Bug 688675 (CVE-2011-1174) - CVE-2011-1174 asterisk: resource exhaustion in Asterisk Manager Interface (AST-2011-003)
Summary: CVE-2011-1174 asterisk: resource exhaustion in Asterisk Manager Interface (AS...
Alias: CVE-2011-1174
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2011-03-17 17:21 UTC by Vincent Danen
Modified: 2019-09-29 12:43 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-05-16 21:27:29 UTC

Attachments (Terms of Use)

Description Vincent Danen 2011-03-17 17:21:08 UTC
AST-2011-003 [1] describes a resrouce exhaustion flaw in the Asterisk Manager Interface.  If manger connections were rapily opened, sent invalid data, then closed, it could cause Asterisk to exhaust available CPU and memory resources.  The Manager Interface is disabled by default.  Versions 1.6.2.x and 1.8.x are affected, and and have been released to correct this flaw.

[1] http://downloads.asterisk.org/pub/security/AST-2011-003.pdf

Comment 1 Vincent Danen 2011-03-22 04:13:48 UTC
This is assigned CVE-2011-1174.

Comment 2 Vincent Danen 2011-05-16 21:27:29 UTC
This is corrected via these builds that have the fixes from upstream:

Fedora-13: asterisk-
Fedora-14: asterisk-
Fedora-15: asterisk-
Fedora-Rawhide: asterisk-
EPEL-6: asterisk-

Note You need to log in before you can comment on or make changes to this bug.