Digium.Asterisk.Management.HTTP.Digest.Auth.Buffer.Overflow
Description
This indicates an attack attempt against a Buffer Overflow vulnerability in Digium Asterisk.
The vulnerability is caused due to a bounds checking error while handling HTTP Digest Authentication headers in the ast_parse_digest() function used by the Asterisk management interface. A successful attack may allow an attacker to execute arbitrary code on the vulnerable system.
Affected Products
Red Hat Fedora 17
Red Hat Fedora 15
Gentoo Linux
Asterisk Asterisk 10.3.0
Asterisk Asterisk 10.2.0
Asterisk Asterisk 1.8.11.0
Asterisk Asterisk 1.8.10.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply updates or fixes, available from the website:
http://downloads.asterisk.org/pub/security/AST-2012-003.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-10-22 | 16.948 | Name:Asterisk. Management. HTTP. Digest. Auth. Buffer. Overflow:Digium. Asterisk. Management. HTTP. Digest. Auth. Buffer. Overflow |