PT-2012-4385 · Digium · Asterisk
Mgrobecker
·
Publicado
2012-06-02
·
Atualizado
2017-11-13
·
CVE-2012-2947
CVSS v2.0
2.6
Baixa
| Vetor | AV:N/AC:H/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Asterisk Open Source versions 1.8.x through 1.8.12.0
Asterisk Open Source versions 10.x through 10.4.0
Certified Asterisk versions 1.8.11-cert through 1.8.11-cert1
Description
The issue allows remote attackers to cause a denial of service by placing a call on hold when a certain mohinterpret setting is enabled. This can lead to a daemon crash.
Recommendations
For Asterisk Open Source versions 1.8.x through 1.8.12.0, update to version 1.8.12.1 or later.
For Asterisk Open Source versions 10.x through 10.4.0, update to version 10.4.1 or later.
For Certified Asterisk versions 1.8.11-cert through 1.8.11-cert1, update to version 1.8.11-cert2 or later.
Correção
DoS
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Asterisk