CVE-2010-1224

main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
digiumasterisk
1.6.0
digiumasterisk
1.6.0.1
digiumasterisk
1.6.0.2
digiumasterisk
1.6.0.3
digiumasterisk
1.6.0.5
digiumasterisk
1.6.0.6
digiumasterisk
1.6.0.7
digiumasterisk
1.6.0.8
digiumasterisk
1.6.0.9
digiumasterisk
1.6.0.10
digiumasterisk
1.6.0.12
digiumasterisk
1.6.0.13
digiumasterisk
1.6.0.14
digiumasterisk
1.6.0.15
digiumasterisk
1.6.0.16:rc1
digiumasterisk
1.6.0.16:rc2
digiumasterisk
1.6.0.17
digiumasterisk
1.6.0.18
digiumasterisk
1.6.0.18:rc1
digiumasterisk
1.6.0.18:rc2
digiumasterisk
1.6.0.18:rc3
digiumasterisk
1.6.0.19
digiumasterisk
1.6.0.20:rc1
digiumasterisk
1.6.0.21
digiumasterisk
1.6.0.21:rc1
digiumasterisk
1.6.0.22
digiumasterisk
1.6.0.23:rc2
digiumasterisk
1.6.0.24
digiumasterisk
1.6.1
digiumasterisk
1.6.1.1
digiumasterisk
1.6.1.2
digiumasterisk
1.6.1.4
digiumasterisk
1.6.1.5
digiumasterisk
1.6.1.6
digiumasterisk
1.6.1.7:rc1
digiumasterisk
1.6.1.7:rc2
digiumasterisk
1.6.1.8
digiumasterisk
1.6.1.9
digiumasterisk
1.6.1.10
digiumasterisk
1.6.1.10:rc1
digiumasterisk
1.6.1.10:rc2
digiumasterisk
1.6.1.10:rc3
digiumasterisk
1.6.1.11
digiumasterisk
1.6.1.12
digiumasterisk
1.6.1.12:rc1
digiumasterisk
1.6.1.13
digiumasterisk
1.6.1.13:rc1
digiumasterisk
1.6.1.14
digiumasterisk
1.6.1.15:rc2
digiumasterisk
1.6.1.16
digiumasterisk
1.6.2.0
digiumasterisk
1.6.2.0:rc2
digiumasterisk
1.6.2.0:rc3
digiumasterisk
1.6.2.0:rc4
digiumasterisk
1.6.2.0:rc5
digiumasterisk
1.6.2.0:rc6
digiumasterisk
1.6.2.0:rc7
digiumasterisk
1.6.2.0:rc8
digiumasterisk
1.6.2.1
digiumasterisk
1.6.2.1:rc1
digiumasterisk
1.6.2.2
digiumasterisk
1.6.2.3:rc2
digiumasterisk
1.6.2.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
lenny
not-affected
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
not-affected
dapper
ignored
Common Weakness Enumeration
References
http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff
http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff
http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff
http://downloads.asterisk.org/pub/security/AST-2010-003.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
http://osvdb.org/62588
http://secunia.com/advisories/38752
http://secunia.com/advisories/39096
http://www.securityfocus.com/archive/1/509757/100/0/threaded
http://www.securityfocus.com/bid/38424
http://www.vupen.com/english/advisories/2010/0475
https://exchange.xforce.ibmcloud.com/vulnerabilities/56552
http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.0.diff
http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.1.diff
http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff
http://downloads.asterisk.org/pub/security/AST-2010-003.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
http://osvdb.org/62588
http://secunia.com/advisories/38752
http://secunia.com/advisories/39096
http://www.securityfocus.com/archive/1/509757/100/0/threaded
http://www.securityfocus.com/bid/38424
http://www.vupen.com/english/advisories/2010/0475
https://exchange.xforce.ibmcloud.com/vulnerabilities/56552