CVE-2011-1175

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.

References

http://downloads.asterisk.org/pub/security/AST-2011-004.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html

http://openwall.com/lists/oss-security/2011/03/17/5

http://openwall.com/lists/oss-security/2011/03/21/12

http://securitytracker.com/id?1025224

http://www.debian.org/security/2011/dsa-2225

http://www.securityfocus.com/bid/46898

http://www.vupen.com/english/advisories/2011/0686

http://www.vupen.com/english/advisories/2011/0790

https://bugzilla.redhat.com/show_bug.cgi?id=688678

https://exchange.xforce.ibmcloud.com/vulnerabilities/66140

Details

Source: MITRE

Published: 2011-03-31

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1:beta1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1:beta2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1:beta3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1:beta4:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.9:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.11:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.12:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.13:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.14:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.16:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.17:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.18:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.19:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.20:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.21:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.1.22:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*

cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
56625GLSA-201110-21 : Asterisk: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
53558Debian DSA-2225-1 : asterisk - several vulnerabilitiesNessusDebian Local Security Checks
high
53243Fedora 13 : asterisk-1.6.2.17.2-1.fc13 (2011-3945)NessusFedora Local Security Checks
medium
53242Fedora 14 : asterisk-1.6.2.17.2-1.fc14 (2011-3942)NessusFedora Local Security Checks
medium
53200Fedora 15 : asterisk-1.8.3.2-1.fc15 (2011-3958)NessusFedora Local Security Checks
medium
5825Asterisk Multiple Denial of Service Vulnerabilities (AST-2011-003/AST-2011-004)Nessus Network MonitorGeneric
medium
52714Asterisk Multiple Denial of Service Vulnerabilities (AST-2011-003 / AST-2011-004)NessusDenial of Service
medium