Signature Detail

HTTP: Digium Asterisk Management Interface HTTP Digest Authentication Stack Buffer Overflow

This signature detects attempts to exploit a known vulnerability in the Digium Asterisk Management Interface. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Extended Description

Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.

Affected Products

• Digium asterisk 10.0.0
• Digium asterisk 10.0.1
• Digium asterisk 10.1.0
• Digium asterisk 10.1.1
• Digium asterisk 10.1.2
• Digium asterisk 10.1.3
• Digium asterisk 10.2.0
• Digium asterisk 1.8.0
• Digium asterisk 1.8.10.0
• Digium asterisk 1.8.1.1
• Digium asterisk 1.8.1.2
• Digium asterisk 1.8.2
• Digium asterisk 1.8.2.1
• Digium asterisk 1.8.2.2
• Digium asterisk 1.8.2.3
• Digium asterisk 1.8.2.4
• Digium asterisk 1.8.3
• Digium asterisk 1.8.3.1
• Digium asterisk 1.8.3.2
• Digium asterisk 1.8.3.3
• Digium asterisk 1.8.4
• Digium asterisk 1.8.4.1
• Digium asterisk 1.8.4.2
• Digium asterisk 1.8.4.3
• Digium asterisk 1.8.4.4
• Digium asterisk 1.8.5
• Digium asterisk 1.8.5.0
• Digium asterisk 1.8.6.0
• Digium asterisk 1.8.7.0
• Digium asterisk 1.8.7.1
• Digium asterisk 1.8.8.0
• Digium asterisk 1.8.8.1
• Digium asterisk 1.8.8.2
• Digium asterisk 1.8.9.0
• Digium asterisk 1.8.9.1
• Digium asterisk 1.8.9.2
• Digium asterisk 1.8.9.3

References

• CVE: CVE-2012-1184