CVE-2012-0885
Summary
| CVE | CVE-2012-0885 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-01-25 15:55:00 UTC |
| Updated | 2012-01-26 14:50:00 UTC |
| Description | chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Asterisk | Open Source | 1.8.0 | All | All | All |
| Application | Asterisk | Open Source | 1.8.0 | beta1 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | beta2 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | beta3 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | beta4 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | beta5 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | rc2 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | rc3 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | rc4 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | rc5 | All | All |
| Application | Asterisk | Open Source | 1.8.1 | All | All | All |
| Application | Asterisk | Open Source | 1.8.1 | rc1 | All | All |
| Application | Asterisk | Open Source | 1.8.1.1 | All | All | All |
| Application | Asterisk | Open Source | 1.8.1.2 | All | All | All |
| Application | Asterisk | Open Source | 1.8.2 | All | All | All |
| Application | Asterisk | Open Source | 1.8.2 | rc1 | All | All |
| Application | Asterisk | Open Source | 1.8.2.1 | All | All | All |
| Application | Asterisk | Open Source | 1.8.2.2 | All | All | All |
| Application | Asterisk | Open Source | 1.8.2.3 | All | All | All |
| Application | Asterisk | Open Source | 1.8.2.4 | All | All | All |
| Application | Asterisk | Open Source | 1.8.3 | All | All | All |
| Application | Asterisk | Open Source | 1.8.3 | rc1 | All | All |
| Application | Asterisk | Open Source | 1.8.3 | rc2 | All | All |
| Application | Asterisk | Open Source | 1.8.3 | rc3 | All | All |
| Application | Asterisk | Open Source | 1.8.3.1 | All | All | All |
| Application | Asterisk | Open Source | 1.8.3.2 | All | All | All |
| Application | Asterisk | Open Source | 1.8.3.3 | All | All | All |
| Application | Asterisk | Open Source | 1.8.4 | All | All | All |
| Application | Asterisk | Open Source | 1.8.4 | rc1 | All | All |
| Application | Asterisk | Open Source | 1.8.4 | rc2 | All | All |
| Application | Asterisk | Open Source | 1.8.4 | rc3 | All | All |
| Application | Asterisk | Open Source | 1.8.4.1 | All | All | All |
| Application | Asterisk | Open Source | 1.8.4.2 | All | All | All |
| Application | Asterisk | Open Source | 1.8.4.3 | All | All | All |
| Application | Asterisk | Open Source | 1.8.4.4 | All | All | All |
| Application | Asterisk | Open Source | 1.8.5 | rc1 | All | All |
| Application | Asterisk | Open Source | 1.8.5.0 | All | All | All |
| Application | Asterisk | Open Source | 1.8.6.0 | All | All | All |
| Application | Asterisk | Open Source | 1.8.6.0 | rc1 | All | All |
| Application | Asterisk | Open Source | 1.8.6.0 | rc2 | All | All |
| Application | Asterisk | Open Source | 1.8.6.0 | rc3 | All | All |
| Application | Asterisk | Open Source | 1.8.7.0 | All | All | All |
| Application | Asterisk | Open Source | 1.8.7.0 | rc1 | All | All |
| Application | Asterisk | Open Source | 1.8.7.0 | rc2 | All | All |
| Application | Asterisk | Open Source | 1.8.7.1 | All | All | All |
| Application | Asterisk | Open Source | 1.8.7.2 | All | All | All |
| Application | Asterisk | Open Source | 1.8.8.0 | All | All | All |
| Application | Asterisk | Open Source | 1.8.8.0 | rc1 | All | All |
| Application | Asterisk | Open Source | 1.8.8.0 | rc2 | All | All |
| Application | Asterisk | Open Source | 1.8.8.0 | rc3 | All | All |
| Application | Asterisk | Open Source | 1.8.8.0 | rc4 | All | All |
| Application | Asterisk | Open Source | 1.8.8.0 | rc5 | All | All |
| Application | Asterisk | Open Source | 1.8.8.1 | All | All | All |
| Application | Asterisk | Open Source | 10.0.0 | All | All | All |
| Application | Asterisk | Open Source | 10.0.0 | beta1 | All | All |
| Application | Asterisk | Open Source | 10.0.0 | beta2 | All | All |
| Application | Asterisk | Open Source | 10.0.0 | rc1 | All | All |
| Application | Asterisk | Open Source | 10.0.0 | rc2 | All | All |
| Application | Asterisk | Open Source | 10.0.0 | rc3 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | All | All | All |
| Application | Asterisk | Open Source | 1.8.0 | beta1 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | beta2 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | beta3 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | beta4 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | beta5 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | rc2 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | rc3 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | rc4 | All | All |
| Application | Asterisk | Open Source | 1.8.0 | rc5 | All | All |
| Application | Asterisk | Open Source | 1.8.1 | All | All | All |
| Application | Asterisk | Open Source | 1.8.1 | rc1 | All | All |
| Application | Asterisk | Open Source | 1.8.1.1 | All | All | All |
| Application | Asterisk | Open Source | 1.8.1.2 | All | All | All |
| Application | Asterisk | Open Source | 1.8.2 | All | All | All |
| Application | Asterisk | Open Source | 1.8.2 | rc1 | All | All |
| Application | Asterisk | Open Source | 1.8.2.1 | All | All | All |
| Application | Asterisk | Open Source | 1.8.2.2 | All | All | All |
| Application | Asterisk | Open Source | 1.8.2.3 | All | All | All |
| Application | Asterisk | Open Source | 1.8.2.4 | All | All | All |
| Application | Asterisk | Open Source | 1.8.3 | All | All | All |
| Application | Asterisk | Open Source | 1.8.3 | rc1 | All | All |
| Application | Asterisk | Open Source | 1.8.3 | rc2 | All | All |
| Application | Asterisk | Open Source | 1.8.3 | rc3 | All | All |
| Application | Asterisk | Open Source | 1.8.3.1 | All | All | All |
| Application | Asterisk | Open Source | 1.8.3.2 | All | All | All |
| Application | Asterisk | Open Source | 1.8.3.3 | All | All | All |
| Application | Asterisk | Open Source | 1.8.4 | All | All | All |
| Application | Asterisk | Open Source | 1.8.4 | rc1 | All | All |
| Application | Asterisk | Open Source | 1.8.4 | rc2 | All | All |
| Application | Asterisk | Open Source | 1.8.4 | rc3 | All | All |
| Application | Asterisk | Open Source | 1.8.4.1 | All | All | All |
| Application | Asterisk | Open Source | 1.8.4.2 | All | All | All |
| Application | Asterisk | Open Source | 1.8.4.3 | All | All | All |
| Application | Asterisk | Open Source | 1.8.4.4 | All | All | All |
| Application | Asterisk | Open Source | 1.8.5 | rc1 | All | All |
| Application | Asterisk | Open Source | 1.8.5.0 | All | All | All |
| Application | Asterisk | Open Source | 1.8.6.0 | All | All | All |
| Application | Asterisk | Open Source | 1.8.6.0 | rc1 | All | All |
| Application | Asterisk | Open Source | 1.8.6.0 | rc2 | All | All |
| Application | Asterisk | Open Source | 1.8.6.0 | rc3 | All | All |
| Application | Asterisk | Open Source | 1.8.7.0 | All | All | All |
| Application | Asterisk | Open Source | 1.8.7.0 | rc1 | All | All |
| Application | Asterisk | Open Source | 1.8.7.0 | rc2 | All | All |
| Application | Asterisk | Open Source | 1.8.7.1 | All | All | All |
| Application | Asterisk | Open Source | 1.8.7.2 | All | All | All |
| Application | Asterisk | Open Source | 1.8.8.0 | All | All | All |
| Application | Asterisk | Open Source | 1.8.8.0 | rc1 | All | All |
| Application | Asterisk | Open Source | 1.8.8.0 | rc2 | All | All |
| Application | Asterisk | Open Source | 1.8.8.0 | rc3 | All | All |
| Application | Asterisk | Open Source | 1.8.8.0 | rc4 | All | All |
| Application | Asterisk | Open Source | 1.8.8.0 | rc5 | All | All |
| Application | Asterisk | Open Source | 1.8.8.1 | All | All | All |
| Application | Asterisk | Open Source | 10.0.0 | All | All | All |
| Application | Asterisk | Open Source | 10.0.0 | beta1 | All | All |
| Application | Asterisk | Open Source | 10.0.0 | beta2 | All | All |
| Application | Asterisk | Open Source | 10.0.0 | rc1 | All | All |
| Application | Asterisk | Open Source | 10.0.0 | rc2 | All | All |
| Application | Asterisk | Open Source | 10.0.0 | rc3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP | MLIST | www.openwall.com | |
| downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff | CONFIRM | downloads.asterisk.org | Patch |
| 783487 – (AST-2012-001, CVE-2012-0885) CVE-2012-0885 asterisk: Remote DoS while processing crypto line for media stream with non-existing RTP | CONFIRM | bugzilla.redhat.com | |
| downloads.asterisk.org/pub/security/AST-2012-001-10.diff | CONFIRM | downloads.asterisk.org | Patch |
| issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_t... | CONFIRM | issues.asterisk.org | Exploit |
| AST-2012-001 | CONFIRM | downloads.asterisk.org | Vendor Advisory |
| [ASTERISK-19202] CSipSimple (trunk) crushes Asterisk 1.8.8.1 (openSuse) - Digium/Asterisk JIRA | CONFIRM | issues.asterisk.org | |
| oss-security - Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP | MLIST | www.openwall.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.