Asterisk ast_parse_digest Function HTTP Digest Authentication String Parsing Remote Overflow (AST-2012-003)

Critical Nessus Plugin ID 58433


A telephony application running on the remote host is affected by a buffer overflow vulnerability.


According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server, or possibly inject arbitrary code by sending an arbitrarily long string value for HTTP Digest Authentication.


Upgrade to Asterisk / 10.2.1 or apply the patches listed in the Asterisk advisory.

See Also

Plugin Details

Severity: Critical

ID: 58433

File Name: asterisk_ast_2012_003.nasl

Version: $Revision: 1.14 $

Type: remote

Family: Misc.

Published: 2012/03/22

Modified: 2016/09/21

Dependencies: 63202

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:digium:asterisk

Required KB Items: asterisk/sip_detected, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/01/15

Vulnerability Publication Date: 2012/03/15

Exploitable With

Core Impact

Reference Information

CVE: CVE-2012-1184

BID: 52815

OSVDB: 80126

EDB-ID: 18855