FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-2948

This CVE name corresponds to:

Entered Topic
2012-05-29 asterisk -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-2948
Phase Assigned(20120529)

Description

chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.

References

Source Reference
BUGTRAQ 20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability
CONFIRM http://downloads.asterisk.org/pub/security/AST-2012-008.html
DEBIAN DSA-2493
BID 53723
SECTRACK 1027103
SECUNIA 49303
XF asterisk-scd-dos(75937)