Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4598

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4598
Last Modified 31 Aug 2012 11:38:27
Published 14 Dec 2011 10:57:34
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4598

Summary

The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.

Vulnerable Systems

Application

  • Digium Asterisk 1.6.2.0

  • Digium Asterisk 1.6.2.1

  • Digium Asterisk 1.6.2.15

  • Digium Asterisk 1.6.2.16

  • Digium Asterisk 1.6.2.16.1

  • Digium Asterisk 1.6.2.16.2

  • Digium Asterisk 1.6.2.17

  • Digium Asterisk 1.6.2.17.1

  • Digium Asterisk 1.6.2.17.2

  • Digium Asterisk 1.6.2.17.3

  • Digium Asterisk 1.6.2.18

  • Digium Asterisk 1.6.2.19

  • Digium Asterisk 1.6.2.2

  • Digium Asterisk 1.6.2.20

  • Digium Asterisk 1.6.2.21

  • Digium Asterisk 1.6.2.3

  • Digium Asterisk 1.6.2.4

  • Digium Asterisk 1.6.2.5

  • Digium Asterisk 1.6.2.6

  • Digium Asterisk 1.8.0

  • Digium Asterisk 1.8.1

  • Digium Asterisk 1.8.1.1

  • Digium Asterisk 1.8.1.2

  • Digium Asterisk 1.8.2

  • Digium Asterisk 1.8.2.1

  • Digium Asterisk 1.8.2.2

  • Digium Asterisk 1.8.2.3

  • Digium Asterisk 1.8.2.4

  • Digium Asterisk 1.8.3

  • Digium Asterisk 1.8.3.1

  • Digium Asterisk 1.8.3.2

  • Digium Asterisk 1.8.3.3

  • Digium Asterisk 1.8.4

  • Digium Asterisk 1.8.4.1

  • Digium Asterisk 1.8.4.2

  • Digium Asterisk 1.8.4.3

  • Digium Asterisk 1.8.4.4

  • Digium Asterisk 1.8.5

  • Digium Asterisk 1.8.5.0

  • Digium Asterisk 1.8.6.0

  • Digium Asterisk 1.8.7.0

  • Digium Asterisk 1.8.7.1


References

MLIST - [oss-security] 20111209 Re: CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014

MLIST - [oss-security] 20111209 CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014

CONFIRM - http://downloads.asterisk.org/pub/security/AST-2011-014.html

DEBIAN - DSA-2367

SECUNIA - 47273

OSVDB - 77598


Last Updated: 27 May 2016 10:57:55