CVE-2011-1174

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.

References

http://downloads.asterisk.org/pub/security/AST-2011-003.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html

http://openwall.com/lists/oss-security/2011/03/17/5

http://openwall.com/lists/oss-security/2011/03/21/12

http://securitytracker.com/id?1025223

http://www.debian.org/security/2011/dsa-2225

http://www.securityfocus.com/bid/46897

http://www.vupen.com/english/advisories/2011/0686

http://www.vupen.com/english/advisories/2011/0790

https://bugzilla.redhat.com/show_bug.cgi?id=688675

https://exchange.xforce.ibmcloud.com/vulnerabilities/66139

Details

Source: MITRE

Published: 2011-03-31

Updated: 2017-08-17

Type: CWE-399

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1:beta1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1:beta2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1:beta3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1:beta4:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.17:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.18:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.19:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.20:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.21:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.22:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.23:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
56625GLSA-201110-21 : Asterisk: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
53558Debian DSA-2225-1 : asterisk - several vulnerabilitiesNessusDebian Local Security Checks
high
53243Fedora 13 : asterisk-1.6.2.17.2-1.fc13 (2011-3945)NessusFedora Local Security Checks
medium
53242Fedora 14 : asterisk-1.6.2.17.2-1.fc14 (2011-3942)NessusFedora Local Security Checks
medium
53200Fedora 15 : asterisk-1.8.3.2-1.fc15 (2011-3958)NessusFedora Local Security Checks
medium
5825Asterisk Multiple Denial of Service Vulnerabilities (AST-2011-003/AST-2011-004)Nessus Network MonitorGeneric
medium
52714Asterisk Multiple Denial of Service Vulnerabilities (AST-2011-003 / AST-2011-004)NessusDenial of Service
medium