Debian Asterisk vulnerabilities

CVE-2012-1184 [HIGH] CVE-2012-1184: asterisk - Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in ... Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header. Scope: local bullseye: resolved (fixed in 1:1.8.10.0~dfsg-1) sid: resolved (fixe

CVE-2012-3812 [MEDIUM] CVE-2012-3812: asterisk - Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x ... Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions

CVE-2012-0885 [MEDIUM] CVE-2012-0885: asterisk - chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, ... chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSip

CVE-2012-2415 [MEDIUM] CVE-2012-2415: asterisk - Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Aste... Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events. Scope: local bullseye: resolved (fixed in 1:1.8.

CVE-2012-5976 [MEDIUM] CVE-2012-5976: asterisk - Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before ... Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or

CVE-2012-3863 [MEDIUM] CVE-2012-3863: asterisk - channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x befor... channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenti

CVE-2012-2416 [MEDIUM] CVE-2012-2416: asterisk - chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11... chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an asso

CVE-2012-4737 [MEDIUM] CVE-2012-4737: asterisk - channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x befo... channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users

CVE-2012-1183 [MEDIUM] CVE-2012-1183: asterisk - Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt a... Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an

CVE-2012-2414 [MEDIUM] CVE-2012-2414: asterisk - main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1... main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonit

CVE-2012-5977 [MEDIUM] CVE-2012-5977: asterisk - Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before... Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources

CVE-2012-2948 [MEDIUM] CVE-2012-2948: asterisk - chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.... chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode. Scope: local bullseye: resolved (fixed i

CVE-2012-3553 [MEDIUM] CVE-2012-3553: asterisk - chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10... chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948. Scope: local bullseye: resolved sid: resol

CVE-2012-2947 [LOW] CVE-2012-2947: asterisk - chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before ... chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold. Scope: local bullseye: resolved (fixed in 1:1.8.13.0~dfsg-1) si

CVE-2011-1599 [CRITICAL] CVE-2011-1599: asterisk - manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1... manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an

CVE-2011-4598 [MEDIUM] CVE-2011-4598: asterisk - The handle_request_info function in channels/chan_sip.c in Asterisk Open Source ... The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests. Scope: local bullseye: resolved (fixed in 1:1.8.8.0~dfsg-1) sid: resolved (

CVE-2011-1174 [MEDIUM] CVE-2011-1174: asterisk - manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.... manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data. Scope: local bullseye: resolved (fixed in 1:1.8.3.3-1) sid: resolved (fixed in 1:1.8.3.3-1)

CVE-2011-1507 [MEDIUM] CVE-2011-1507: asterisk - Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x bef... Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via

CVE-2011-2665 [MEDIUM] CVE-2011-2665: asterisk - reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before ... reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character. Scope: local bullseye: resolved (fixed in 1:1.8.4.3-1) sid: resolved (fixed in 1:1.8.4.3-1)

CVE-2011-2216 [MEDIUM] CVE-2011-2216: asterisk - reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before ... reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header. Scope: local bullseye: resolved (fixed in 1:1.8.4.2-1) sid: resolved (fixed in 1:1.8.4.2-1)