Signature Detail

APP: Digium Asterisk Manager User Shell Command Execution

This signature detects attempts to exploit a known vulnerability against Digium Asterisk. A successful attack can lead to arbitrary script code execution within the context of the vulnerable application.

Extended Description

Asterisk is prone to a security-bypass vulnerability that affects the manager interface. An attacker can exploit this issue to bypass certain security restrictions and execute shell commands within the context of the affected application.

Affected Products

• Asterisk 10.0
• Asterisk 10.0.0
• Asterisk 10.0.1
• Asterisk 10.2.0
• Asterisk 10.2.1
• Asterisk 10.3.0
• Asterisk 1.6.2
• Asterisk 1.6.2.15.1
• Asterisk 1.6.2.16.1
• Asterisk 1.6.2.16.2
• Asterisk 1.6.2.17.1
• Asterisk 1.6.2.17.3
• Asterisk 1.6.2.18.1
• Asterisk 1.6.2.18.2
• Asterisk 1.6.2.2
• Asterisk 1.6.2.20
• Asterisk 1.6.2.21
• Asterisk 1.6.2.22
• Asterisk 1.6.2.23
• Asterisk 1.6.2.5
• Asterisk 1.8
• Asterisk 1.8.0
• Asterisk 1.8.1
• Asterisk 1.8.10.0
• Asterisk 1.8.10.1
• Asterisk 1.8.11.0
• Asterisk 1.8.1.2
• Asterisk 1.8.2.1
• Asterisk 1.8.2.4
• Asterisk 1.8.3.1
• Asterisk 1.8.3.3
• Asterisk 1.8.4.1
• Asterisk 1.8.4 2
• Asterisk 1.8.4.3
• Asterisk 1.8.4.4
• Asterisk 1.8.7.1
• Asterisk 1.8.7.2
• Asterisk 1.8.8.2
• Asterisk Asterisk Business Edition C.3.1.0
• Asterisk Asterisk Business Edition C.3.1 1
• Asterisk Asterisk Business Edition C.3.2 2
• Asterisk Asterisk Business Edition C.3.2 3
• Asterisk Asterisk Business Edition C.3.3.2
• Asterisk Asterisk Business Edition C.3.6.2
• Asterisk Asterisk Business Edition C.3.6.3
• Asterisk Asterisk Business Edition C.3.6.4
• Asterisk Asterisk Business Edition C.3.7.3
• Debian Linux 6.0 amd64
• Debian Linux 6.0 arm
• Debian Linux 6.0 ia-32
• Debian Linux 6.0 ia-64
• Debian Linux 6.0 mips
• Debian Linux 6.0 powerpc
• Debian Linux 6.0 s/390
• Debian Linux 6.0 sparc
• Gentoo Linux
• Red Hat Fedora 15
• Red Hat Fedora 16
• Red Hat Fedora 17

References

• BugTraq: 53206
• CVE: CVE-2012-2414