4.3

CVE-2012-0885

Exploit
chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AsteriskOpen Source Version1.8.0
AsteriskOpen Source Version1.8.0 Updatebeta1
AsteriskOpen Source Version1.8.0 Updatebeta2
AsteriskOpen Source Version1.8.0 Updatebeta3
AsteriskOpen Source Version1.8.0 Updatebeta4
AsteriskOpen Source Version1.8.0 Updatebeta5
AsteriskOpen Source Version1.8.0 Updaterc2
AsteriskOpen Source Version1.8.0 Updaterc3
AsteriskOpen Source Version1.8.0 Updaterc4
AsteriskOpen Source Version1.8.0 Updaterc5
AsteriskOpen Source Version1.8.1
AsteriskOpen Source Version1.8.1 Updaterc1
AsteriskOpen Source Version1.8.1.1
AsteriskOpen Source Version1.8.1.2
AsteriskOpen Source Version1.8.2
AsteriskOpen Source Version1.8.2 Updaterc1
AsteriskOpen Source Version1.8.2.1
AsteriskOpen Source Version1.8.2.2
AsteriskOpen Source Version1.8.2.3
AsteriskOpen Source Version1.8.2.4
AsteriskOpen Source Version1.8.3
AsteriskOpen Source Version1.8.3 Updaterc1
AsteriskOpen Source Version1.8.3 Updaterc2
AsteriskOpen Source Version1.8.3 Updaterc3
AsteriskOpen Source Version1.8.3.1
AsteriskOpen Source Version1.8.3.2
AsteriskOpen Source Version1.8.3.3
AsteriskOpen Source Version1.8.4
AsteriskOpen Source Version1.8.4 Updaterc1
AsteriskOpen Source Version1.8.4 Updaterc2
AsteriskOpen Source Version1.8.4 Updaterc3
AsteriskOpen Source Version1.8.4.1
AsteriskOpen Source Version1.8.4.2
AsteriskOpen Source Version1.8.4.3
AsteriskOpen Source Version1.8.4.4
AsteriskOpen Source Version1.8.5 Updaterc1
AsteriskOpen Source Version1.8.5.0
AsteriskOpen Source Version1.8.6.0
AsteriskOpen Source Version1.8.6.0 Updaterc1
AsteriskOpen Source Version1.8.6.0 Updaterc2
AsteriskOpen Source Version1.8.6.0 Updaterc3
AsteriskOpen Source Version1.8.7.0
AsteriskOpen Source Version1.8.7.0 Updaterc1
AsteriskOpen Source Version1.8.7.0 Updaterc2
AsteriskOpen Source Version1.8.7.1
AsteriskOpen Source Version1.8.7.2
AsteriskOpen Source Version1.8.8.0
AsteriskOpen Source Version1.8.8.0 Updaterc1
AsteriskOpen Source Version1.8.8.0 Updaterc2
AsteriskOpen Source Version1.8.8.0 Updaterc3
AsteriskOpen Source Version1.8.8.0 Updaterc4
AsteriskOpen Source Version1.8.8.0 Updaterc5
AsteriskOpen Source Version1.8.8.1
AsteriskOpen Source Version10.0.0
AsteriskOpen Source Version10.0.0 Updatebeta1
AsteriskOpen Source Version10.0.0 Updatebeta2
AsteriskOpen Source Version10.0.0 Updaterc1
AsteriskOpen Source Version10.0.0 Updaterc2
AsteriskOpen Source Version10.0.0 Updaterc3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.5% 0.826
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff
Patch
http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff
Patch
http://downloads.asterisk.org/pub/security/AST-2012-001.html
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/01/20/16
http://www.openwall.com/lists/oss-security/2012/01/20/18
https://bugzilla.redhat.com/show_bug.cgi?id=783487
https://issues.asterisk.org/jira/browse/ASTERISK-19202
https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patch
Exploit