Информационная безопасность
[RU] switch to English


Уязвимости безопасности в Asterisk
Опубликовано:2 сентября 2012 г.
Источник:
SecurityVulns ID:12552
Тип:удаленная
Уровень опасности:
5/10
Описание:Выполнение кода в Asterisk Manager, обход ограничений IAX2.
Затронутые продукты:ASTERISK : Asterisk 1.8
 ASTERISK : Asterisk 10.7
CVE:CVE-2012-4737 (channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.)
 CVE-2012-2186 (Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.)
Оригинальный текстdocumentASTERISK, AST-2012-013: ACL rules ignored when placing outbound calls by certain IAX2 users (02.09.2012)
 documentASTERISK, AST-2012-012: Asterisk Manager User Unauthorized Shell Access (02.09.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород