发布日期:2012-09-30
更新日期:2012-09-20
受影响系统:
Asterisk Asterisk Business Edition C.3.7.4
Asterisk Asterisk Business Edition C.3.7.3
Asterisk Asterisk Business Edition C.3.6.4
Asterisk Asterisk Business Edition C.3.6.3
Asterisk Asterisk Business Edition C.3.6.2
Asterisk Asterisk Business Edition C.3.3.2
Asterisk Asterisk Business Edition C.3.2 3
Asterisk Asterisk Business Edition C.3.2 2
Asterisk Asterisk Business Edition C.3.1.0
Asterisk Asterisk Business Edition C.3.1 1
Asterisk Asterisk Business Edition
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 55335
CVE ID: CVE-2012-4737
Asterisk是一款实现电话用户交换机(PBX)功能的自由软件、开源软件。
Asterisk Open Source 1.8.15.1之前的1.8.x、10.7.1之前的10.x、Certified Asterisk 1.8.11-cert7之前的1.8.11、 Asterisk Digiumphones 10.7.1-digiumphones之前的10.x.x-digiumphones、Asterisk Business Edition C.3.7.6之前的C.3.x版本内的channels/chan_iax2.c没有在使用对等凭证时执行ACL规则,存在安全限制绕过漏洞,可允许验证过身份的远程用户通过这些凭证绕过目标呼出电话限制。
<*来源:Alan Frisch
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
