Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-1224

main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.

Related bugs and status

CVE-2010-1224 (Candidate) is related to these bugs:

Bug #597792: Please merge asterisk 1:1.6.2.7-1 (universe) from debian unstable (main)

Summary				In	Importance	Status
	597792	Please merge asterisk 1:1.6.2.7-1 (universe) from debian unstable (main)		asterisk (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://downloads.aster...
CONFIRM: http://downloads.aster...
CONFIRM: http://downloads.aster...
CONFIRM: http://downloads.aster...
BID: 38424
OSVDB: 62588
SECUNIA: 38752
VUPEN: ADV-2010-0475
FEDORA: FEDORA-2010-3724
SECUNIA: 39096
XF: asterisk-cidr-security...
BUGTRAQ: 20100225 AST-2010-003:...