Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1558

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2015-1558
Last Modified 09 Feb 2015 02:24:54
Published 09 Feb 2015 06:59:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2015-1558

Summary

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.

Vulnerable Systems

Application

  • Digium Asterisk 12.0.0

  • Digium Asterisk 12.1.0

  • Digium Asterisk 12.1.1

  • Digium Asterisk 12.2.0

  • Digium Asterisk 12.3.0

  • Digium Asterisk 12.3.1

  • Digium Asterisk 12.3.2

  • Digium Asterisk 12.4.0

  • Digium Asterisk 12.5.0

  • Digium Asterisk 12.6.0

  • Digium Asterisk 12.7.0

  • Digium Asterisk 12.8.0

  • Digium Asterisk 12.8.1

  • Digium Asterisk 13.0.0

  • Digium Asterisk 13.1.0

  • Digium Asterisk 13.2.0


References

SECTRACK - 1031661

BUGTRAQ - 20150128 AST-2015-001: File descriptor leak when incompatible codecs are offered

CONFIRM - http://downloads.asterisk.org/pub/security/AST-2015-001.html


Last Updated: 27 May 2016 11:07:43