astersik open source 1.8.7 Remote crash vulnerability

2011.10.26
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-20


CVSS Base Score: 6.8/10
Impact Subscore: 6.9/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: None
Integrity impact: None
Availability impact: Complete

Asterisk Project Security Advisory - AST-2011-012 Product Asterisk Summary Remote crash vulnerability in SIP channel driver Nature of Advisory Remote crash Susceptibility Remote authenticated sessions Severity Critical Exploits Known No Reported On October 4, 2011 Reported By Ehsan Foroughi Posted On October 17, 2011 Last Updated On October 17, 2011 Advisory Contact Terry Wilson <twilson (at) digium (dot) com [email concealed]> CVE Name CVE-2011-4063 Description A remote authenticated user can cause a crash with a malformed request due to an unitialized variable. Resolution Ensure variables are initialized in all cases when parsing the request. Affected Versions Product Release Series Asterisk Open Source 1.8.x All versions Asterisk Open Source 10.x All versions (currently in beta) Corrected In Product Release Asterisk Open Source 1.8.7.1, 10.0.0-rc1 Patches Download URL Revision http://downloads.asterisk.org/pub/security/AST-2011-012-1.8.diff 1.8 http://downloads.asterisk.org/pub/security/AST-2011-012-10.diff 10 Links Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2011-012.pdf and http://downloads.digium.com/pub/security/AST-2011-012.html Revision History Date Editor Revisions Made Asterisk Project Security Advisory - AST-2011-012 Copyright (c) 2011 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.

References:

http://www.securityfocus.com/archive/1/archive/1/520141/100/0/threaded
http://downloads.digium.com/pub/security/AST-2011-012.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top