Bug 688675 - (CVE-2011-1174) CVE-2011-1174 asterisk: resource exhaustion in Asterisk Manager Interface (AST-2011-003)
CVE-2011-1174 asterisk: resource exhaustion in Asterisk Manager Interface (AS...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20110316,reported=20110317,sou...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-03-17 13:21 EDT by Vincent Danen
Modified: 2011-05-16 17:27 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-05-16 17:27:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2011-03-17 13:21:08 EDT
AST-2011-003 [1] describes a resrouce exhaustion flaw in the Asterisk Manager Interface.  If manger connections were rapily opened, sent invalid data, then closed, it could cause Asterisk to exhaust available CPU and memory resources.  The Manager Interface is disabled by default.  Versions 1.6.2.x and 1.8.x are affected, and 1.6.2.17.1 and 1.8.3.1 have been released to correct this flaw.

[1] http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
Comment 1 Vincent Danen 2011-03-22 00:13:48 EDT
This is assigned CVE-2011-1174.
Comment 2 Vincent Danen 2011-05-16 17:27:29 EDT
This is corrected via these builds that have the fixes from upstream:

Fedora-13: asterisk-1.6.2.18-1.fc13
Fedora-14: asterisk-1.6.2.18-1.fc14
Fedora-15: asterisk-1.8.3.3-1.fc15
Fedora-Rawhide: asterisk-1.8.3.3-1.fc16
EPEL-6: asterisk-1.8.3.3-1.el6

Note You need to log in before you can comment on or make changes to this bug.