CVE-2012-1184

Asterisk 1.8.x < 1.8.10.1 and 10.x < 10.2.1 - Stack-Based Buffer Overflow via HTTP Digest Authentication Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1184. PoCs published by Russell Bryant.

AI-analyzed exploit summary This exploit demonstrates a stack buffer overflow in Asterisk's HTTP digest authentication handling, specifically in the ast_parse_digest() function. The PoC uses a crafted Authorization header with an excessively long string to trigger the vulnerability, potentially leading to remote code execution.

Description

Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.

Exploits (1)

exploitdb WORKING POC

by Russell Bryant · textdoslinux

https://www.exploit-db.com/exploits/18855

View Code ZIP pw:eip

This exploit demonstrates a stack buffer overflow in Asterisk's HTTP digest authentication handling, specifically in the ast_parse_digest() function. The PoC uses a crafted Authorization header with an excessively long string to trigger the vulnerability, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Asterisk 1.8

No auth needed

Prerequisites: Asterisk 1.8 with HTTP AMI enabled

MITRE ATT&CK