what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed

CVE-2012-2186

Status Candidate

Overview

Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.

Related Files

Gentoo Linux Security Advisory 201209-15
Posted Sep 27, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-15 - Multiple vulnerabilities have been found in Asterisk, the worst of which may allow execution of arbitrary code. Versions less than 1.8.15.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2186, CVE-2012-3812, CVE-2012-3863, CVE-2012-4737
MD5 | 31d0015aecdd99834c07c82c76028d83
Debian Security Advisory 2550-2
Posted Sep 26, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2550-2 - A regression in the SIP handling code was found in DSA-2550-1.

tags | advisory
systems | linux, debian
advisories | CVE-2012-2186, CVE-2012-3812, CVE-2012-3863, CVE-2012-4737
MD5 | 8970971ea1e6c6b2141d29b930df9fc1
Debian Security Advisory 2550-1
Posted Sep 19, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2550-1 - Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, allowing privilege escalation in the Asterisk Manager, denial of service or privilege escalation.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2012-2186, CVE-2012-3812, CVE-2012-3863, CVE-2012-4737
MD5 | a93dd500afaa4911a3f132cb99f9fc08
Asterisk Project Security Advisory - AST-2012-012
Posted Aug 30, 2012
Authored by Matt Jordan | Site asterisk.org

Asterisk Project Security Advisory - The AMI Originate action can allow a remote user to specify information that can be used to execute shell commands on the system hosting Asterisk. This can result in an unwanted escalation of permissions, as the Originate action, which requires the "originate" class authorization, can be used to perform actions that would typically require the "system" class authorization.

tags | advisory, remote, shell
advisories | CVE-2012-2186
MD5 | b23f7089de8bc593b53468fabf54bc9b
Page 1 of 1
Back1Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    8 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close