Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Debian: DSA-2225-1 Critical: Asterisk Remote DoS Exploit

debian
Calendar Grey April 26, 2011
Scroller Debian
A series of security flaws in Asterisk demand urgent updates to avert potential remote attacks and safeguard telecommunication networks.
Several vulnerabilities have been discovered in Asterisk, an Open Source PBX and telephony toolkit

Summary

Several vulnerabilities have been discovered in Asterisk, an Open Source
PBX and telephony toolkit.

CVE-2011-1147

Matthew Nicholson discovered that incorrect handling of UDPTL packets
may lead to denial of service of the execution of arbitrary code.

CVE-2011-1174

Blake Cornell discovered that incorrect connection handling in the
manager interface may lead to denial of service.

CVE-2011-1175

Blake Cornell and Chris May discovered that incorrect TCP connection
handling may lead to denial of service.

CVE-2011-1507

Tzafrir Cohen discovered that insufficient limitation of connection
requests in several TCP based services may lead to denial of service.
Please see http://downloads.asterisk.org/pub/security/AST-2011-005.html
for details.

CVE-2011-1599

Matthew Nicholson discovered a privilege escalation vulnerability in
the manager interface.

For the oldstable distribution (lenny), this problem has been fixed in
version 1:1.4.21.2~dfsg-3+lenny2.1.

For the stable distributi...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: asterisk
CVE ID: CVE-2011-1147 CVE-2011-1174 CVE-2011-1175 CVE-2011-1507

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.