main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.
Advisories
Source ID Title
EUVD EUVD EUVD-2010-1254 main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T01:14:06.690Z

Reserved: 2010-04-01T00:00:00

Link: CVE-2010-1224

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2010-04-01T21:30:00.420

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-1224

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.