CVE-2012-0885

{"id": "CVE-2012-0885", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-01-25T15:55:01.190", "references": [{"url": "http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://downloads.asterisk.org/pub/security/AST-2012-001.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2012/01/20/16", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2012/01/20/18", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=783487", "source": "cve@mitre.org"}, {"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19202", "source": "cve@mitre.org"}, {"url": "https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patch", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple."}, {"lang": "es", "value": "chan_sip.c en Asterisk Open Source v1.8.x antes de v1.8.8.2 y v10.x antes de v10.0.1 , cuando se usa el m\u00f3dulo res_srtp y el soporte multimedia esta incorrectamente configurado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (puntero a NULL y ca\u00edda del demonio) a trav\u00e9s de un mensaje SDP espec\u00edficamente modificado con un atributo de cifrado y (1) un v\u00eddeo o (2) el tipo de medio 'text'. Esto queda demostrado con CSipSimple."}], "lastModified": "2012-01-26T14:50:03.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACE48FBD-2560-4477-ABD2-C90729523BC1"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97F03C40-6B70-41D1-96CF-DD5F2924D0C5"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C60A84B-E0BC-491B-B6E6-76E658BB91EC"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "035B04BC-C132-4CF6-9FE4-561A4104F392"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37612FE6-C8B7-4925-81F5-ADB82A8F101E"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92181940-ED5C-442C-82BA-4F0F233FB11B"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67CE3E94-341F-4D0C-937E-39B119925C9A"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C721635-2801-40E8-B5FE-734054D718D3"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93F81ACF-615F-4EF5-BD73-74F4010B43D8"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D773468A-4C2D-4B88-BAB6-C2D892A304C4"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "815F7045-FC6D-4D57-A7AE-F63B0FC67251"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56BAE9D7-7A67-40D0-B864-66E76EBA5A84"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B82FFB08-0FCD-4839-95F4-97C09EB7E921"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10C54588-265A-4955-8C73-38ADB664EF0D"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2D84681-F861-49BE-832F-20EBAD3B60C0"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2313F843-0F74-4FC9-92A2-1F721BB4C490"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23E24161-31DB-4739-B16D-B0BDF5151307"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E28DAA35-FBC2-4C87-BC1F-396A0FE86C5C"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F5E4B4F-49B7-41CB-803B-47A0081C3112"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27D37142-F88C-42DE-A0FD-B17AB7981963"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1A5BD7C-3491-456A-A333-481977280F5F"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7AFBC1D-7357-4A20-BF9D-C5B58155DAAC"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C85B74B6-EA5C-43C1-98C4-B09C41D9D8CF"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12711E11-F6CF-4A61-83FD-AD3748D7C47B"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86E83CDF-E3B5-48A8-B526-67A1618B97AA"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9C8B329-AC4C-46E5-BAC3-B2B72C16A453"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A81245B-0276-4D51-A3B4-9CC7233C9A44"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DC30C27-32BD-42A9-814E-123BD18F416B"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "676BA331-833E-4C8B-A523-2116752567B5"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F211C14-8E50-4FB7-82EA-FE6975290DE1"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0698EDFB-D156-4572-9008-0243FA6FD2FC"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16350161-9CF1-4AD3-954C-598D249CF962"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AC55C54-7AD7-49BE-A050-DC6878391208"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B208EBB-0387-4223-A196-CE142E6B908B"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "095BF874-0E0B-4F8F-8A11-ED096DD3A824"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4067E71D-93A8-4B56-AE4A-FCB6E31577E6"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D301553-EF77-4494-A893-FDC12E6A8C16"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35362678-3960-40E0-BB94-4642F09DDB4F"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "779DEAC5-CBC7-4844-9A2E-97AEB49704EB"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63889FD0-714B-4E02-8F34-00E4857A544A"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A15B538D-DC9D-46B4-A455-341E8A2831E4"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FE32479-5D98-443F-8FA9-F6281726BDF9"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78841A3E-7D56-4737-9815-E1144FD0A44A"}, {"criteria": "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6CE8D88-E407-4E9F-8418-E95C16A55358"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF"}, {"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52BDDAC0-5CEE-4054-8930-EAF25FE528FD"}, {"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49"}, {"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12BCF63F-DA77-48A1-861D-F6E710E3CA16"}, {"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14"}, {"criteria": "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66666CD2-8921-4641-AD72-21F4386DC731"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}