Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1183

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1183
Last Modified 28 Dec 2012 11:39:01
Published 18 Sep 2012 02:55:04
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1183

Summary

Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet.

Vulnerable Systems

Application

  • Digium Asterisk 1.4.0

  • Digium Asterisk 1.4.1

  • Digium Asterisk 1.4.10

  • Digium Asterisk 1.4.10.1

  • Digium Asterisk 1.4.11

  • Digium Asterisk 1.4.12

  • Digium Asterisk 1.4.12.1

  • Digium Asterisk 1.4.13

  • Digium Asterisk 1.4.14

  • Digium Asterisk 1.4.15

  • Digium Asterisk 1.4.16

  • Digium Asterisk 1.4.16.1

  • Digium Asterisk 1.4.16.2

  • Digium Asterisk 1.4.17

  • Digium Asterisk 1.4.18

  • Digium Asterisk 1.4.19

  • Digium Asterisk 1.4.19.1

  • Digium Asterisk 1.4.19.2

  • Digium Asterisk 1.4.2

  • Digium Asterisk 1.4.20

  • Digium Asterisk 1.4.20.1

  • Digium Asterisk 1.4.21

  • Digium Asterisk 1.4.21.1

  • Digium Asterisk 1.4.21.2

  • Digium Asterisk 1.4.22

  • Digium Asterisk 1.4.22.1

  • Digium Asterisk 1.4.22.2

  • Digium Asterisk 1.4.23

  • Digium Asterisk 1.4.23.1

  • Digium Asterisk 1.4.23.2

  • Digium Asterisk 1.4.24

  • Digium Asterisk 1.4.24.1

  • Digium Asterisk 1.4.25

  • Digium Asterisk 1.4.25.1

  • Digium Asterisk 1.4.26

  • Digium Asterisk 1.4.26.1

  • Digium Asterisk 1.4.26.2

  • Digium Asterisk 1.4.26.3

  • Digium Asterisk 1.4.27

  • Digium Asterisk 1.4.27.1

  • Digium Asterisk 1.4.28

  • Digium Asterisk 1.4.29

  • Digium Asterisk 1.4.29.1

  • Digium Asterisk 1.4.3

  • Digium Asterisk 1.4.30

  • Digium Asterisk 1.4.31

  • Digium Asterisk 1.4.32

  • Digium Asterisk 1.4.33

  • Digium Asterisk 1.4.33.1

  • Digium Asterisk 1.4.34

  • Digium Asterisk 1.4.35

  • Digium Asterisk 1.4.36

  • Digium Asterisk 1.4.37

  • Digium Asterisk 1.4.38

  • Digium Asterisk 1.4.39

  • Digium Asterisk 1.4.39.1

  • Digium Asterisk 1.4.39.2

  • Digium Asterisk 1.4.4

  • Digium Asterisk 1.4.40

  • Digium Asterisk 1.4.40.1

  • Digium Asterisk 1.4.40.2

  • Digium Asterisk 1.4.41

  • Digium Asterisk 1.4.41.1

  • Digium Asterisk 1.4.41.2

  • Digium Asterisk 1.4.42

  • Digium Asterisk 1.4.43

  • Digium Asterisk 1.4.5

  • Digium Asterisk 1.4.6

  • Digium Asterisk 1.4.7

  • Digium Asterisk 1.4.7.1

  • Digium Asterisk 1.4.8

  • Digium Asterisk 1.4.9

  • Digium Asterisk 1.6.0

  • Digium Asterisk 1.6.0.1

  • Digium Asterisk 1.6.0.10

  • Digium Asterisk 1.6.0.11

  • Digium Asterisk 1.6.0.12

  • Digium Asterisk 1.6.0.13

  • Digium Asterisk 1.6.0.14

  • Digium Asterisk 1.6.0.15

  • Digium Asterisk 1.6.0.16

  • Digium Asterisk 1.6.0.17

  • Digium Asterisk 1.6.0.18

  • Digium Asterisk 1.6.0.19

  • Digium Asterisk 1.6.0.2

  • Digium Asterisk 1.6.0.20

  • Digium Asterisk 1.6.0.21

  • Digium Asterisk 1.6.0.22

  • Digium Asterisk 1.6.0.23

  • Digium Asterisk 1.6.0.24

  • Digium Asterisk 1.6.0.25

  • Digium Asterisk 1.6.0.26

  • Digium Asterisk 1.6.0.3

  • Digium Asterisk 1.6.0.4

  • Digium Asterisk 1.6.0.5

  • Digium Asterisk 1.6.0.6

  • Digium Asterisk 1.6.0.7

  • Digium Asterisk 1.6.0.8

  • Digium Asterisk 1.6.0.9

  • Digium Asterisk 1.6.1

  • Digium Asterisk 1.6.1.0

  • Digium Asterisk 1.6.1.1

  • Digium Asterisk 1.6.1.10

  • Digium Asterisk 1.6.1.11

  • Digium Asterisk 1.6.1.12

  • Digium Asterisk 1.6.1.13

  • Digium Asterisk 1.6.1.14

  • Digium Asterisk 1.6.1.15

  • Digium Asterisk 1.6.1.16

  • Digium Asterisk 1.6.1.17

  • Digium Asterisk 1.6.1.18

  • Digium Asterisk 1.6.1.19

  • Digium Asterisk 1.6.1.2

  • Digium Asterisk 1.6.1.20

  • Digium Asterisk 1.6.1.21

  • Digium Asterisk 1.6.1.22

  • Digium Asterisk 1.6.1.23

  • Digium Asterisk 1.6.1.24

  • Digium Asterisk 1.6.1.3

  • Digium Asterisk 1.6.1.4

  • Digium Asterisk 1.6.1.5

  • Digium Asterisk 1.6.1.6

  • Digium Asterisk 1.6.1.7

  • Digium Asterisk 1.6.1.8

  • Digium Asterisk 1.6.1.9

  • Digium Asterisk 1.6.2.0

  • Digium Asterisk 1.6.2.1

  • Digium Asterisk 1.6.2.15

  • Digium Asterisk 1.6.2.16

  • Digium Asterisk 1.6.2.16.1

  • Digium Asterisk 1.6.2.16.2

  • Digium Asterisk 1.6.2.17

  • Digium Asterisk 1.6.2.17.1

  • Digium Asterisk 1.6.2.17.2

  • Digium Asterisk 1.6.2.17.3

  • Digium Asterisk 1.6.2.18

  • Digium Asterisk 1.6.2.18.1

  • Digium Asterisk 1.6.2.18.2

  • Digium Asterisk 1.6.2.19

  • Digium Asterisk 1.6.2.2

  • Digium Asterisk 1.6.2.20

  • Digium Asterisk 1.6.2.21

  • Digium Asterisk 1.6.2.22

  • Digium Asterisk 1.6.2.3

  • Digium Asterisk 1.6.2.4

  • Digium Asterisk 1.6.2.5

  • Digium Asterisk 1.6.2.6

  • Digium Asterisk 1.8.0

  • Digium Asterisk 1.8.1

  • Digium Asterisk 1.8.1.1

  • Digium Asterisk 1.8.1.2

  • Digium Asterisk 1.8.10.0

  • Digium Asterisk 1.8.2

  • Digium Asterisk 1.8.2.1

  • Digium Asterisk 1.8.2.2

  • Digium Asterisk 1.8.2.3

  • Digium Asterisk 1.8.2.4

  • Digium Asterisk 1.8.3

  • Digium Asterisk 1.8.3.1

  • Digium Asterisk 1.8.3.2

  • Digium Asterisk 1.8.3.3

  • Digium Asterisk 1.8.4

  • Digium Asterisk 1.8.4.1

  • Digium Asterisk 1.8.4.2

  • Digium Asterisk 1.8.4.3

  • Digium Asterisk 1.8.4.4

  • Digium Asterisk 1.8.5

  • Digium Asterisk 1.8.5.0

  • Digium Asterisk 1.8.6.0

  • Digium Asterisk 1.8.7.0

  • Digium Asterisk 1.8.7.1

  • Digium Asterisk 1.8.8.0

  • Digium Asterisk 1.8.8.1

  • Digium Asterisk 1.8.8.2

  • Digium Asterisk 1.8.9.0

  • Digium Asterisk 1.8.9.1

  • Digium Asterisk 1.8.9.2

  • Digium Asterisk 1.8.9.3

  • Digium Asterisk 10.0.0

  • Digium Asterisk 10.0.1

  • Digium Asterisk 10.1.0

  • Digium Asterisk 10.1.1

  • Digium Asterisk 10.1.2

  • Digium Asterisk 10.1.3

  • Digium Asterisk 10.2.0


References

XF - asterisk-milliwattgenerate-dos(74082)

BID - 52523

MLIST - [oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws

MLIST - [oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws

CONFIRM - http://www.asterisk.org/node/51797

SECTRACK - 1026812

SECUNIA - 48417

OSVDB - 80125

CONFIRM - http://downloads.asterisk.org/pub/security/AST-2012-002.pdf

CONFIRM - http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff

BUGTRAQ - 20120315 AST-2012-002: Remote Crash Vulnerability in Milliwatt Application

DEBIAN - DSA-2460

SECUNIA - 48941


Last Updated: 27 May 2016 11:00:44