Asterisk Shell Command Execution Security Bypass Vulnerability
BID:53206
Info
Asterisk Shell Command Execution Security Bypass Vulnerability
| Bugtraq ID: | 53206 |
| Class: | Access Validation Error |
| CVE: |
CVE-2012-2414 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 23 2012 12:00AM |
| Updated: | Apr 13 2015 09:49PM |
| Credit: | David Woolley |
| Vulnerable: |
Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Asterisk Asterisk Business Edition C.3.7.3 Asterisk Asterisk Business Edition C.3.6.4 Asterisk Asterisk Business Edition C.3.6.3 Asterisk Asterisk Business Edition C.3.6.2 Asterisk Asterisk Business Edition C.3.3.2 Asterisk Asterisk Business Edition C.3.2 3 Asterisk Asterisk Business Edition C.3.2 2 Asterisk Asterisk Business Edition C.3.1.0 Asterisk Asterisk Business Edition C.3.1 1 Asterisk Asterisk 10.0.1 Asterisk Asterisk 10.0 Asterisk Asterisk 1.8.8 2 Asterisk Asterisk 1.8.4 2 Asterisk Asterisk 1.8.4 1 Asterisk Asterisk 1.8.2 4 Asterisk Asterisk 1.8.1 Asterisk Asterisk 1.8 Asterisk Asterisk 1.6.2 16.2 Asterisk Asterisk 1.6.2 .5 Asterisk Asterisk 1.6.2 Asterisk Asterisk 10.3.0 Asterisk Asterisk 10.2.1 Asterisk Asterisk 10.2.0 Asterisk Asterisk 10.0 Asterisk Asterisk 1.8.7.2 Asterisk Asterisk 1.8.7.1 Asterisk Asterisk 1.8.4.4 Asterisk Asterisk 1.8.4.3 Asterisk Asterisk 1.8.3.3 Asterisk Asterisk 1.8.3.1 Asterisk Asterisk 1.8.2.1 Asterisk Asterisk 1.8.11.0 Asterisk Asterisk 1.8.10.1 Asterisk Asterisk 1.8.10.0 Asterisk Asterisk 1.8.1.2 Asterisk Asterisk 1.8 Asterisk Asterisk 1.6.2.23 Asterisk Asterisk 1.6.2.22 Asterisk Asterisk 1.6.2.21 Asterisk Asterisk 1.6.2.20 Asterisk Asterisk 1.6.2.2 Asterisk Asterisk 1.6.2.18.2 Asterisk Asterisk 1.6.2.18.1 Asterisk Asterisk 1.6.2.17.3 Asterisk Asterisk 1.6.2.17.1 Asterisk Asterisk 1.6.2.16.1 Asterisk Asterisk 1.6.2.15.1 |
| Not Vulnerable: |
Asterisk Asterisk Business Edition C.3.7.4 Asterisk Asterisk 10.3.1 Asterisk Asterisk 1.8.11.1 Asterisk Asterisk 1.6.2.24 |
Discussion
Asterisk Shell Command Execution Security Bypass Vulnerability
Asterisk is prone to a security-bypass vulnerability that affects the manager interface.
An attacker can exploit this issue to bypass certain security restrictions and execute shell commands within the context of the affected application.
Asterisk is prone to a security-bypass vulnerability that affects the manager interface.
An attacker can exploit this issue to bypass certain security restrictions and execute shell commands within the context of the affected application.
Exploit / POC
Asterisk Shell Command Execution Security Bypass Vulnerability
Attackers can use readily available utilities to exploit this issue.
Attackers can use readily available utilities to exploit this issue.
Solution / Fix
Asterisk Shell Command Execution Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Asterisk Shell Command Execution Security Bypass Vulnerability
References:
References:
- Asterisk Homepage (Asterisk)
- Security Vulnerability: AMI access to SHELL function only seems to need CALL Pri (David Woolley)