NASLDB: Asterisk Remote Crash Vulnerability in IAX2 Channel Driver (AST-2012-007)
General
ID: 59503
Name: Asterisk Remote Crash Vulnerability in IAX2 Channel Driver (AST-2012-007)
Summary: Checks version in SIP banner.
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C
Port: –
Family: Misc.
Type: Remote
Description
According to the version in its SIP banner, the version of Asterisk
running on the remote host is potentially affected by a vulnerability
that may allow a remote attacker to crash the server. This issue may
be exploited when a call is put on hold and the entity placing the
call on hold contains the configuration item ‘mohinterpret’ set to the
value ‘passthrough’. An additional requirement is that the call is
placed on hold with no ‘music-on-hold’ class name selected.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2012-2947
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2012/05/29
Patch Release: 2012/05/29
Plugin Release: 2012/06/14
Plugin
Version: 1.2
Filename: asterisk_ast_2012_007.nasl
Filesize: 3696 bytes
MD5 Hash: 86970b830640bfc1d5da651081598f9b
Identification: –
Require Keys: Services/udp/sip", "Settings/ParanoidReport
Dependencies: "sip_detection.nasl"
Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack