Digium Asterisk Business Edition C 3.6.4

CPE Details

Digium Asterisk Business Edition C 3.6.4
digium
asterisk
c.3.6.4
2011-07-07
11h13 +00:00
2012-07-03
16h48 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:digium:asterisk:c.3.6.4:-:business:*:*:*:*:*

Informations

Vendor

digium

Product

asterisk

Version

c.3.6.4

Update

-

edition

business

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2012-4737 2012-08-31 12h00 +00:00 channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.
6
CVE-2011-2535 2011-07-06 17h00 +00:00 chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame.
5
CVE-2011-2536 2011-07-06 17h00 +00:00 chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.
5