Executive Summary

Informations
Name CVE-2012-0885 First vendor Publication 2012-01-25
Vendor Cve Last vendor Modification 2012-01-26

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0885

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 59

OpenVAS Exploits

Date Description
2012-03-12 Name : Gentoo Security Advisory GLSA 201202-06 (asterisk)
File : nvt/glsa_201202_06.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
78482 Asterisk SRTP Video Stream Negotiation Remote DoS

Nessus® Vulnerability Scanner

Date Description
2012-03-22 Name : A telephony application running on the remote host is affected by a denial of...
File : asterisk_ast_2012_001.nasl - Type : ACT_GATHER_INFO
2012-02-23 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201202-06.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff
http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff
http://downloads.asterisk.org/pub/security/AST-2012-001.html
https://bugzilla.redhat.com/show_bug.cgi?id=783487
https://issues.asterisk.org/jira/browse/ASTERISK-19202
https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_i...
MLIST http://www.openwall.com/lists/oss-security/2012/01/20/16
http://www.openwall.com/lists/oss-security/2012/01/20/18

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2021-05-04 12:19:20
  • Multiple Updates
2021-04-22 01:23:04
  • Multiple Updates
2020-05-23 00:33:02
  • Multiple Updates
2016-04-26 21:34:08
  • Multiple Updates
2014-02-17 11:08:29
  • Multiple Updates
2013-05-10 22:34:14
  • Multiple Updates