CVE-2011-1507

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.4.x through 1.4.40.1 Asterisk Open Source versions 1.6.1.x through 1.6.1.25 Asterisk Open Source versions 1.6.2.x through 1.6.2.17.3 Asterisk Open Source versions 1.8.x through 1.8.3.3 Asterisk Business Edition C.x.x through C.3.6.4

Description The issue allows remote attackers to cause a denial of service, specifically file descriptor exhaustion and disk space exhaustion, by establishing a series of TCP connections. This is due to the lack of restriction on the number of unauthenticated sessions to certain interfaces.

Recommendations For Asterisk Open Source versions 1.4.x through 1.4.40.1, update to version 1.4.40.1 or later. For Asterisk Open Source versions 1.6.1.x through 1.6.1.25, update to version 1.6.1.25 or later. For Asterisk Open Source versions 1.6.2.x through 1.6.2.17.3, update to version 1.6.2.17.3 or later. For Asterisk Open Source versions 1.8.x through 1.8.3.3, update to version 1.8.3.3 or later. For Asterisk Business Edition C.x.x through C.3.6.4, update to version C.3.6.4 or later.