Bug 688675 - (CVE-2011-1174) CVE-2011-1174 asterisk: resource exhaustion in Asterisk Manager Interface (AST-2011-003)
CVE-2011-1174 asterisk: resource exhaustion in Asterisk Manager Interface (AS...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
  Show dependency treegraph
Reported: 2011-03-17 13:21 EDT by Vincent Danen
Modified: 2011-05-16 17:27 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-05-16 17:27:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2011-03-17 13:21:08 EDT
AST-2011-003 [1] describes a resrouce exhaustion flaw in the Asterisk Manager Interface.  If manger connections were rapily opened, sent invalid data, then closed, it could cause Asterisk to exhaust available CPU and memory resources.  The Manager Interface is disabled by default.  Versions 1.6.2.x and 1.8.x are affected, and and have been released to correct this flaw.

[1] http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
Comment 1 Vincent Danen 2011-03-22 00:13:48 EDT
This is assigned CVE-2011-1174.
Comment 2 Vincent Danen 2011-05-16 17:27:29 EDT
This is corrected via these builds that have the fixes from upstream:

Fedora-13: asterisk-
Fedora-14: asterisk-
Fedora-15: asterisk-
Fedora-Rawhide: asterisk-
EPEL-6: asterisk-

Note You need to log in before you can comment on or make changes to this bug.