Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-2225-1 asterisk -- several vulnerabilities

Related Vulnerabilities: CVE-2011-1147   CVE-2011-1174   CVE-2011-1175   CVE-2011-1507   CVE-2011-1599  

Several vulnerabilities have been discovered in Asterisk, an Open Source PBX and telephony toolkit. CVE-2011-1147 Matthew Nicholson discovered that incorrect handling of UDPTL packets may lead to denial of service or the execution of arbitrary code. CVE-2011-1174 Blake Cornell discovered that incorrect connection handling in the manager interface may lead to denial of service. CVE-2011-1175 Blake Cornell and Chris May discovered that incorrect TCP connection handling may lead to denial of service. CVE-2011-1507 Tzafrir Cohen discovered that insufficient limitation of connection requests in several TCP based services may lead to denial of service. Please see AST-2011-005 for details. CVE-2011-1599 Matthew Nicholson discovered a privilege escalation vulnerability in the manager interface. For the oldstable distribution (lenny), this problem has been fixed in version 1:1.4.21.2~dfsg-3+lenny2.1. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6.2.9-2+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 1:1.8.3.3-1. We recommend that you upgrade your asterisk packages.

Source

Debian Security Advisory

DSA-2225-1 asterisk -- several vulnerabilities

Date Reported:
25 Apr 2011
Affected Packages:
asterisk
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2011-1147, CVE-2011-1174, CVE-2011-1175, CVE-2011-1507, CVE-2011-1599.
More information:

Several vulnerabilities have been discovered in Asterisk, an Open Source PBX and telephony toolkit.

  • CVE-2011-1147

    Matthew Nicholson discovered that incorrect handling of UDPTL packets may lead to denial of service or the execution of arbitrary code.

  • CVE-2011-1174

    Blake Cornell discovered that incorrect connection handling in the manager interface may lead to denial of service.

  • CVE-2011-1175

    Blake Cornell and Chris May discovered that incorrect TCP connection handling may lead to denial of service.

  • CVE-2011-1507

    Tzafrir Cohen discovered that insufficient limitation of connection requests in several TCP based services may lead to denial of service. Please see AST-2011-005 for details.

  • CVE-2011-1599

    Matthew Nicholson discovered a privilege escalation vulnerability in the manager interface.

For the oldstable distribution (lenny), this problem has been fixed in version 1:1.4.21.2~dfsg-3+lenny2.1.

For the stable distribution (squeeze), this problem has been fixed in version 1:1.6.2.9-2+squeeze2.

For the unstable distribution (sid), this problem has been fixed in version 1:1.8.3.3-1.

We recommend that you upgrade your asterisk packages.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started