var-201206-0140
Vulnerability from variot
chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode. Asterisk is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to trigger a NULL-pointer dereference and cause a system crash, denying service to legitimate users. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-05
http://security.gentoo.org/
Severity: Normal Title: Asterisk: Multiple vulnerabilities Date: June 21, 2012 Bugs: #413353, #418189, #418191 ID: 201206-05
Synopsis
Multiple vulnerabilities in Asterisk might allow remote attackers to execute arbitrary code.
Background
Asterisk is an open source telephony engine and toolkit.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/asterisk < 1.8.12.1 >= 1.8.12.1
Description
Multiple vulnerabilities have been found in Asterisk:
- An error in manager.c allows shell access through the MixMonitor application, GetVar, or Status (CVE-2012-2414).
- An error in chan_skinny.c could cause a heap-based buffer overflow (CVE-2012-2415).
- An error in chan_sip.c prevents Asterisk from checking if a channel exists before connected line updates (CVE-2012-2416).
- An error in chan_iax2.c may cause an invalid pointer to be called (CVE-2012-2947).
- chan_skinny.c contains a NULL pointer dereference (CVE-2012-2948).
Impact
A remote attacker could execute arbitrary code with the privileges of the process or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Asterisk users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.12.1"
References
[ 1 ] CVE-2012-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2414 [ 2 ] CVE-2012-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2415 [ 3 ] CVE-2012-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2416 [ 4 ] CVE-2012-2947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2947 [ 5 ] CVE-2012-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2948
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-05.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. When an SCCP client
closes its connection to the server, a pointer in a
structure is set to Null. If the client was not in the
on-hook state at the time the connection was closed, this
pointer is later dereferenced. "Off hook") to crash
the server. Successful exploitation of this vulnerability
would result in termination of the server, causing denial
of service to legitimate users."
Resolution The pointer to the device in the structure is now checked
before it is dereferenced in the channel event callbacks and
message handling functions.
Affected Versions
Product Release Series
Asterisk Open Source 1.8.x All Versions
Asterisk Open Source 10.x All Versions
Certified Asterisk 1.8.11-cert 1.8.11-cert1
Corrected In
Product Release
Asterisk Open Source 1.8.12.1, 10.4.1
Certified Asterisk 1.8.11-cert2
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2012-008-1.8.diff v1.8
http://downloads.asterisk.org/pub/security/AST-2012-008-10.diff v10
http://downloads.asterisk.org/pub/security/AST-2012-008-1.8.11-cert.diff v1.8.11-cert
Links https://issues.asterisk.org/jira/browse/ASTERISK-19905
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2012-008.pdf and
http://downloads.digium.com/pub/security/AST-2012-008.html
Revision History
Date Editor Revisions Made
05/25/2012 Matt Jordan Initial Release
Asterisk Project Security Advisory - AST-2012-008
Copyright (c) 2012 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.
Full-Disclosure - We believe in it.
In addition, it was discovered that Asterisk does not set the alwaysauthreject option by default in the SIP channel driver. This allows remote attackers to observe a difference in response behavior and check for the presence of account names. (CVE-2011-2666) System administrators concerned by this user enumerating vulnerability should enable the alwaysauthreject option in the configuration. We do not plan to change the default setting in the stable version (Asterisk 1.6) in order to preserve backwards compatibility.
For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 1:1.8.13.0~dfsg-1.
We recommend that you upgrade your asterisk packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJP15u9AAoJEL97/wQC1SS+Pu0H/0ZPFRSNpL+hJKd7b5FGF6al BZSp51eAC0d2mEFWMml4DAvx6u1gMPzrO9PPNgsEc6gxNyD4Stj+rF54h6X5i5NR ZSlyeQTQ292J18+LdANYWwxQJyzNNthNmYL/2AiR6z2BRnD3ZqHiPbWGv0FV4Vyw rT8fZ7ujp7CQlFGwcqjPxUzBqEq5U2raN2K9BoP6zpu8mHf9WzcmL4KZR/wJxMkf 04McrMttF++gM3atFSSXCWC5Bpj8q0xpr3YIv0dI8+fWPFpevNX2MBM+diS06iNc PUWfCPTy2Psl46dC3J+JeF8TPWE/HCmV98DD54DEv0R1tPUmNm362dtfiutiBbQ= =Wy1e -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Asterisk Two Denial of Service Vulnerabilities
SECUNIA ADVISORY ID: SA49303
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49303/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49303
RELEASE DATE: 2012-05-30
DISCUSS ADVISORY: http://secunia.com/advisories/49303/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49303/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49303
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).
1) An error in IAX2 channel driver within the "handle_request_update()" function (channels/chan_sip.c) when placing an established call on hold can be exploited to cause a crash via specially crafted packets.
Successful exploitation of this vulnerability requires that the setting mohinterpret=passthrough is set and that the call is placed on hold without a suggested music-on-hold class name.
2) An error in SCCP (Skinny) channel driver (channels/chan_skinny.c) when handling termination of a client's connection can be exploited to cause a crash by closing a connection to the server in certain call states.
The vulnerabilities are reported in versions 1.8.11-cert prior to 1.8.11-cert2, 1.8.x prior to 1.8.12.1, and 10.x prior to 10.4.1.
SOLUTION: Update to a fixed version.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) mgrobecker 2) Christoph Hebeisen
ORIGINAL ADVISORY: http://downloads.asterisk.org/pub/security/AST-2012-007.html http://downloads.asterisk.org/pub/security/AST-2012-008.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0140",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "open source",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "10.0.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "10.1.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.6,
"vendor": "asterisk",
"version": "10.2.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.8.2"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 1.0,
"vendor": "sangoma",
"version": "10.4.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.8.8.0"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.8.11"
},
{
"model": "asterisk",
"scope": "lte",
"trust": 1.0,
"vendor": "sangoma",
"version": "1.8.12.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.8.6.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.8.11.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.8.7.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.8.9.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "10.3.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "10.4.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.8.5"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.8.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.8.10.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.8.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.8.1"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "10.3"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.8.12"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.8.12.0"
},
{
"model": "open source",
"scope": "eq",
"trust": 1.0,
"vendor": "asterisk",
"version": "1.8.5.0"
},
{
"model": "asterisk open source",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "1.8.x"
},
{
"model": "certified asterisk",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "1.8.11-cert"
},
{
"model": "certified asterisk",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "1.8.11-cert2"
},
{
"model": "asterisk open source",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "1.8.12.1"
},
{
"model": "asterisk open source",
"scope": "eq",
"trust": 0.8,
"vendor": "digium",
"version": "10.4.1"
},
{
"model": "asterisk open source",
"scope": "lt",
"trust": 0.8,
"vendor": "digium",
"version": "10.x"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "certified asterisk 1.8.11-cert1",
"scope": null,
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "10.0.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "10.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.82"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.42"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.41"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.24"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "10.3.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "10.3.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "10.2.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "10.2.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.7.2"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.7.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.4.4"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.4.3"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.3.3"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.3.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.2.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.11.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.11.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.10.1"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.10.0"
},
{
"model": "asterisk",
"scope": "eq",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.1.2"
},
{
"model": "certified asterisk 1.8.11-cert2",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": null
},
{
"model": "asterisk",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "10.4.1"
},
{
"model": "asterisk",
"scope": "ne",
"trust": 0.3,
"vendor": "asterisk",
"version": "1.8.12.1"
}
],
"sources": [
{
"db": "BID",
"id": "53723"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002590"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-525"
},
{
"db": "NVD",
"id": "CVE-2012-2948"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:digium:open_source",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:digium:certified_asterisk",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002590"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Christoph Hebeisen",
"sources": [
{
"db": "BID",
"id": "53723"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-525"
}
],
"trust": 0.9
},
"cve": "CVE-2012-2948",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2012-2948",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-2948",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-2948",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-525",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002590"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-525"
},
{
"db": "NVD",
"id": "CVE-2012-2948"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode. Asterisk is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to trigger a NULL-pointer dereference and cause a system crash, denying service to legitimate users. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201206-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Asterisk: Multiple vulnerabilities\n Date: June 21, 2012\n Bugs: #413353, #418189, #418191\n ID: 201206-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in Asterisk might allow remote attackers to\nexecute arbitrary code. \n\nBackground\n==========\n\nAsterisk is an open source telephony engine and toolkit. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/asterisk \u003c 1.8.12.1 \u003e= 1.8.12.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in Asterisk:\n\n* An error in manager.c allows shell access through the MixMonitor\n application, GetVar, or Status (CVE-2012-2414). \n* An error in chan_skinny.c could cause a heap-based buffer overflow\n (CVE-2012-2415). \n* An error in chan_sip.c prevents Asterisk from checking if a channel\n exists before connected line updates (CVE-2012-2416). \n* An error in chan_iax2.c may cause an invalid pointer to be called\n (CVE-2012-2947). \n* chan_skinny.c contains a NULL pointer dereference (CVE-2012-2948). \n\nImpact\n======\n\nA remote attacker could execute arbitrary code with the privileges of\nthe process or cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Asterisk users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/asterisk-1.8.12.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2414\n[ 2 ] CVE-2012-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2415\n[ 3 ] CVE-2012-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2416\n[ 4 ] CVE-2012-2947\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2947\n[ 5 ] CVE-2012-2948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2948\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. When an SCCP client \n closes its connection to the server, a pointer in a \n structure is set to Null. If the client was not in the \n on-hook state at the time the connection was closed, this \n pointer is later dereferenced. \"Off hook\") to crash \n the server. Successful exploitation of this vulnerability \n would result in termination of the server, causing denial \n of service to legitimate users.\" \n\n Resolution The pointer to the device in the structure is now checked \n before it is dereferenced in the channel event callbacks and \n message handling functions. \n\n Affected Versions\n Product Release Series \n Asterisk Open Source 1.8.x All Versions \n Asterisk Open Source 10.x All Versions \n Certified Asterisk 1.8.11-cert 1.8.11-cert1 \n\n Corrected In\n Product Release \n Asterisk Open Source 1.8.12.1, 10.4.1 \n Certified Asterisk 1.8.11-cert2 \n\n Patches \n SVN URL Revision \nhttp://downloads.asterisk.org/pub/security/AST-2012-008-1.8.diff v1.8 \nhttp://downloads.asterisk.org/pub/security/AST-2012-008-10.diff v10 \nhttp://downloads.asterisk.org/pub/security/AST-2012-008-1.8.11-cert.diff v1.8.11-cert \n\n Links https://issues.asterisk.org/jira/browse/ASTERISK-19905 \n\n Asterisk Project Security Advisories are posted at \n http://www.asterisk.org/security \n \n This document may be superseded by later versions; if so, the latest \n version will be posted at \n http://downloads.digium.com/pub/security/AST-2012-008.pdf and \n http://downloads.digium.com/pub/security/AST-2012-008.html \n\n Revision History\n Date Editor Revisions Made \n 05/25/2012 Matt Jordan Initial Release \n\n Asterisk Project Security Advisory - AST-2012-008\n Copyright (c) 2012 Digium, Inc. All Rights Reserved. \n Permission is hereby granted to distribute and publish this advisory in its\n original, unaltered form. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\nIn addition, it was discovered that Asterisk does not set the\nalwaysauthreject option by default in the SIP channel driver. This\nallows remote attackers to observe a difference in response behavior\nand check for the presence of account names. (CVE-2011-2666) System\nadministrators concerned by this user enumerating vulnerability should\nenable the alwaysauthreject option in the configuration. We do not\nplan to change the default setting in the stable version\n(Asterisk 1.6) in order to preserve backwards compatibility. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1:1.8.13.0~dfsg-1. \n\nWe recommend that you upgrade your asterisk packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niQEcBAEBAgAGBQJP15u9AAoJEL97/wQC1SS+Pu0H/0ZPFRSNpL+hJKd7b5FGF6al\nBZSp51eAC0d2mEFWMml4DAvx6u1gMPzrO9PPNgsEc6gxNyD4Stj+rF54h6X5i5NR\nZSlyeQTQ292J18+LdANYWwxQJyzNNthNmYL/2AiR6z2BRnD3ZqHiPbWGv0FV4Vyw\nrT8fZ7ujp7CQlFGwcqjPxUzBqEq5U2raN2K9BoP6zpu8mHf9WzcmL4KZR/wJxMkf\n04McrMttF++gM3atFSSXCWC5Bpj8q0xpr3YIv0dI8+fWPFpevNX2MBM+diS06iNc\nPUWfCPTy2Psl46dC3J+JeF8TPWE/HCmV98DD54DEv0R1tPUmNm362dtfiutiBbQ=\n=Wy1e\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nAsterisk Two Denial of Service Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49303\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49303/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49303\n\nRELEASE DATE:\n2012-05-30\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49303/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49303/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49303\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in Asterisk, which can be\nexploited by malicious people to cause a DoS (Denial of Service). \n\n1) An error in IAX2 channel driver within the\n\"handle_request_update()\" function (channels/chan_sip.c) when placing\nan established call on hold can be exploited to cause a crash via\nspecially crafted packets. \n\nSuccessful exploitation of this vulnerability requires that the\nsetting mohinterpret=passthrough is set and that the call is placed\non hold without a suggested music-on-hold class name. \n\n2) An error in SCCP (Skinny) channel driver (channels/chan_skinny.c)\nwhen handling termination of a client\u0027s connection can be exploited\nto cause a crash by closing a connection to the server in certain\ncall states. \n\nThe vulnerabilities are reported in versions 1.8.11-cert prior to\n1.8.11-cert2, 1.8.x prior to 1.8.12.1, and 10.x prior to 10.4.1. \n\nSOLUTION:\nUpdate to a fixed version. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) mgrobecker\n2) Christoph Hebeisen\n\nORIGINAL ADVISORY:\nhttp://downloads.asterisk.org/pub/security/AST-2012-007.html\nhttp://downloads.asterisk.org/pub/security/AST-2012-008.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2948"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002590"
},
{
"db": "BID",
"id": "53723"
},
{
"db": "PACKETSTORM",
"id": "113979"
},
{
"db": "PACKETSTORM",
"id": "113113"
},
{
"db": "PACKETSTORM",
"id": "113546"
},
{
"db": "PACKETSTORM",
"id": "113124"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2948",
"trust": 3.0
},
{
"db": "BID",
"id": "53723",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "49303",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1027103",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002590",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201205-525",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "113979",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113113",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113546",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113124",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "53723"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002590"
},
{
"db": "PACKETSTORM",
"id": "113979"
},
{
"db": "PACKETSTORM",
"id": "113113"
},
{
"db": "PACKETSTORM",
"id": "113546"
},
{
"db": "PACKETSTORM",
"id": "113124"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-525"
},
{
"db": "NVD",
"id": "CVE-2012-2948"
}
]
},
"id": "VAR-201206-0140",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.348297215
},
"last_update_date": "2024-11-23T21:02:58.171000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AST-2012-008",
"trust": 0.8,
"url": "http://downloads.asterisk.org/pub/security/AST-2012-008.html"
},
{
"title": "DSA-2493",
"trust": 0.8,
"url": "http://www.debian.org/security/2012/dsa-2493"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002590"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002590"
},
{
"db": "NVD",
"id": "CVE-2012-2948"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://downloads.asterisk.org/pub/security/ast-2012-008.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/53723"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/49303"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937"
},
{
"trust": 1.0,
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2012/dsa-2493"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id?1027103"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2948"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2948"
},
{
"trust": 0.3,
"url": "http://www.asterisk.org/"
},
{
"trust": 0.3,
"url": "http://downloads.asterisk.org/pub/security/ast-2012-008.pdf"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2948"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2947"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2948"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2415"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2415"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201206-05.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2414"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2416"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2947"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2414"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2416"
},
{
"trust": 0.1,
"url": "http://www.asterisk.org/security"
},
{
"trust": 0.1,
"url": "https://issues.asterisk.org/jira/browse/asterisk-19905"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2012-008-1.8.diff"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2012-008.html"
},
{
"trust": 0.1,
"url": "http://downloads.digium.com/pub/security/ast-2012-008.pdf"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2012-008-10.diff"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2012-008-1.8.11-cert.diff"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49303"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49303/"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://downloads.asterisk.org/pub/security/ast-2012-007.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49303/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "BID",
"id": "53723"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002590"
},
{
"db": "PACKETSTORM",
"id": "113979"
},
{
"db": "PACKETSTORM",
"id": "113113"
},
{
"db": "PACKETSTORM",
"id": "113546"
},
{
"db": "PACKETSTORM",
"id": "113124"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-525"
},
{
"db": "NVD",
"id": "CVE-2012-2948"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "53723"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002590"
},
{
"db": "PACKETSTORM",
"id": "113979"
},
{
"db": "PACKETSTORM",
"id": "113113"
},
{
"db": "PACKETSTORM",
"id": "113546"
},
{
"db": "PACKETSTORM",
"id": "113124"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-525"
},
{
"db": "NVD",
"id": "CVE-2012-2948"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-29T00:00:00",
"db": "BID",
"id": "53723"
},
{
"date": "2012-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002590"
},
{
"date": "2012-06-21T04:39:39",
"db": "PACKETSTORM",
"id": "113979"
},
{
"date": "2012-05-29T23:38:21",
"db": "PACKETSTORM",
"id": "113113"
},
{
"date": "2012-06-12T20:50:36",
"db": "PACKETSTORM",
"id": "113546"
},
{
"date": "2012-05-30T03:42:47",
"db": "PACKETSTORM",
"id": "113124"
},
{
"date": "2012-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-525"
},
{
"date": "2012-06-02T15:55:01.027000",
"db": "NVD",
"id": "CVE-2012-2948"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-22T00:10:00",
"db": "BID",
"id": "53723"
},
{
"date": "2012-06-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002590"
},
{
"date": "2012-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-525"
},
{
"date": "2024-11-21T01:40:00.380000",
"db": "NVD",
"id": "CVE-2012-2948"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "113979"
},
{
"db": "PACKETSTORM",
"id": "113113"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-525"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Certified Asterisk and Asterisk Open Source Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002590"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-525"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.