CVE-2012-5976
https://notcve.org/view.php?id=CVE-2012-5976
Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol. Multiples vulnerabilidades de consumo en Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, y v11.x anteriores a v11.1.2; Certified Asterisk v1.8.11 anteriores a v1.8.11-cert10; y Asterisk Digiumphones 10.x-digiumphones anteriores a 10.11.1-digiumphones permite a atacantes remotos provocar una denegación de servicio (caíde del demonio) a través de datos TCP usando los protocolos (1) SIP, (2) HTTP, o (3) XMPP. • http://downloads.asterisk.org/pub/security/AST-2012-014 http://www.debian.org/security/2013/dsa-2605 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-4737
https://notcve.org/view.php?id=CVE-2012-4737
channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. channels/chan_iax2.c en Asterisk Open Source v1.8.x antes de v1.8.15.1 y v10.x antes de v10.7.1, Certified Asterisk v1.8.11-1.8.11 antes de cert7, Digiumphones Asterisk v10.xx-digiumphones antes de v10.7.1-digiumphones y Asterisk Business Edition C.3.x antes de C.3.7.6 no hace cumplir las reglas de ACL durante ciertos usos del par de credenciales, lo que permite a usuarios remotos autenticados eludir las restricciones de llamadas de salida aprovechándose de la disponibilidad de estas credenciales. • http://downloads.asterisk.org/pub/security/AST-2012-013.html http://secunia.com/advisories/50687 http://secunia.com/advisories/50756 http://www.debian.org/security/2012/dsa-2550 http://www.securityfocus.com/bid/55335 http://www.securitytracker.com/id?1027461 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-3863
https://notcve.org/view.php?id=CVE-2012-3863
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses. Asterisk Open Source v1.8.x anterior a v1.8.13.1 y v10.x anterior a v10.5.2, Asterisk Business Edition vC.3.x anterior a vC.3.7.5, Certified Asterisk v1.8.11-certx anterior a v1.8.11-cert4, y Asterisk Digiumphones v10.x.x-digiumphones anterior a v10.5.2-digiumphones no maneja una respuesta provisional a una petición SIP reINVITE de forma adecuada, lo que permite a atacantes remotos autenticados provocar una denegación de servicio (agotamiento de puerto RTP) a través de sesiones que carecen de repuestas finales. • http://downloads.asterisk.org/pub/security/AST-2012-010.html http://secunia.com/advisories/50687 http://secunia.com/advisories/50756 http://www.debian.org/security/2012/dsa-2550 http://www.securityfocus.com/bid/54327 https://issues.asterisk.org/jira/browse/ASTERISK-19992 • CWE-399: Resource Management Errors •
CVE-2012-3812
https://notcve.org/view.php?id=CVE-2012-3812
Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox. vulnerabilidad de doble liberación en apps/app_voicemail.c en Asterisk Open Source v1.8.x anteriores v1.8.13.1 y v10.x anteriores a v10.5.2, Certified Asterisk v1.8.11-certx anteriores a v1.8.11-cert4, y Asterisk Digiumphones v10.x.x-digiumphones anteriores a v10.5.2-digiumphones permite a usuarios autenticados remotos a provocar una denegación de servicio (caída del demonio) debido al establecimiento de múltiples sesiones correo de voz y accediendo a buzón urgente (Urgent) a través del buzón de entrada INBOX. • http://downloads.asterisk.org/pub/security/AST-2012-011.html http://secunia.com/advisories/50687 http://secunia.com/advisories/50756 http://www.debian.org/security/2012/dsa-2550 http://www.securityfocus.com/bid/54317 https://issues.asterisk.org/jira/browse/ASTERISK-20052 • CWE-399: Resource Management Errors •
CVE-2012-2947
https://notcve.org/view.php?id=CVE-2012-2947
chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold. chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes de v10.4.1, cuando una determinada opción mohinterpret está habilitada, permite a atacantes remotos causar una denegación de servicio (caída de demonio) mediante la colocación de una llamada en espera. • http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html http://downloads.asterisk.org/pub/security/AST-2012-007.html http://secunia.com/advisories/49303 http://www.debian.org/security/2012/dsa-2493 http://www.securitytracker.com/id?1027102 • CWE-284: Improper Access Control •