ID de Prueba:	1.3.6.1.4.1.25623.1.0.802838
Categoría:	Buffer overflow
Título:	Asterisk HTTP Manager Buffer Overflow Vulnerability
Resumen:	Asterisk is prone to a buffer overflow vulnerability.
Descripción:	Summary: Asterisk is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw is due to an error in the 'ast_parse_digest()' function (main/utils.c) in HTTP Manager, which fails to handle 'HTTP Digest Authentication' information sent via a crafted request with an overly long string. Vulnerability Impact: Successful exploitation may allow remote attackers to execute arbitrary code within the context of the application or cause a denial of service condition. Affected Software/OS: Asterisk version 1.8.x before 1.8.10.1, 10.x before 10.2.1 and 10.3.0. Solution: Upgrade to Asterisk 1.8.10.1, 10.2.1 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1184 1026813 http://www.securitytracker.com/id?1026813 48417 http://secunia.com/advisories/48417 80126 http://osvdb.org/80126 [oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws http://www.openwall.com/lists/oss-security/2012/03/16/10 [oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws http://www.openwall.com/lists/oss-security/2012/03/16/17 asterisk-astparsedigest-bo(74083) https://exchange.xforce.ibmcloud.com/vulnerabilities/74083 http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff http://downloads.asterisk.org/pub/security/AST-2012-003.pdf http://www.asterisk.org/node/51797
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.