Vulnerability Name:

CVE-2012-2948 (CCN-75937)

Assigned:2012-05-29
Published:2012-05-29
Updated:2017-08-29
Summary:chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: BUGTRAQ
Type: UNKNOWN
20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability

Source: MITRE
Type: CNA
CVE-2012-2948

Source: CCN
Type: AST-2012-008
Skinny Channel Driver Remote Crash Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://downloads.asterisk.org/pub/security/AST-2012-008.html

Source: CCN
Type: SA49303
Asterisk Two Denial of Service Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
49303

Source: DEBIAN
Type: UNKNOWN
DSA-2493

Source: DEBIAN
Type: DSA-2493
asterisk -- denial of service

Source: CCN
Type: OSVDB ID: 82451
Asterisk channels/chan_skinny.c SCCP (Skinny) Channel Driver Client Connection Termination Handling Remote DoS

Source: BID
Type: UNKNOWN
53723

Source: CCN
Type: BID-53723
Asterisk SCCP Skinny Channel Driver Denial Of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1027103

Source: XF
Type: UNKNOWN
asterisk-scd-dos(75937)

Source: XF
Type: UNKNOWN
asterisk-scd-dos(75937)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:asterisk:certified_asterisk:1.8.11:cert:*:*:*:*:*:*
  • OR cpe:/a:asterisk:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:*:*:*:*:*:*:*:* (Version <= 1.8.12.0)
  • OR cpe:/a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.3:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:*:*:*:*:*:*:*:* (Version <= 10.4.0)
  • OR cpe:/a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:digium:asterisk:1.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:18445
    P
    		DSA-2493-1 asterisk - denial of service
    2014-06-23
    oval:com.ubuntu.precise:def:20122948000
    V
    		CVE-2012-2948 on Ubuntu 12.04 LTS (precise) - medium.
    2012-06-02
    oval:com.ubuntu.xenial:def:201229480000000
    V
    		CVE-2012-2948 on Ubuntu 16.04 LTS (xenial) - medium.
    2012-06-02
    oval:com.ubuntu.trusty:def:20122948000
    V
    		CVE-2012-2948 on Ubuntu 14.04 LTS (trusty) - medium.
    2012-06-02
    oval:com.ubuntu.xenial:def:20122948000
    V
    		CVE-2012-2948 on Ubuntu 16.04 LTS (xenial) - medium.
    2012-06-02
    BACK
    asterisk certified asterisk 1.8.11 cert
    asterisk certified asterisk 1.8.11 cert1
    asterisk open source 1.8.0
    asterisk open source 1.8.0 beta1
    asterisk open source 1.8.0 beta2
    asterisk open source 1.8.0 beta3
    asterisk open source 1.8.0 beta4
    asterisk open source 1.8.0 beta5
    asterisk open source 1.8.0 rc1
    asterisk open source 1.8.0 rc2
    asterisk open source 1.8.0 rc3
    asterisk open source 1.8.0 rc4
    asterisk open source 1.8.0 rc5
    asterisk open source 1.8.1
    asterisk open source 1.8.1 rc1
    asterisk open source 1.8.2
    asterisk open source 1.8.2 rc1
    asterisk open source 1.8.3 rc1
    asterisk open source 1.8.5 rc1
    asterisk open source 1.8.5.0
    asterisk open source 1.8.6.0
    asterisk open source 1.8.6.0 rc1
    asterisk open source 1.8.6.0 rc2
    asterisk open source 1.8.6.0 rc3
    asterisk open source 1.8.7.0
    asterisk open source 1.8.7.0 rc1
    asterisk open source 1.8.7.0 rc2
    asterisk open source 1.8.8.0
    asterisk open source 1.8.8.0 rc1
    asterisk open source 1.8.8.0 rc2
    asterisk open source 1.8.8.0 rc3
    asterisk open source 1.8.8.0 rc4
    asterisk open source 1.8.8.0 rc5
    asterisk open source 1.8.9.0
    asterisk open source 1.8.9.0 rc1
    asterisk open source 1.8.9.0 rc2
    asterisk open source 1.8.9.0 rc3
    asterisk open source 1.8.10.0
    asterisk open source 1.8.10.0 rc1
    asterisk open source 1.8.10.0 rc2
    asterisk open source 1.8.10.0 rc3
    asterisk open source 1.8.10.0 rc4
    asterisk open source 1.8.11.0
    asterisk open source 1.8.11.0 rc2
    asterisk open source 1.8.11.0 rc3
    asterisk open source 1.8.12
    asterisk open source *
    asterisk open source 1.8.12.0 rc1
    asterisk open source 1.8.12.0 rc2
    asterisk open source 1.8.12.0 rc3
    asterisk open source 10.0.0
    asterisk open source 10.0.0 beta1
    asterisk open source 10.0.0 beta2
    asterisk open source 10.0.0 rc1
    asterisk open source 10.0.0 rc2
    asterisk open source 10.0.0 rc3
    asterisk open source 10.1.0
    asterisk open source 10.1.0 rc1
    asterisk open source 10.1.0 rc2
    asterisk open source 10.2.0
    asterisk open source 10.2.0 rc1
    asterisk open source 10.2.0 rc2
    asterisk open source 10.2.0 rc3
    asterisk open source 10.2.0 rc4
    asterisk open source 10.3
    asterisk open source 10.3.0
    asterisk open source 10.3.0 rc2
    asterisk open source 10.3.0 rc3
    asterisk open source *
    asterisk open source 10.4.0 rc1
    asterisk open source 10.4.0 rc2
    asterisk open source 10.4.0 rc3
    digium asterisk 1.8.0
    digium asterisk 10.0.0