PT-2011-3174 · Digium · Asterisk Business Edition+1
Publicado
2011-04-27
·
Atualizado
2011-09-07
·
CVE-2011-1507
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Asterisk Open Source versions 1.4.x through 1.4.40.1
Asterisk Open Source versions 1.6.1.x through 1.6.1.25
Asterisk Open Source versions 1.6.2.x through 1.6.2.17.3
Asterisk Open Source versions 1.8.x through 1.8.3.3
Asterisk Business Edition C.x.x through C.3.6.4
Description
The issue allows remote attackers to cause a denial of service, specifically file descriptor exhaustion and disk space exhaustion, by establishing a series of TCP connections. This is due to the lack of restriction on the number of unauthenticated sessions to certain interfaces.
Recommendations
For Asterisk Open Source versions 1.4.x through 1.4.40.1, update to version 1.4.40.1 or later.
For Asterisk Open Source versions 1.6.1.x through 1.6.1.25, update to version 1.6.1.25 or later.
For Asterisk Open Source versions 1.6.2.x through 1.6.2.17.3, update to version 1.6.2.17.3 or later.
For Asterisk Open Source versions 1.8.x through 1.8.3.3, update to version 1.8.3.3 or later.
For Asterisk Business Edition C.x.x through C.3.6.4, update to version C.3.6.4 or later.
Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Asterisk Business Edition
Asterisk Open Source