CVE-2010-1224

NameCVE-2010-1224
Descriptionmain/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs576560

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
asterisk (PTS)wheezy1:1.8.13.1~dfsg1-3+deb7u3fixed
wheezy (security)1:1.8.13.1~dfsg1-3+deb7u4fixed
jessie1:11.13.1~dfsg-2fixed
sid1:13.10.0~dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
asterisksource(unstable)1:1.6.2.6-1low576560
asterisksourcelenny(not affected)

Notes

[lenny] - asterisk <not-affected> (Vulnerable code not present)

Search for package or bug name: Reporting problems