Информационная безопасность
[RU] switch to English


Уязвимости безопасности в Asterisk
Опубликовано:31 мая 2012 г.
Источник:
SecurityVulns ID:12393
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS-условия при разборе протоколов Skinny и IAX2.
Затронутые продукты:ASTERISK : Asterisk 1.8
 ASTERISK : Asterisk 10.4
CVE:CVE-2012-2948 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.)
 CVE-2012-2947 (chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.)
Оригинальный текстdocumentASTERISK, AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability (31.05.2012)
 documentASTERISK, AST-2012-007: Remote crash vulnerability in IAX2 channel driver. (31.05.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород