製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の Asterisk 製品におけるサービス運用妨害 (RTP ポートの枯渇) の脆弱性

Title	複数の Asterisk 製品におけるサービス運用妨害 (RTP ポートの枯渇) の脆弱性
Summary	複数の Asterisk 製品は、SIP reINVITE リクエストへの暫定的な応答を適切に処理しないため、サービス運用妨害 (RTP ポートの枯渇) 状態となる脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、最終応答が送信されないセッションを介して、サービス運用妨害 (RTP ポートの枯渇) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 5, 2012, midnight
Registration Date	July 10, 2012, 1:42 p.m.
Last Update	Nov. 8, 2012, 5:51 p.m.

CVSS2.0 : 警告
Score	4
Vector	AV:N/AC:L/Au:S/C:N/I:N/A:P

Affected System

Digium

Asterisk Digiumphones 10.5.2-digiumphones 未満の 10.x.x-digiumphones

Asterisk Business Edition C.3.7.5 未満の C.3.x

Asterisk Open Source 1.8.13.1 未満の 1.8.x

Asterisk Open Source 10.5.2 未満の 10.x

Certified Asterisk 1.8.11-cert4 未満の 1.8.11-certx

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-3863	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3863
National Vulnerability Database (NVD)
2	CVE-2012-3863	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3863

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-399	https://jvndb.jvn.jp/ja/cwe/CWE-399.html

ベンダー情報

No	Name	URL
Asterisk Issues
1	ASTERISK-19992	https://issues.asterisk.org/jira/browse/ASTERISK-19992
Asterisk Project Security Advisory
2	AST-2012-010	http://downloads.asterisk.org/pub/security/AST-2012-010.html
Debian Security Advisory
3	DSA-2550	http://www.debian.org/security/2012/dsa-2550

Change Log

No	Changed Details	Date of change
0	[2012年07月10日] 掲載 [2012年11月08日] ベンダ情報：Debian (DSA-2550) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-3863

Summary	channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.
Publication Date	July 9, 2012, 7:20 p.m.
Registration Date	Jan. 28, 2021, 3:01 p.m.
Last Update	Nov. 21, 2024, 10:41 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:digium:asterisk_business_edition:c.3.1:::::::*
cpe:2.3:a:digium:asterisk_business_edition:c.3.3:::::::*
cpe:2.3:a:digium:asterisk_business_edition:c.3.7.4:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:digium:asterisk:1.8.3:rc3::::::
cpe:2.3:a:digium:asterisk:1.8.8.0:rc5::::::
cpe:2.3:a:digium:asterisk:1.8.11.0:::::::*
cpe:2.3:a:digium:asterisk:1.8.3:::::::*
cpe:2.3:a:digium:asterisk:1.8.2.4:::::::*
cpe:2.3:a:digium:asterisk:1.8.0:beta2::::::
cpe:2.3:a:digium:asterisk:1.8.6.0:rc3::::::
cpe:2.3:a:digium:asterisk:1.8.3:rc1::::::
cpe:2.3:a:digium:asteriske:1.8.9.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.1.2:::::::*
cpe:2.3:a:digium:asterisk:1.8.7.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.7.0:rc1::::::
cpe:2.3:a:digium:asterisk:1.8.13.0:rc1::::::
cpe:2.3:a:digium:asteriske:1.8.8.0:rc4::::::
cpe:2.3:a:digium:asterisk:1.8.4.3:::::::*
cpe:2.3:a:digium:asterisk:1.8.0:beta4::::::
cpe:2.3:a:digium:asterisk:1.8.4:rc1::::::
cpe:2.3:a:digium:asterisk:1.8.0:rc5::::::
cpe:2.3:a:digium:asterisk:1.8.9.0:::::::*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1::::::
cpe:2.3:a:digium:asterisk:1.8.9.3:::::::*
cpe:2.3:a:digium:asterisk:1.8.4.4:::::::*
cpe:2.3:a:digium:asterisk:1.8.7.0:::::::*
cpe:2.3:a:digium:asterisk:1.8.8.0:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.5.0:::::::*
cpe:2.3:a:digium:asterisk:1.8.8.0:rc1::::::
cpe:2.3:a:digium:asterisk:1.8.13.0:::::::*
cpe:2.3:a:digium:asterisk:1.8.3.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.8.0:::::::*
cpe:2.3:a:digium:asterisk:1.8.0:beta3::::::
cpe:2.3:a:digium:asterisk:1.8.8.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.0:beta5::::::
cpe:2.3:a:digium:asterisk:1.8.4:::::::*
cpe:2.3:a:digium:asterisk:1.8.9.0:rc1::::::
cpe:2.3:a:digium:asterisk:1.8.3.2:::::::*
cpe:2.3:a:digium:asterisk:1.8.0:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.7.0:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.3:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.4.2:::::::*
cpe:2.3:a:digium:asterisk:1.8.6.0:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.2.3:::::::*
cpe:2.3:a:digium:asterisk:1.8.11.0:rc3::::::
cpe:2.3:a:digium:asterisk:1.8.11.0:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.3.3:::::::*
cpe:2.3:a:digium:asterisk:1.8.4:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.2.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.1:rc1::::::
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert::::::
cpe:2.3:a:digium:asterisk:1.8.0:::::::*
cpe:2.3:a:digium:asterisk:1.8.0:rc3::::::
cpe:2.3:a:digium:asterisk:1.8.11.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.1.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.2:::::::*
cpe:2.3:a:digium:asterisk:1.8.2.2:::::::*
cpe:2.3:a:digium:asterisk:1.8.4:rc3::::::
cpe:2.3:a:digium:asterisk:1.8.9.2:::::::*
cpe:2.3:a:digium:asterisk:1.8.0:beta1::::::
cpe:2.3:a:digium:asterisk:1.8.9.0:rc3::::::
cpe:2.3:a:digium:asterisk:1.8.13.0:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.6.0:::::::*
cpe:2.3:a:digium:asterisk:1.8.0:rc4::::::
cpe:2.3:a:digium:asterisk:1.8.8.2:::::::*
cpe:2.3:a:digium:asterisk:1.8.5:rc1::::::
cpe:2.3:a:digium:asterisk:1.8.5:::::::*
cpe:2.3:a:digium:asterisk:1.8.9.0:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.4.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.8.0:rc3::::::
cpe:2.3:a:digium:asterisk:1.8.6.0:rc1::::::

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.5.1::digiumphones:::::
cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.5.0::digiumphones:::::
cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.1.0::digiumphones:::::
cpe:2.3:a:digium:asterisk:10.2.0::digiumphones:::::
cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.3.0::digiumphones:::::
cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.0.0::digiumphones:::::
cpe:2.3:a:digium:asterisk:10.4.0::digiumphones:::::
cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones:::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:digium:asterisk:10.2.1:::::::*
cpe:2.3:a:digium:asterisk:10.0.0:rc2::::::
cpe:2.3:a:digium:asterisk:10.0.1:::::::*
cpe:2.3:a:digium:asterisk:10.3.0:rc2::::::
cpe:2.3:a:digium:asterisk:10.5.0:rc1::::::
cpe:2.3:a:digium:asterisk:10.5.1:::::::*
cpe:2.3:a:digium:asterisk:10.5.0:rc2::::::
cpe:2.3:a:digium:asterisk:10.1.0:rc2::::::
cpe:2.3:a:digium:asterisk:10.5.0:::::::*
cpe:2.3:a:digium:asterisk:10.2.0:::::::*
cpe:2.3:a:digium:asterisk:10.2.0:rc3::::::
cpe:2.3:a:digium:asterisk:10.4.0:rc1::::::
cpe:2.3:a:digium:asterisk:10.4.0:::::::*
cpe:2.3:a:digium:asterisk:10.1.0:rc1::::::
cpe:2.3:a:digium:asterisk:10.0.0:rc3::::::
cpe:2.3:a:digium:asterisk:10.3.1:::::::*
cpe:2.3:a:digium:asterisk:10.1.0:::::::*
cpe:2.3:a:digium:asterisk:10.2.0:rc2::::::
cpe:2.3:a:digium:asterisk:10.2.0:rc1::::::
cpe:2.3:a:digium:asterisk:10.0.0:beta1::::::
cpe:2.3:a:digium:asterisk:10.1.1:::::::*
cpe:2.3:a:digium:asterisk:10.3.0:rc3::::::
cpe:2.3:a:digium:asterisk:10.1.3:::::::*
cpe:2.3:a:digium:asterisk:10.1.2:::::::*
cpe:2.3:a:digium:asterisk:10.4.0:rc2::::::
cpe:2.3:a:digium:asterisk:10.0.0:::::::*
cpe:2.3:a:digium:asterisk:10.3.0:::::::*
cpe:2.3:a:digium:asterisk:10.2.0:rc4::::::
cpe:2.3:a:digium:asterisk:10.4.2:::::::*
cpe:2.3:a:digium:asterisk:10.0.0:rc1::::::
cpe:2.3:a:digium:asterisk:10.4.1:::::::*
cpe:2.3:a:digium:asterisk:10.4.0:rc3::::::
cpe:2.3:a:digium:asterisk:10.0.0:beta2::::::

Configuration5	or higher	or less	more than	less than
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2::::::
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1::::::
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert::::::
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3::::::

Related information, measures and tools

No	URL	タグ
1	http://downloads.asterisk.org/pub/security/AST-2012-010.html	Patch Vendor Advisory
2	http://downloads.asterisk.org/pub/security/AST-2012-010.html	Patch Vendor Advisory
3	http://secunia.com/advisories/50687
4	http://secunia.com/advisories/50687
5	http://secunia.com/advisories/50756
6	http://secunia.com/advisories/50756
7	http://www.debian.org/security/2012/dsa-2550
8	http://www.debian.org/security/2012/dsa-2550
9	http://www.securityfocus.com/bid/54327
10	http://www.securityfocus.com/bid/54327
11	https://issues.asterisk.org/jira/browse/ASTERISK-19992
12	https://issues.asterisk.org/jira/browse/ASTERISK-19992

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:digium:asterisk:1.8.3:rc3::::::
cpe:2.3:a:digium:asterisk:1.8.8.0:rc5::::::
cpe:2.3:a:digium:asterisk:1.8.11.0:::::::*
cpe:2.3:a:digium:asterisk:1.8.3:::::::*
cpe:2.3:a:digium:asterisk:1.8.2.4:::::::*
cpe:2.3:a:digium:asterisk:1.8.0:beta2::::::
cpe:2.3:a:digium:asterisk:1.8.6.0:rc3::::::
cpe:2.3:a:digium:asterisk:1.8.3:rc1::::::
cpe:2.3:a:digium:asteriske:1.8.9.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.1.2:::::::*
cpe:2.3:a:digium:asterisk:1.8.7.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.7.0:rc1::::::
cpe:2.3:a:digium:asterisk:1.8.13.0:rc1::::::
cpe:2.3:a:digium:asteriske:1.8.8.0:rc4::::::
cpe:2.3:a:digium:asterisk:1.8.4.3:::::::*
cpe:2.3:a:digium:asterisk:1.8.0:beta4::::::
cpe:2.3:a:digium:asterisk:1.8.4:rc1::::::
cpe:2.3:a:digium:asterisk:1.8.0:rc5::::::
cpe:2.3:a:digium:asterisk:1.8.9.0:::::::*
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1::::::
cpe:2.3:a:digium:asterisk:1.8.9.3:::::::*
cpe:2.3:a:digium:asterisk:1.8.4.4:::::::*
cpe:2.3:a:digium:asterisk:1.8.7.0:::::::*
cpe:2.3:a:digium:asterisk:1.8.8.0:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.5.0:::::::*
cpe:2.3:a:digium:asterisk:1.8.8.0:rc1::::::
cpe:2.3:a:digium:asterisk:1.8.13.0:::::::*
cpe:2.3:a:digium:asterisk:1.8.3.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.8.0:::::::*
cpe:2.3:a:digium:asterisk:1.8.0:beta3::::::
cpe:2.3:a:digium:asterisk:1.8.8.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.0:beta5::::::
cpe:2.3:a:digium:asterisk:1.8.4:::::::*
cpe:2.3:a:digium:asterisk:1.8.9.0:rc1::::::
cpe:2.3:a:digium:asterisk:1.8.3.2:::::::*
cpe:2.3:a:digium:asterisk:1.8.0:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.7.0:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.3:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.4.2:::::::*
cpe:2.3:a:digium:asterisk:1.8.6.0:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.2.3:::::::*
cpe:2.3:a:digium:asterisk:1.8.11.0:rc3::::::
cpe:2.3:a:digium:asterisk:1.8.11.0:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.3.3:::::::*
cpe:2.3:a:digium:asterisk:1.8.4:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.2.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.1:rc1::::::
cpe:2.3:a:digium:certified_asterisk:1.8.11:cert::::::
cpe:2.3:a:digium:asterisk:1.8.0:::::::*
cpe:2.3:a:digium:asterisk:1.8.0:rc3::::::
cpe:2.3:a:digium:asterisk:1.8.11.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.1.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.2:::::::*
cpe:2.3:a:digium:asterisk:1.8.2.2:::::::*
cpe:2.3:a:digium:asterisk:1.8.4:rc3::::::
cpe:2.3:a:digium:asterisk:1.8.9.2:::::::*
cpe:2.3:a:digium:asterisk:1.8.0:beta1::::::
cpe:2.3:a:digium:asterisk:1.8.9.0:rc3::::::
cpe:2.3:a:digium:asterisk:1.8.13.0:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.6.0:::::::*
cpe:2.3:a:digium:asterisk:1.8.0:rc4::::::
cpe:2.3:a:digium:asterisk:1.8.8.2:::::::*
cpe:2.3:a:digium:asterisk:1.8.5:rc1::::::
cpe:2.3:a:digium:asterisk:1.8.5:::::::*
cpe:2.3:a:digium:asterisk:1.8.9.0:rc2::::::
cpe:2.3:a:digium:asterisk:1.8.4.1:::::::*
cpe:2.3:a:digium:asterisk:1.8.8.0:rc3::::::
cpe:2.3:a:digium:asterisk:1.8.6.0:rc1::::::

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.5.1::digiumphones:::::
cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.5.0::digiumphones:::::
cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.1.0::digiumphones:::::
cpe:2.3:a:digium:asterisk:10.2.0::digiumphones:::::
cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.3.0::digiumphones:::::
cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.0.0::digiumphones:::::
cpe:2.3:a:digium:asterisk:10.4.0::digiumphones:::::
cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones:::::*
cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones:::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:a:digium:asterisk:10.2.1:::::::*
cpe:2.3:a:digium:asterisk:10.0.0:rc2::::::
cpe:2.3:a:digium:asterisk:10.0.1:::::::*
cpe:2.3:a:digium:asterisk:10.3.0:rc2::::::
cpe:2.3:a:digium:asterisk:10.5.0:rc1::::::
cpe:2.3:a:digium:asterisk:10.5.1:::::::*
cpe:2.3:a:digium:asterisk:10.5.0:rc2::::::
cpe:2.3:a:digium:asterisk:10.1.0:rc2::::::
cpe:2.3:a:digium:asterisk:10.5.0:::::::*
cpe:2.3:a:digium:asterisk:10.2.0:::::::*
cpe:2.3:a:digium:asterisk:10.2.0:rc3::::::
cpe:2.3:a:digium:asterisk:10.4.0:rc1::::::
cpe:2.3:a:digium:asterisk:10.4.0:::::::*
cpe:2.3:a:digium:asterisk:10.1.0:rc1::::::
cpe:2.3:a:digium:asterisk:10.0.0:rc3::::::
cpe:2.3:a:digium:asterisk:10.3.1:::::::*
cpe:2.3:a:digium:asterisk:10.1.0:::::::*
cpe:2.3:a:digium:asterisk:10.2.0:rc2::::::
cpe:2.3:a:digium:asterisk:10.2.0:rc1::::::
cpe:2.3:a:digium:asterisk:10.0.0:beta1::::::
cpe:2.3:a:digium:asterisk:10.1.1:::::::*
cpe:2.3:a:digium:asterisk:10.3.0:rc3::::::
cpe:2.3:a:digium:asterisk:10.1.3:::::::*
cpe:2.3:a:digium:asterisk:10.1.2:::::::*
cpe:2.3:a:digium:asterisk:10.4.0:rc2::::::
cpe:2.3:a:digium:asterisk:10.0.0:::::::*
cpe:2.3:a:digium:asterisk:10.3.0:::::::*
cpe:2.3:a:digium:asterisk:10.2.0:rc4::::::
cpe:2.3:a:digium:asterisk:10.4.2:::::::*
cpe:2.3:a:digium:asterisk:10.0.0:rc1::::::
cpe:2.3:a:digium:asterisk:10.4.1:::::::*
cpe:2.3:a:digium:asterisk:10.4.0:rc3::::::
cpe:2.3:a:digium:asterisk:10.0.0:beta2::::::