CVE-2011-2216
https://notcve.org/view.php?id=CVE-2011-2216
reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header. reqresp_parser.c del driver del canal SIP en Asterisk Open Source v1.8.x antes de v1.8.4.2 no inicializa ciertas cadenas,lo que permite a atacantes remotos provocar una denegación de servicio ( desreferenciar un puntero NULL y caída de demonio ) a través de un cabecera de contacto con formato incorrecto. • http://downloads.digium.com/pub/security/AST-2011-007.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062658.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062013.html http://osvdb.org/72752 http://secunia.com/advisories/44828 http://securitytracker.com/id?1025598 http://www.securityfocus.com/archive/1/518236/100/0/threaded http://www.securityfocus.com/bid/48096 https://exchange.xforce.ibmcloud.com/vulnerabilities/67812 •
CVE-2011-1599
https://notcve.org/view.php?id=CVE-2011-1599
manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header. manager.c en la interfaz de administrador de Asterisk Open Source v1.4.x antes de v1.4.40.1, v1.6.1.x antes de v1.6.1.25, v1.6.2.x antes v1.6.2.17.3, y v1.8.x antes de v1.8.3.3 y Asterisk Business Edition Cxx antes vC.3.6.4 no comprueba correctamente el privilegio del sistema, lo que permite a usuarios remotos autenticados ejecutar código de su elección a través de una acción "Originate" que tiene un encabezado Async en relación con un encabezado Application. • http://downloads.digium.com/pub/security/AST-2011-006.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html http://openwall.com/lists/oss-security/2011/04/22/6 http://secunia.com/advisories/44197 http://secunia.com/advisories/44529 http://securitytracker.com/id?1025433 http://www.debian.org/security/2011/dsa-2225 http://www.securityfocus.com/bid/47537 http://www.vupen • CWE-20: Improper Input Validation •
CVE-2011-1507
https://notcve.org/view.php?id=CVE-2011-1507
Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections. Asterisk Open Source v1.4.x antes de v1.4.40.1, v1.6.1.x antes de v1.6.1.25, v1.6.2.x antes v1.6.2.17.3, y v1.8.x antes de v1.8.3.3 y Asterisk Business Edition Cxx antes vC.3.6 0.4 no restringen el número de sesiones no autenticadas a ciertas interfaces, que permite a atacantes remotos provocar una denegación de servicio (agotamiento de descriptor de archivo y el agotamiento de espacio en disco) a través de una serie de conexiones TCP. • http://downloads.digium.com/pub/security/AST-2011-005.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html http://secunia.com/advisories/44197 http://secunia.com/advisories/44529 http://securitytracker.com/id?1025432 http://www.debian.org/security/2011/dsa-2225 http://www.vupen.com/english/advisories/2011/1086 http://www.vupen.com/english/advisories/2011/1107 http://www& • CWE-399: Resource Management Errors •
CVE-2011-1175
https://notcve.org/view.php?id=CVE-2011-1175
tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API. tcptls.c en el servidor TCP/TLS en Asterisk Open Source v1.6.1.x anterior a v1.6.1.23, v1.6.2.x anterior a v1.6.2.17.1, y v1.8.x anterior a v1.8.3.1 permite a atacantes remotos causar una denegación de servicio (desreferencia a un puntero NUL) mediante el establecimiento de muchas sesiones TCP cortas a los servicios que utilizan una cierta API de TLS. • http://downloads.asterisk.org/pub/security/AST-2011-004.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html http://openwall.com/lists/oss-security/2011/03/17/5 http://openwall.com/lists/oss-security/2011/03/21/12 http://securitytracker.com/id?1025224 http://www.debian.org/security/2011/dsa-22 •
CVE-2011-1174
https://notcve.org/view.php?id=CVE-2011-1174
manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data. manager.c en Asterisk Open Source v1.6.1.x anterior a v1.6.1.24, v1.6.2.x anterior a v1.6.2.17.2, y v1.8.x anterior a v1.8.3.2 permite a atacantes remotos generar una denegación de servicio (agotamiento de memoria y CPU) mediante una conjunto de sesiones que comprenden datos no válidos. • http://downloads.asterisk.org/pub/security/AST-2011-003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html http://openwall.com/lists/oss-security/2011/03/17/5 http://openwall.com/lists/oss-security/2011/03/21/12 http://securitytracker.com/id?1025223 http://www.debian.org/security/2011/dsa-22 • CWE-399: Resource Management Errors •