Asterisk did not limit the number of unauthenticated connections
to vulnerable interfaces and did not limit the time unauthenticated
clients remain connected to some interfaces. A remote attacker
could open many subsequent connections to vulnerable Asterisk interfaces,
leading to file descriptor resource exhaustion or possibly to
disk space exhaustion (due Asterisk feature of logging failures
to open new file descriptors into its log file).
(against v1.4 branch)
(against v1.6.1 branch)
(against v1.6.2 branch)
(against v1.8 branch)
This issue affects the versions of asterisk package, as shipped
with Fedora release of 13 and 14.
This issue affects the version of the asterisk package, as present
within EPEL-6 repository.
Please schedule an update.
Created asterisk tracking bugs for this issue
Affects: fedora-all [bug 698918]
Affects: epel-6 [bug 698919]
This is corrected via these builds that have the fixes from upstream: