Published: 30/04/2012 Updated: 14/12/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x prior to 1.8.11.1 and 10.x prior to 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.

Vulnerable Product	Search on Vulmon	Subscribe to Product
asterisk open source 1.6.2.0
asterisk open source 1.6.2.4
asterisk open source 1.6.2.5
asterisk open source 1.6.2.8
asterisk open source 1.6.2.10
asterisk open source 1.6.2.11
asterisk open source 1.6.2.14
asterisk open source 1.6.2.15
asterisk open source 1.6.2.17
asterisk open source 1.6.2.18.1
asterisk open source 1.6.2.18.2
asterisk open source 1.6.2.1
asterisk open source 1.6.2.6
asterisk open source 1.6.2.7
asterisk open source 1.6.2.9
asterisk open source 1.6.2.12
asterisk open source 1.6.2.16
asterisk open source 1.6.2.16.1
asterisk open source 1.6.2.17.2
asterisk open source 1.6.2.17.3
asterisk open source 1.6.2.20
asterisk open source 1.6.2.21
asterisk open source 1.6.2.15.1
asterisk open source 1.6.2.17.1
asterisk open source 1.6.2.19
asterisk open source 1.6.2.2
asterisk open source 1.6.2.3
asterisk open source 1.6.2.13
asterisk open source 1.6.2.16.2
asterisk open source 1.6.2.18
asterisk open source 1.6.2.22
asterisk open source 1.6.2.23
asterisk open source 1.8.0
asterisk open source 1.8.2.1
asterisk open source 1.8.2.2
asterisk open source 1.8.3.1
asterisk open source 1.8.3.2
asterisk open source 1.8.1.1
asterisk open source 1.8.1.2
asterisk open source 1.8.3
asterisk open source 1.8.4
asterisk open source 1.8.6.0
asterisk open source 1.8.7.2
asterisk open source 1.8.8.0
asterisk open source 1.8.9.0
asterisk open source 1.8.10.0
asterisk open source 1.8.1
asterisk open source 1.8.2.3
asterisk open source 1.8.2.4
asterisk open source 1.8.5
asterisk open source 1.8.5.0
asterisk open source 1.8.7.0
asterisk open source 1.8.7.1
asterisk open source 1.8.8.1
asterisk open source 1.8.8.2
asterisk open source 1.8.9.3
asterisk open source 1.8.11.0
asterisk open source 1.8.3.3
asterisk open source 1.8.4.3
asterisk open source 1.8.4.4
asterisk open source 1.8.9.1
asterisk open source 1.8.9.2
asterisk open source 1.8.10.1
asterisk open source 1.8.2
asterisk open source 1.8.4.1
asterisk open source 1.8.4.2
asterisk open source 10.0.0
asterisk open source 10.1.0
asterisk open source 10.1.1
asterisk open source 10.2.0
asterisk open source 10.2.1
asterisk open source 10.0.1
asterisk open source 10.3.0
asterisk open source 10.1.2
asterisk open source 10.1.3

Debian Bug report logs - #670180 CVE-2012-2414 CVE-2012-2415 CVE-2012-2416 Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 23 Apr 2012 18 ...

CWE-119 http://downloads.asterisk.org/pub/security/AST-2012-006.html http://secunia.com/advisories/48891 https://issues.asterisk.org/jira/browse/ASTERISK-19770 http://www.securityfocus.com/bid/53205 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html https://exchange.xforce.ibmcloud.com/vulnerabilities/75101 http://www.securitytracker.com/id?1026963 http://osvdb.org/81456 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670180 https://nvd.nist.gov

CVE-2012-2416

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect