CVE-2012-2947 - Improper Access Control

Severity

26%

Complexity

49%

Confidentiality

48%

chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.

chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.

CVSS 2.0 Base Score 2.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P).

Overview

First reported 12 years ago

2012-06-02 15:55:00

Last updated 7 years ago

2017-11-13 16:44:00

Affected Software

Debian GNU/Linux 6.0

6.0

Digium Asterisk 1.8.0

1.8.0

Digium Asterisk 1.8.0 Beta 1

1.8.0

Digium Asterisk 1.8.0 Beta 2

1.8.0

Digium Asterisk 1.8.0 Beta 3

1.8.0

Digium Asterisk 1.8.0 Beta 4

1.8.0

Digium Asterisk 1.8.0 Beta 5

1.8.0

Digium Asterisk 1.8.0 Release Candidate 2

1.8.0

Digium Asterisk 1.8.0 Release Candidate 3

1.8.0

Digium Asterisk 1.8.0 Release Candidate 4

1.8.0

Digium Asterisk 1.8.0 Release Candidate 5

1.8.0

Digium Asterisk 1.8.1

1.8.1

Digium Asterisk 1.8.1 Release Candidate 1

1.8.1

Digium Asterisk 1.8.1.1

1.8.1.1

Digium Asterisk 1.8.1.2

1.8.1.2

Digium Asterisk 1.8.2

1.8.2

Digium Asterisk 1.8.2.1

1.8.2.1

Digium Asterisk 1.8.2.2

1.8.2.2

Digium Asterisk 1.8.2.3

1.8.2.3

Digium Asterisk 1.8.2.4

1.8.2.4

Digium Asterisk 1.8.3

1.8.3

Digium Asterisk 1.8.3 Release Candidate 1

1.8.3

Digium Asterisk 1.8.3 Release Candidate 2

1.8.3

Digium Asterisk 1.8.3 Release Candidate 3

1.8.3

Digium Asterisk 1.8.3.1

1.8.3.1

Digium Asterisk 1.8.3.2

1.8.3.2

Digium Asterisk 1.8.3.3

1.8.3.3

Digium Asterisk 1.8.4

1.8.4

Digium Asterisk 1.8.4 Release Candidate 1

1.8.4

Digium Asterisk 1.8.4 Release Candidate 2

1.8.4

Digium Asterisk 1.8.4 Release Candidate 3

1.8.4

Digium Asterisk 1.8.4.1

1.8.4.1

Digium Asterisk 1.8.4.2

1.8.4.2

Digium Asterisk 1.8.4.3

1.8.4.3

Digium Asterisk 1.8.4.4

1.8.4.4

Digium Asterisk 1.8.5

1.8.5

Digium Asterisk 1.8.5 release candidate 1

1.8.5

Digium Asterisk 1.8.5.0

1.8.5.0

Digium Asterisk 1.8.6.0

1.8.6.0

Digium Asterisk 1.8.6.0 release candidate 1

1.8.6.0

Digium Asterisk 1.8.6.0 release candidate 2

1.8.6.0

Digium Asterisk 1.8.6.0 release candidate 3

1.8.6.0

Digium Asterisk 1.8.7.0

1.8.7.0

Digium Asterisk 1.8.7.0 release candidate 1

1.8.7.0

Digium Asterisk 1.8.7.0 release candidate 2

1.8.7.0

Digium Asterisk 1.8.7.1

1.8.7.1

Digium Asterisk 1.8.8.0

1.8.8.0

Digium Asterisk 1.8.8.0 release candidate 1

1.8.8.0

Digium Asterisk 1.8.8.0 release candidate 2

1.8.8.0

Digium Asterisk 1.8.8.0 release candidate 3

1.8.8.0

Digium Asterisk 1.8.8.0 release candidate 4

1.8.8.0

Digium Asterisk 1.8.8.0 release candidate 5

1.8.8.0

Digium Asterisk 1.8.8.1

1.8.8.1

Digium Asterisk 1.8.8.2

1.8.8.2

Digium Asterisk 1.8.9.0

1.8.9.0

Digium Asterisk 1.8.9.0 Release Candidate 1

1.8.9.0

Digium Asterisk 1.8.9.0 Release Candidate 2

1.8.9.0

Digium Asterisk 1.8.9.0 Release Candidate 3

1.8.9.0

Digium Asterisk 1.8.9.1

1.8.9.1

Digium Asterisk 1.8.9.2

1.8.9.2

Digium Asterisk 1.8.9.3

1.8.9.3

Digium Asterisk Open Source 1.8.10.0

1.8.10.0

Digium Asterisk Open Source 1.8.10.0 Release Candidate 1

1.8.10.0

Digium Asterisk Open Source 1.8.10.0 Release Candidate 2

1.8.10.0

Digium Asterisk Open Source 1.8.10.0 Release Candidate 3

1.8.10.0

Digium Asterisk Open Source 1.8.10.0 Release Candidate 4

1.8.10.0

Digium Asterisk 1.8.10.1

1.8.10.1

Digium Asterisk Open Source 1.8.11.0

1.8.11.0

Digium Asterisk Open Source 1.8.11.0 Release Candidate 2

1.8.11.0

Digium Asterisk Open Source 1.8.11.0 Release Candidate 3

1.8.11.0

Digium Asterisk Open Source 1.8.11.1

1.8.11.1

Digium Asterisk Open Source 1.8.1.12

1.8.12

Digium Asterisk Open Source 1.8.1.12.0

1.8.12.0

Digium Asterisk 1.8.12.0 release candidate 1

1.8.12.0

Digium Asterisk 1.8.12.0 release candidate 2

1.8.12.0

Digium Asterisk 1.8.12.0 release candidate 3

1.8.12.0

Digium Asterisk 10.0.0

10.0.0

Digium Asterisk 10.0.0 beta1

10.0.0

Digium Asterisk 10.0.0 beta2

10.0.0

Digium Asterisk 10.0.0 release candidate 1

10.0.0

Digium Asterisk 10.0.0 release candidate 2

10.0.0

Digium Asterisk 10.0.0 release candidate 3

10.0.0

Digium Asterisk 10.0.1

10.0.1

Digium Asterisk 10.1.0

10.1.0

Digium Asterisk 10.1.0 release candidate 1

10.1.0

Digium Asterisk 10.1.0 release candidate 2

10.1.0

Digium Asterisk 10.1.1

10.1.1

Digium Asterisk 10.1.2

10.1.2

Digium Asterisk 10.1.3

10.1.3

Digium Asterisk 10.2.0

10.2.0

Digium Asterisk 10.2.0 release candidate 1

10.2.0

Digium Asterisk 10.2.0 release candidate 2

10.2.0

Digium Asterisk 10.2.0 release candidate 3

10.2.0

Digium Asterisk 10.2.0 release candidate 4

10.2.0

Digium Asterisk 10.2.1

10.2.1

Digium Asterisk 10.3.0

10.3.0

Digium Asterisk 10.3.0 release candidate 2

10.3.0

Digium Asterisk 10.3.0 release candidate 3

10.3.0

Digium Asterisk 10.3.1

10.3.1

Digium Asterisk 10.4.0

10.4.0

Digium Asterisk 10.4.0 release candidate 1

10.4.0

Digium Asterisk 10.4.0 release candidate 2

10.4.0

Digium Asterisk 10.4.0 release candidate 3

10.4.0

Asterisk Certified Asterisk 1.8.11-cert

1.8.11

Asterisk Certified Asterisk 1.8.11-cert1

1.8.11

References

20120529 AST-2012-007: Remote crash vulnerability in IAX2 channel driver.

Broken Link

http://downloads.asterisk.org/pub/security/AST-2012-007.html

Vendor Advisory

49303

Not Applicable

DSA-2493

Third Party Advisory

1027102

Third Party Advisory, VDB Entry

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.