Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1147

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-1147
Last Modified 23 Aug 2011 11:16:35
Published 15 Mar 2011 01:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1147

Summary

Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.

Vulnerable Systems

Application

  • Digium Asterisk 1.4.0

  • Digium Asterisk 1.4.1

  • Digium Asterisk 1.4.10

  • Digium Asterisk 1.4.10.1

  • Digium Asterisk 1.4.11

  • Digium Asterisk 1.4.12

  • Digium Asterisk 1.4.12.1

  • Digium Asterisk 1.4.13

  • Digium Asterisk 1.4.14

  • Digium Asterisk 1.4.15

  • Digium Asterisk 1.4.16

  • Digium Asterisk 1.4.16.1

  • Digium Asterisk 1.4.16.2

  • Digium Asterisk 1.4.17

  • Digium Asterisk 1.4.18

  • Digium Asterisk 1.4.19

  • Digium Asterisk 1.4.19.1

  • Digium Asterisk 1.4.19.2

  • Digium Asterisk 1.4.2

  • Digium Asterisk 1.4.20

  • Digium Asterisk 1.4.20.1

  • Digium Asterisk 1.4.21

  • Digium Asterisk 1.4.21.1

  • Digium Asterisk 1.4.21.2

  • Digium Asterisk 1.4.22

  • Digium Asterisk 1.4.22.1

  • Digium Asterisk 1.4.22.2

  • Digium Asterisk 1.4.23

  • Digium Asterisk 1.4.23.1

  • Digium Asterisk 1.4.23.2

  • Digium Asterisk 1.4.24

  • Digium Asterisk 1.4.24.1

  • Digium Asterisk 1.4.25

  • Digium Asterisk 1.4.25.1

  • Digium Asterisk 1.4.26

  • Digium Asterisk 1.4.26.1

  • Digium Asterisk 1.4.26.2

  • Digium Asterisk 1.4.26.3

  • Digium Asterisk 1.4.27

  • Digium Asterisk 1.4.27.1

  • Digium Asterisk 1.4.28

  • Digium Asterisk 1.4.29

  • Digium Asterisk 1.4.29.1

  • Digium Asterisk 1.4.3

  • Digium Asterisk 1.4.30

  • Digium Asterisk 1.4.31

  • Digium Asterisk 1.4.32

  • Digium Asterisk 1.4.33

  • Digium Asterisk 1.4.33.1

  • Digium Asterisk 1.4.34

  • Digium Asterisk 1.4.35

  • Digium Asterisk 1.4.36

  • Digium Asterisk 1.4.37

  • Digium Asterisk 1.4.38

  • Digium Asterisk 1.4.39

  • Digium Asterisk 1.4.39.1

  • Digium Asterisk 1.6.1.0

  • Digium Asterisk 1.6.1.1

  • Digium Asterisk 1.6.1.10

  • Digium Asterisk 1.6.1.11

  • Digium Asterisk 1.6.1.12

  • Digium Asterisk 1.6.1.13

  • Digium Asterisk 1.6.1.14

  • Digium Asterisk 1.6.1.15

  • Digium Asterisk 1.6.1.16

  • Digium Asterisk 1.6.1.17

  • Digium Asterisk 1.6.1.18

  • Digium Asterisk 1.6.1.19

  • Digium Asterisk 1.6.1.2

  • Digium Asterisk 1.6.1.20

  • Digium Asterisk 1.6.1.21

  • Digium Asterisk 1.6.1.3

  • Digium Asterisk 1.6.1.4

  • Digium Asterisk 1.6.1.5

  • Digium Asterisk 1.6.1.6

  • Digium Asterisk 1.6.1.7

  • Digium Asterisk 1.6.1.8

  • Digium Asterisk 1.6.1.9

  • Digium Asterisk 1.6.2.0

  • Digium Asterisk 1.6.2.1

  • Digium Asterisk 1.6.2.15

  • Digium Asterisk 1.6.2.16

  • Digium Asterisk 1.6.2.16.1

  • Digium Asterisk 1.6.2.2

  • Digium Asterisk 1.6.2.3

  • Digium Asterisk 1.6.2.4

  • Digium Asterisk 1.6.2.5

  • Digium Asterisk 1.6.2.6

  • Digium Asterisk 1.8.0

  • Digium Asterisk 1.8.1

  • Digium Asterisk 1.8.1.1

  • Digium Asterisk 1.8.1.2

  • Digium Asterisk 1.8.2

  • Digium Asterisk 1.8.2.1

  • Digium Asterisk 1.8.2.2

  • Digium Asterisk 1.8.2.3

  • Digium Asterisk C.1.0

  • Digium Asterisk C.1.6

  • Digium Asterisk C.1.6.1

  • Digium Asterisk C.1.6.2

  • Digium Asterisk C.1.8.0

  • Digium Asterisk C.1.8.1

  • Digium Asterisk C.2.3

  • Digium Asterisk C.3.0

  • Digium Asterisk C.3.1.0

  • Digium Asterisk C.3.1.1

  • Digium Asterisk C.3.2.2

  • Digium Asterisk C.3.2.3

  • Digium Asterisk C.3.3.2

  • Digium Asterisk C.3.6.2

  • Digium Asterisknow 1.5


References

FEDORA - FEDORA-2011-2558

FEDORA - FEDORA-2011-2438

FEDORA - FEDORA-2011-2360

VUPEN - ADV-2011-0635

SECTRACK - 1025101

BID - 46474

MLIST - [oss-security] 20110311 Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code

MLIST - [oss-security] 20110311 CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code

DEBIAN - DSA-2225

SECUNIA - 43702

SECUNIA - 43429

CONFIRM - http://downloads.asterisk.org/pub/security/AST-2011-002.html


Last Updated: 27 May 2016 10:56:11