Asterisk 'externalIVR' Application Shell Command Execution Security Bypass Vulnerability

Bugtraq ID: 55351
Class: Access Validation Error
CVE: CVE-2012-2186
Remote: Yes
Local: No
Published: Aug 30 2012 12:00AM
Updated: Apr 13 2015 10:13PM
Credit: Zubair Ashraf of IBM X-Force Research
Vulnerable: Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Asterisk Certified Asterisk 1.8.11
Asterisk Asterisk Open Source 10.7
Asterisk Asterisk Open Source 1.8.3.1
Asterisk Asterisk Open Source 1.6.2.17.1
Asterisk Asterisk Open Source 1.6.1.23
Asterisk Asterisk Digiumphones 10.5.2-digiumphones
Asterisk Asterisk Digiumphones 10.5.1-digiumphones
Asterisk Asterisk Business Edition C.3.7.5
Asterisk Asterisk Business Edition C.3.7.4
Asterisk Asterisk Business Edition C.3.7.3
Asterisk Asterisk Business Edition C.3.6.4
Asterisk Asterisk Business Edition C.3.6.3
Asterisk Asterisk Business Edition C.3.6.2
Asterisk Asterisk Business Edition C.3.3.2
Asterisk Asterisk Business Edition C.3.2 3
Asterisk Asterisk Business Edition C.3.2 2
Asterisk Asterisk Business Edition C.3.1.0
Asterisk Asterisk Business Edition C.3.1 1
Not Vulnerable: Asterisk Certified Asterisk 1.8.11-cert6
Asterisk Asterisk Open Source 10.7.1
Asterisk Asterisk Open Source 1.8.15.1
Asterisk Asterisk Digiumphones 10.7.1-digiumphones
Asterisk Asterisk Business Edition C.3.7.6


 

Privacy Statement
Copyright 2010, SecurityFocus