Test Kennung:	1.3.6.1.4.1.25623.1.0.802838
Kategorie:	Buffer overflow
Titel:	Asterisk HTTP Manager Buffer Overflow Vulnerability
Zusammenfassung:	Asterisk is prone to a buffer overflow vulnerability.
Beschreibung:	Summary: Asterisk is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw is due to an error in the 'ast_parse_digest()' function (main/utils.c) in HTTP Manager, which fails to handle 'HTTP Digest Authentication' information sent via a crafted request with an overly long string. Vulnerability Impact: Successful exploitation may allow remote attackers to execute arbitrary code within the context of the application or cause a denial of service condition. Affected Software/OS: Asterisk version 1.8.x before 1.8.10.1, 10.x before 10.2.1 and 10.3.0. Solution: Upgrade to Asterisk 1.8.10.1, 10.2.1 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1184 1026813 http://www.securitytracker.com/id?1026813 48417 http://secunia.com/advisories/48417 80126 http://osvdb.org/80126 [oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws http://www.openwall.com/lists/oss-security/2012/03/16/10 [oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws http://www.openwall.com/lists/oss-security/2012/03/16/17 asterisk-astparsedigest-bo(74083) https://exchange.xforce.ibmcloud.com/vulnerabilities/74083 http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff http://downloads.asterisk.org/pub/security/AST-2012-003.pdf http://www.asterisk.org/node/51797
Copyright	Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.