Vulnerability Name:

CVE-2012-2947 (CCN-75936)

Assigned:2012-05-29
Published:2012-05-29
Updated:2017-11-13
Summary:chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-284
Vulnerability Consequences:Denial of Service
References:Source: BUGTRAQ
Type: Broken Link
20120529 AST-2012-007: Remote crash vulnerability in IAX2 channel driver.

Source: MITRE
Type: CNA
CVE-2012-2947

Source: CCN
Type: AST-2012-007
Remote crash vulnerability in IAX2 channel driver

Source: CONFIRM
Type: Vendor Advisory
http://downloads.asterisk.org/pub/security/AST-2012-007.html

Source: CCN
Type: SA49303
Asterisk Two Denial of Service Vulnerabilities

Source: SECUNIA
Type: Not Applicable
49303

Source: DEBIAN
Type: Third Party Advisory
DSA-2493

Source: DEBIAN
Type: DSA-2493
asterisk -- denial of service

Source: CCN
Type: OSVDB ID: 82450
Asterisk channels/chan_sip.c handle_request_update() Function IAX2 Channel Driver Call Hold Feature Remote DoS

Source: CCN
Type: BID-53722
Asterisk IAX2 Channel Driver Denial Of Service Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1027102

Source: XF
Type: UNKNOWN
asterisk-iax2driver-dos(75936)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:debian:debian_linux:6.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:digium:asterisk:1.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.3:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.4:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.5:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.12:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:digium:asterisk:10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*
  • OR cpe:/a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:digium:asterisk:1.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:18445
    P
    		DSA-2493-1 asterisk - denial of service
    2014-06-23
    oval:com.ubuntu.precise:def:20122947000
    V
    		CVE-2012-2947 on Ubuntu 12.04 LTS (precise) - low.
    2012-06-02
    oval:com.ubuntu.xenial:def:201229470000000
    V
    		CVE-2012-2947 on Ubuntu 16.04 LTS (xenial) - low.
    2012-06-02
    oval:com.ubuntu.trusty:def:20122947000
    V
    		CVE-2012-2947 on Ubuntu 14.04 LTS (trusty) - low.
    2012-06-02
    oval:com.ubuntu.xenial:def:20122947000
    V
    		CVE-2012-2947 on Ubuntu 16.04 LTS (xenial) - low.
    2012-06-02
    BACK
    debian debian linux 6.0
    digium asterisk 1.8.0
    digium asterisk 1.8.0 beta1
    digium asterisk 1.8.0 beta2
    digium asterisk 1.8.0 beta3
    digium asterisk 1.8.0 beta4
    digium asterisk 1.8.0 beta5
    digium asterisk 1.8.0 rc2
    digium asterisk 1.8.0 rc3
    digium asterisk 1.8.0 rc4
    digium asterisk 1.8.0 rc5
    digium asterisk 1.8.1
    digium asterisk 1.8.1 rc1
    digium asterisk 1.8.1.1
    digium asterisk 1.8.1.2
    digium asterisk 1.8.2
    digium asterisk 1.8.2.1
    digium asterisk 1.8.2.2
    digium asterisk 1.8.2.3
    digium asterisk 1.8.2.4
    digium asterisk 1.8.3
    digium asterisk 1.8.3 rc1
    digium asterisk 1.8.3 rc2
    digium asterisk 1.8.3 rc3
    digium asterisk 1.8.3.1
    digium asterisk 1.8.3.2
    digium asterisk 1.8.3.3
    digium asterisk 1.8.4
    digium asterisk 1.8.4 rc1
    digium asterisk 1.8.4 rc2
    digium asterisk 1.8.4 rc3
    digium asterisk 1.8.4.1
    digium asterisk 1.8.4.2
    digium asterisk 1.8.4.3
    digium asterisk 1.8.4.4
    digium asterisk 1.8.5
    digium asterisk 1.8.5 rc1
    digium asterisk 1.8.5.0
    digium asterisk 1.8.6.0
    digium asterisk 1.8.6.0 rc1
    digium asterisk 1.8.6.0 rc2
    digium asterisk 1.8.6.0 rc3
    digium asterisk 1.8.7.0
    digium asterisk 1.8.7.0 rc1
    digium asterisk 1.8.7.0 rc2
    digium asterisk 1.8.7.1
    digium asterisk 1.8.8.0
    digium asterisk 1.8.8.0 rc1
    digium asterisk 1.8.8.0 rc2
    digium asterisk 1.8.8.0 rc3
    digium asterisk 1.8.8.0 rc4
    digium asterisk 1.8.8.0 rc5
    digium asterisk 1.8.8.1
    digium asterisk 1.8.8.2
    digium asterisk 1.8.9.0
    digium asterisk 1.8.9.0 rc1
    digium asterisk 1.8.9.0 rc2
    digium asterisk 1.8.9.0 rc3
    digium asterisk 1.8.9.1
    digium asterisk 1.8.9.2
    digium asterisk 1.8.9.3
    digium asterisk 1.8.10.0
    digium asterisk 1.8.10.0 rc1
    digium asterisk 1.8.10.0 rc2
    digium asterisk 1.8.10.0 rc3
    digium asterisk 1.8.10.0 rc4
    digium asterisk 1.8.10.1
    digium asterisk 1.8.11.0
    digium asterisk 1.8.11.0 rc2
    digium asterisk 1.8.11.0 rc3
    digium asterisk 1.8.11.1
    digium asterisk 1.8.12
    digium asterisk 1.8.12.0
    digium asterisk 1.8.12.0 rc1
    digium asterisk 1.8.12.0 rc2
    digium asterisk 1.8.12.0 rc3
    digium asterisk 10.0.0
    digium asterisk 10.0.0 beta1
    digium asterisk 10.0.0 beta2
    digium asterisk 10.0.0 rc1
    digium asterisk 10.0.0 rc2
    digium asterisk 10.0.0 rc3
    digium asterisk 10.0.1
    digium asterisk 10.1.0
    digium asterisk 10.1.0 rc1
    digium asterisk 10.1.0 rc2
    digium asterisk 10.1.1
    digium asterisk 10.1.2
    digium asterisk 10.1.3
    digium asterisk 10.2.0
    digium asterisk 10.2.0 rc1
    digium asterisk 10.2.0 rc2
    digium asterisk 10.2.0 rc3
    digium asterisk 10.2.0 rc4
    digium asterisk 10.2.1
    digium asterisk 10.3.0
    digium asterisk 10.3.0 rc2
    digium asterisk 10.3.0 rc3
    digium asterisk 10.3.1
    digium asterisk 10.4.0
    digium asterisk 10.4.0 rc1
    digium asterisk 10.4.0 rc2
    digium asterisk 10.4.0 rc3
    digium certified asterisk 1.8.11 cert
    digium certified asterisk 1.8.11 cert1
    digium asterisk 1.8.0
    digium asterisk 10.0.0