Summary
This host is running Asterisk and is prone to buffer overflow vulnerability.
Impact
Successful exploitation may allow remote attackers to execute arbitrary code within the context of the application or cause a denial of service condition.
Impact Level: System/Application
Solution
Upgrade to Asterisk 1.8.10.1, 10.2.1 or later,
For updates refer to http://downloads.asterisk.org/pub/security/AST-2012-003.html
Insight
The flaw is due to an error in the 'ast_parse_digest()' function (main/utils.c) in HTTP Manager, which fails to handle 'HTTP Digest Authentication' information sent via a crafted request with an overly long string.
Affected
Asterisk version 1.8.x before 1.8.10.1, 10.x before 10.2.1 and 10.3.0
References
Severity
Classification
-
CVE CVE-2012-1184 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows)
- Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability
- Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Windows)
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Mac OS X)
- Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Mac OS X)