Your submission was sent successfully! Close

CVE-2012-2947

Published: 2 June 2012

chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.

Priority

Low

Status

Package Release Status
asterisk
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1:1.8.13.1~dfsg-1ubuntu1)
hardy Ignored
(reached end-of-life)
lucid Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Does not exist
(precise was needed)
quantal Not vulnerable
(1:1.8.13.1~dfsg-1ubuntu1)
raring Not vulnerable
(1:1.8.13.1~dfsg-1ubuntu1)
saucy Not vulnerable
(1:1.8.13.1~dfsg-1ubuntu1)
trusty Does not exist
(trusty was not-affected [1:1.8.13.1~dfsg-1ubuntu1])
upstream
Released (1.8.12.1)
utopic Not vulnerable
(1:1.8.13.1~dfsg-1ubuntu1)
vivid Does not exist

wily Not vulnerable
(1:1.8.13.1~dfsg-1ubuntu1)
xenial Not vulnerable
(1:1.8.13.1~dfsg-1ubuntu1)
yakkety Not vulnerable
(1:1.8.13.1~dfsg-1ubuntu1)
zesty Not vulnerable
(1:1.8.13.1~dfsg-1ubuntu1)

Notes

AuthorNote
tyhicks
The default Ubuntu configuration should not be vulnerable since a
suggested music class is present.

References

Bugs