|
|
Log in / Subscribe / Register

asterisk: multiple vulnerabilities

Package(s):asterisk CVE #(s):CVE-2011-1174 CVE-2011-1175
Created:March 31, 2011 Updated:April 27, 2011
Description:

From the Red Hat Bugzilla [1, 2]:

CVE-2011-1174: If manger connections were rapily opened, sent invalid data, then closed, it could cause Asterisk to exhaust available CPU and memory resources. The Manager Interface is disabled by default. Versions 1.6.2.x and 1.8.x are affected, and 1.6.2.17.1 and 1.8.3.1 have been released to correct this flaw.

CVE-2011-1175: If a remote, unauthenticated, attacker were to rapidly open and close TCP connections to services using the ast_tcptls_* API, they could cause Asterisk to crash after dereferencing a NULL pointer. This flaw affects 1.6.2.x and 1.8.x, and is corrected in 1.6.2.17.1 and 1.8.3.1.

Alerts:
Gentoo 201110-21 asterisk 2011-10-24
Fedora FEDORA-2011-3942 asterisk 2011-03-23
Fedora FEDORA-2011-3945 asterisk 2011-03-23
Debian DSA-2225-1 asterisk 2011-04-25
to post comments

asterisk: multiple vulnerabilities

Posted Apr 7, 2011 10:36 UTC (Thu) by job (guest, #670) [Link]

Is Asterisk the Sendmail of our time?

I mean, I'm a happy user and all, but almost all versions over the last few years has had pretty nasty bugs at some time. You really don't want it reachable over the Internet, which is kind of a letdown for something called "the future of telephony".


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds