Bug 688675 (CVE-2011-1174) - CVE-2011-1174 asterisk: resource exhaustion in Asterisk Manager Interface (AST-2011-003)
Summary: CVE-2011-1174 asterisk: resource exhaustion in Asterisk Manager Interface (AS...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-1174
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-17 17:21 UTC by Vincent Danen
Modified: 2019-09-29 12:43 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-05-16 21:27:29 UTC

Attachments (Terms of Use)

Description Vincent Danen 2011-03-17 17:21:08 UTC 
AST-2011-003 [1] describes a resrouce exhaustion flaw in the Asterisk Manager Interface.  If manger connections were rapily opened, sent invalid data, then closed, it could cause Asterisk to exhaust available CPU and memory resources.  The Manager Interface is disabled by default.  Versions 1.6.2.x and 1.8.x are affected, and 1.6.2.17.1 and 1.8.3.1 have been released to correct this flaw.

[1] http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
Comment 1 Vincent Danen 2011-03-22 04:13:48 UTC 
This is assigned CVE-2011-1174.
Comment 2 Vincent Danen 2011-05-16 21:27:29 UTC 
This is corrected via these builds that have the fixes from upstream:

Fedora-13: asterisk-1.6.2.18-1.fc13
Fedora-14: asterisk-1.6.2.18-1.fc14
Fedora-15: asterisk-1.8.3.3-1.fc15
Fedora-Rawhide: asterisk-1.8.3.3-1.fc16
EPEL-6: asterisk-1.8.3.3-1.el6
Note You need to log in before you can comment on or make changes to this bug.