PT-2012-5015 · Digium · Asterisk Digiumphones+2
Nicolas Bouliane
·
Publicado
2012-07-09
·
Atualizado
2013-04-19
·
CVE-2012-3812
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Asterisk Open Source versions 1.8.x through 1.8.13.0
Asterisk Open Source version 10.x through 10.5.1
Certified Asterisk versions 1.8.11-certx through 1.8.11-cert3
Asterisk Digiumphones versions 10.x.x-digiumphones through 10.5.1-digiumphones
Description
The issue allows remote authenticated users to cause a denial of service by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox, resulting in a daemon crash.
Recommendations
For Asterisk Open Source versions 1.8.x through 1.8.13.0, update to version 1.8.13.1 or later.
For Asterisk Open Source version 10.x through 10.5.1, update to version 10.5.2 or later.
For Certified Asterisk versions 1.8.11-certx through 1.8.11-cert3, update to version 1.8.11-cert4 or later.
For Asterisk Digiumphones versions 10.x.x-digiumphones through 10.5.1-digiumphones, update to version 10.5.2-digiumphones or later.
Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Asterisk Digiumphones
Asterisk Open Source
Certified Asterisk