Published: 02/06/2012 Updated: 13/11/2017

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 231

Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert prior to 1.8.11-cert2 and Asterisk Open Source 1.8.x prior to 1.8.12.1 and 10.x prior to 10.4.1, when a certain mohinterpret setting is enabled, allows remote malicious users to cause a denial of service (daemon crash) by placing a call on hold.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 6.0
digium asterisk 1.8.0
digium asterisk 1.8.3
digium asterisk 1.8.3.1
digium asterisk 1.8.3.2
digium asterisk 1.8.6.0
digium asterisk 1.8.7.0
digium asterisk 1.8.9.0
digium asterisk 1.8.9.2
digium asterisk 1.8.9.3
digium asterisk 1.8.10.0
digium asterisk 1.8.12.0
digium asterisk 1.8.8.0
digium asterisk 1.8.9.1
digium asterisk 1.8.1
digium asterisk 1.8.1.1
digium asterisk 1.8.2.3
digium asterisk 1.8.4
digium asterisk 1.8.5
digium asterisk 1.8.7.1
digium asterisk 1.8.8.2
digium asterisk 1.8.11.1
digium asterisk 1.8.1.2
digium asterisk 1.8.2
digium asterisk 1.8.2.1
digium asterisk 1.8.2.2
digium asterisk 1.8.4.1
digium asterisk 1.8.4.2
digium asterisk 1.8.4.3
digium asterisk 1.8.4.4
digium asterisk 1.8.10.1
digium asterisk 1.8.11.0
digium asterisk 1.8.2.4
digium asterisk 1.8.3.3
digium asterisk 1.8.5.0
digium asterisk 1.8.8.1
digium asterisk 1.8.12
digium asterisk 10.4.0
digium asterisk 10.1.0
digium asterisk 10.0.1
digium asterisk 10.2.0
digium asterisk 10.0.0
digium asterisk 10.3.0
digium asterisk 10.1.3
digium asterisk 10.1.1
digium asterisk 10.3.1
digium asterisk 10.2.1
digium asterisk 10.1.2
digium certified asterisk 1.8.11

Debian Bug report logs - #675210 asterisk: AST-2012-008 (CVE-2012-2948): remote crash issue in chan_skinny Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Tzafrir Cohen <tzafrir@debianorg& ...

Debian Bug report logs - #675204 asterisk: AST-2012-007 (CVE-2012-2947): crash on IAX receiving HOLD without MOH class Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Tzafrir Cohen <tzafrir ...

Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit CVE-2012-2947 The IAX2 channel driver allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold (when a certain mohinterpret setting is enabled) CVE-2012-2948 The Skinny channel driver allows remote authenticated users to cau ...

CWE-284 http://downloads.asterisk.org/pub/security/AST-2012-007.html http://www.debian.org/security/2012/dsa-2493 http://secunia.com/advisories/49303 http://www.securitytracker.com/id?1027102 http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675210 https://www.debian.org/security/./dsa-2493

CVE-2012-2947

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect