Showing 1 - 4 of 4

CVE-2012-4737

Status Candidate

Overview

channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.

Related Files

Gentoo Linux Security Advisory 201209-15: Posted Sep 27, 2012; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201209-15 - Multiple vulnerabilities have been found in Asterisk, the worst of which may allow execution of arbitrary code. Versions less than 1.8.15.1 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2012-2186, CVE-2012-3812, CVE-2012-3863, CVE-2012-4737; SHA-256 | bccd128d49f6ddd12f9fdc3ccbed4ad624ecf2505e5d150dfb3ea40d3efb42ed; Download | Favorite | View

Debian Security Advisory 2550-2: Posted Sep 26, 2012; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2550-2 - A regression in the SIP handling code was found in DSA-2550-1.; tags | advisory; systems | linux, debian; advisories | CVE-2012-2186, CVE-2012-3812, CVE-2012-3863, CVE-2012-4737; SHA-256 | 257470c284274fc1fd3cbf8ec8dbccf6abb979bacacbe6ada54bc3a32de3c9fb; Download | Favorite | View

Debian Security Advisory 2550-1: Posted Sep 19, 2012; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2550-1 - Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, allowing privilege escalation in the Asterisk Manager, denial of service or privilege escalation.; tags | advisory, denial of service, vulnerability; systems | linux, debian; advisories | CVE-2012-2186, CVE-2012-3812, CVE-2012-3863, CVE-2012-4737; SHA-256 | 0698ea1591368544fbc9b217c600f16c59b3a68703988ddf1eb9742697d1d389; Download | Favorite | View

Asterisk Project Security Advisory - AST-2012-013: Posted Aug 30, 2012; Authored by Matt Jordan | Site asterisk.org; Asterisk Project Security Advisory - When an IAX2 call is made using the credentials of a peer defined in a dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that peer are not applied to the call attempt. This allows for a remote attacker who is aware of a peer's credentials to bypass the ACL rules set for that peer.; tags | advisory, remote; advisories | CVE-2012-4737; SHA-256 | 1dbe89247fe8ae0e746deba8d087c0a2e8f0db2a220148bcfd8d8c829b97520c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 61 files
Debian 20 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,160)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,842)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,249)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,975)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2012-4737

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems