PT-2014-4606 · Digium · Asterisk
Corey Farrell
+1
·
Publicado
2014-04-15
·
Atualizado
2014-04-21
·
CVE-2014-2287
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Asterisk Open Source versions 1.8.x through 1.8.25, 11.8.x through 11.8.0, and 12.1.x through 12.1.0
Asterisk Open Source version 1.8.26.0
Certified Asterisk versions 1.8.15 through 1.8.15-cert4
Certified Asterisk versions 11.6 through 11.6-cert1
Description
The issue allows remote authenticated users to cause a denial of service via an INVITE request with a
Session-Expires or Min-SE header containing a malformed or invalid value. This can lead to channel and file descriptor consumption.Recommendations
For Asterisk Open Source versions 1.8.x through 1.8.25, update to version 1.8.26.1 or later.
For Asterisk Open Source versions 11.8.x through 11.8.0, update to version 11.8.1 or later.
For Asterisk Open Source versions 12.1.x through 12.1.0, update to version 12.1.1 or later.
For Certified Asterisk versions 1.8.15 through 1.8.15-cert4, update to version 1.8.15-cert5 or later.
For Certified Asterisk versions 11.6 through 11.6-cert1, update to version 11.6-cert2 or later.
Correção
DoS
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Asterisk