exploit the possibilities
Showing 1 - 4 of 4 RSS Feed

CVE-2012-2186

Status Candidate

Overview

Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.

Related Files

Gentoo Linux Security Advisory 201209-15
Posted Sep 27, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-15 - Multiple vulnerabilities have been found in Asterisk, the worst of which may allow execution of arbitrary code. Versions less than 1.8.15.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2186, CVE-2012-3812, CVE-2012-3863, CVE-2012-4737
MD5 | 31d0015aecdd99834c07c82c76028d83
Debian Security Advisory 2550-2
Posted Sep 26, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2550-2 - A regression in the SIP handling code was found in DSA-2550-1.

tags | advisory
systems | linux, debian
advisories | CVE-2012-2186, CVE-2012-3812, CVE-2012-3863, CVE-2012-4737
MD5 | 8970971ea1e6c6b2141d29b930df9fc1
Debian Security Advisory 2550-1
Posted Sep 19, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2550-1 - Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, allowing privilege escalation in the Asterisk Manager, denial of service or privilege escalation.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2012-2186, CVE-2012-3812, CVE-2012-3863, CVE-2012-4737
MD5 | a93dd500afaa4911a3f132cb99f9fc08
Asterisk Project Security Advisory - AST-2012-012
Posted Aug 30, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - The AMI Originate action can allow a remote user to specify information that can be used to execute shell commands on the system hosting Asterisk. This can result in an unwanted escalation of permissions, as the Originate action, which requires the "originate" class authorization, can be used to perform actions that would typically require the "system" class authorization.

tags | advisory, remote, shell
advisories | CVE-2012-2186
MD5 | b23f7089de8bc593b53468fabf54bc9b
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close