Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1599

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2011-1599
Last Modified 06 Sep 2011 11:16:16
Published 26 Apr 2011 08:55:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-1599

Summary

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.

Vulnerable Systems

Application

  • Digium Asterisk 1.4.0

  • Digium Asterisk 1.4.1

  • Digium Asterisk 1.4.10

  • Digium Asterisk 1.4.10.1

  • Digium Asterisk 1.4.11

  • Digium Asterisk 1.4.12

  • Digium Asterisk 1.4.12.1

  • Digium Asterisk 1.4.13

  • Digium Asterisk 1.4.14

  • Digium Asterisk 1.4.15

  • Digium Asterisk 1.4.16

  • Digium Asterisk 1.4.16.1

  • Digium Asterisk 1.4.16.2

  • Digium Asterisk 1.4.17

  • Digium Asterisk 1.4.18

  • Digium Asterisk 1.4.19

  • Digium Asterisk 1.4.19.1

  • Digium Asterisk 1.4.19.2

  • Digium Asterisk 1.4.2

  • Digium Asterisk 1.4.20

  • Digium Asterisk 1.4.20.1

  • Digium Asterisk 1.4.21

  • Digium Asterisk 1.4.21.1

  • Digium Asterisk 1.4.21.2

  • Digium Asterisk 1.4.22

  • Digium Asterisk 1.4.22.1

  • Digium Asterisk 1.4.22.2

  • Digium Asterisk 1.4.23

  • Digium Asterisk 1.4.23.1

  • Digium Asterisk 1.4.23.2

  • Digium Asterisk 1.4.24

  • Digium Asterisk 1.4.24.1

  • Digium Asterisk 1.4.25

  • Digium Asterisk 1.4.25.1

  • Digium Asterisk 1.4.26

  • Digium Asterisk 1.4.26.1

  • Digium Asterisk 1.4.26.2

  • Digium Asterisk 1.4.26.3

  • Digium Asterisk 1.4.27

  • Digium Asterisk 1.4.27.1

  • Digium Asterisk 1.4.28

  • Digium Asterisk 1.4.29

  • Digium Asterisk 1.4.29.1

  • Digium Asterisk 1.4.3

  • Digium Asterisk 1.4.30

  • Digium Asterisk 1.4.31

  • Digium Asterisk 1.4.32

  • Digium Asterisk 1.4.33

  • Digium Asterisk 1.4.33.1

  • Digium Asterisk 1.4.34

  • Digium Asterisk 1.4.35

  • Digium Asterisk 1.4.36

  • Digium Asterisk 1.4.37

  • Digium Asterisk 1.4.38

  • Digium Asterisk 1.4.39

  • Digium Asterisk 1.4.39.1

  • Digium Asterisk 1.4.39.2

  • Digium Asterisk 1.4.40

  • Digium Asterisk 1.6.1.0

  • Digium Asterisk 1.6.1.1

  • Digium Asterisk 1.6.1.10

  • Digium Asterisk 1.6.1.11

  • Digium Asterisk 1.6.1.12

  • Digium Asterisk 1.6.1.13

  • Digium Asterisk 1.6.1.14

  • Digium Asterisk 1.6.1.15

  • Digium Asterisk 1.6.1.16

  • Digium Asterisk 1.6.1.17

  • Digium Asterisk 1.6.1.18

  • Digium Asterisk 1.6.1.19

  • Digium Asterisk 1.6.1.2

  • Digium Asterisk 1.6.1.20

  • Digium Asterisk 1.6.1.21

  • Digium Asterisk 1.6.1.22

  • Digium Asterisk 1.6.1.23

  • Digium Asterisk 1.6.1.24

  • Digium Asterisk 1.6.1.3

  • Digium Asterisk 1.6.1.4

  • Digium Asterisk 1.6.1.5

  • Digium Asterisk 1.6.1.6

  • Digium Asterisk 1.6.1.7

  • Digium Asterisk 1.6.1.8

  • Digium Asterisk 1.6.1.9

  • Digium Asterisk 1.6.2.0

  • Digium Asterisk 1.6.2.1

  • Digium Asterisk 1.6.2.15

  • Digium Asterisk 1.6.2.16

  • Digium Asterisk 1.6.2.16.1

  • Digium Asterisk 1.6.2.16.2

  • Digium Asterisk 1.6.2.17

  • Digium Asterisk 1.6.2.17.1

  • Digium Asterisk 1.6.2.17.2

  • Digium Asterisk 1.6.2.2

  • Digium Asterisk 1.6.2.3

  • Digium Asterisk 1.6.2.4

  • Digium Asterisk 1.6.2.5

  • Digium Asterisk 1.6.2.6

  • Digium Asterisk 1.8.0

  • Digium Asterisk 1.8.1

  • Digium Asterisk 1.8.1.1

  • Digium Asterisk 1.8.1.2

  • Digium Asterisk 1.8.2

  • Digium Asterisk 1.8.2.1

  • Digium Asterisk 1.8.2.2

  • Digium Asterisk 1.8.2.3

  • Digium Asterisk 1.8.2.4

  • Digium Asterisk 1.8.3

  • Digium Asterisk 1.8.3.1

  • Digium Asterisk 1.8.3.2

  • Digium Asterisk C.1.0

  • Digium Asterisk C.1.6

  • Digium Asterisk C.1.6.1

  • Digium Asterisk C.1.6.2

  • Digium Asterisk C.1.8.0

  • Digium Asterisk C.1.8.1

  • Digium Asterisk C.2.3

  • Digium Asterisk C.3.0

  • Digium Asterisk C.3.1.0

  • Digium Asterisk C.3.1.1

  • Digium Asterisk C.3.2.2

  • Digium Asterisk C.3.2.3

  • Digium Asterisk C.3.3.2

  • Digium Asterisk C.3.6.2


References

VUPEN - ADV-2011-1188

VUPEN - ADV-2011-1107

VUPEN - ADV-2011-1086

BID - 47537

DEBIAN - DSA-2225

SECTRACK - 1025433

SECUNIA - 44529

SECUNIA - 44197

MLIST - [oss-security] 20110422 Re: CVE Request -- Asterisk Security Vulnerability

FEDORA - FEDORA-2011-6208

FEDORA - FEDORA-2011-5835

CONFIRM - http://downloads.digium.com/pub/security/AST-2011-006.html


Last Updated: 27 May 2016 10:56:23