
  • Asterisk Certified Asterisk 1.8.11-cert1
    cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1
  • Asterisk Certified Asterisk 1.8.11-cert2
    cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2
  • Asterisk Certified Asterisk 1.8.11-cert3
    cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3
  • Digium Asterisk 10.5.1-digiumphones
    cpe:2.3:a:digium:asterisk:10.5.1:-:digiumphones
  • Digium Asterisk 10.5.0-digiumphones
    cpe:2.3:a:digium:asterisk:10.5.0:-:digiumphones
  • Digium Asterisk 10.5.0-digiumphones-rc2
    cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones
  • Digium Asterisk 10.5.0-digiumphones-rc1
    cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones
  • Digium Asterisk 10.4.0-digiumphones
    cpe:2.3:a:digium:asterisk:10.4.0:-:digiumphones
  • Digium Asterisk 10.3.0-digiumphones
    cpe:2.3:a:digium:asterisk:10.3.0:-:digiumphones
  • Digium Asterisk 10.2.0-digiumphones
    cpe:2.3:a:digium:asterisk:10.2.0:-:digiumphones
  • Digium Asterisk 10.1.0-digiumphones
    cpe:2.3:a:digium:asterisk:10.1.0:-:digiumphones
  • Digium Asterisk 10.0.0-digiumphones
    cpe:2.3:a:digium:asterisk:10.0.0:-:digiumphones
  • Digium Asterisk 10.4.0-digiumphones-rc2
    cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones
  • Digium Asterisk 10.4.0-digiumphones-rc1
    cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones
  • Digium Asterisk 10.3.0-digiumphones-rc3
    cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones
  • Digium Asterisk 10.3.0-digiumphones-rc2
    cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones
  • Digium Asterisk 10.2.0-digiumphones-rc4
    cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones
  • Digium Asterisk 10.2.0-digiumphones-rc3
    cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones
  • Digium Asterisk 10.2.0-digiumphones-rc2
    cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones
  • Digium Asterisk 10.2.0-digiumphones-rc1
    cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones
  • Digium Asterisk 10.1.0-digiumphones-rc2
    cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones
  • Digium Asterisk 10.1.0-digiumphones-rc1
    cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones
  • Digium Asterisk 10.0.0-digiumphones-rc3
    cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones
  • Digium Asterisk 10.0.0-digiumphones-rc2
    cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones
  • Digium Asterisk 10.0.0-digiumphones-rc1
    cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones
  • Digium Asterisk 10.0.0-digiumphones-beta2
    cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones
  • Digium Asterisk 10.0.0-digiumphones-beta1
    cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones
CVSS
Base: 4.0 (as of 10-07-2012 - 12:41)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-10324.NASL
    description The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are released as versions 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones resolve the following two issues : - If Asterisk sends a re-invite and an endpoint responds to the re-invite with a provisional response but never sends a final response, then the SIP dialog structure is never freed and the RTP ports for the call are never released. If an attacker has the ability to place a call, they could create a denial of service by using all available RTP ports. - If a single voicemail account is manipulated by two parties simultaneously, a condition can occur where memory is freed twice causing a crash. These issues and their resolution are described in the security advisories. For more information about the details of these vulnerabilities, please read security advisories AST-2012-010 and AST-2012-011, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs : http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-1.8.11-cert4 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8.13.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-10.5.2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-10.5.2-digiumphones The security advisories are available at : - http://downloads.asterisk.org/pub/security/AST-2012-010. pdf - http://downloads.asterisk.org/pub/security/AST-2012-01 1.pdf Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 60069
    published 2012-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60069
    title Fedora 17 : asterisk-10.5.2-1.fc17 (2012-10324)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201209-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-201209-15 (Asterisk: Multiple vulnerabilities) Multiple vulnerabilities have been found in Asterisk: An error in manager.c allows shell access (CVE-2012-2186). An error in Asterisk could cause all RTP ports to be exhausted (CVE-2012-3812). A double-free error could occur when two parties attempt to manipulate the same voicemail account simultaneously (CVE-2012-3863). Asterisk does not properly implement certain ACL rules (CVE-2012-4737). Impact : A remote, authenticated attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or bypass outbound call restrictions. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 62344
    published 2012-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62344
    title GLSA-201209-15 : Asterisk: Multiple vulnerabilities
  • NASL family Misc.
    NASL id ASTERISK_AST_2012_011.NASL
    description According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote, authenticated attacker to crash the server. If two remote users interact with a single voicemail account in unspecified ways, memory can be corrupted by a double-free vulnerability and this can further lead to application crashes.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 60065
    published 2012-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60065
    title Asterisk Multiple Caller Simultaneous Voicemail Account Manipulation Double-free Remote DoS (AST-2012-011)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2550.NASL
    description Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, allowing privilege escalation in the Asterisk Manager, denial of service or privilege escalation. More detailed information can be found in the Asterisk advisories: AST-2012-010, AST-2012-011, AST-2012-012, and AST-2012-013.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 62188
    published 2012-09-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62188
    title Debian DSA-2550-2 : asterisk - several vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_4C1AC2DDC78811E1BE2514DAE9EBCF89.NASL
    description Asterisk project reports : Possible resource leak on uncompleted re-invite transactions. Remote crash vulnerability in voice mail application.
    last seen 2018-12-20
    modified 2018-12-19
    plugin id 59859
    published 2012-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59859
    title FreeBSD : asterisk -- multiple vulnerabilities (4c1ac2dd-c788-11e1-be25-14dae9ebcf89)
refmap via4
bid 54317
confirm
debian DSA-2550
secunia
  • 50687
  • 50756
Last major update 18-04-2013 - 23:24
Published 09-07-2012 - 18:55
Back to Top