CVE-2011-1174

Current Description

manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.

Basic Data

PublishedMarch 31, 2011
Last ModifiedAugust 17, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-399
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationDigiumAsterisk1.6.1*******
    2.3ApplicationDigiumAsterisk1.6.1beta1******
    2.3ApplicationDigiumAsterisk1.6.1beta2******
    2.3ApplicationDigiumAsterisk1.6.1beta3******
    2.3ApplicationDigiumAsterisk1.6.1beta4******
    2.3ApplicationDigiumAsterisk1.6.1rc1******
    2.3ApplicationDigiumAsterisk1.6.1.0*******
    2.3ApplicationDigiumAsterisk1.6.1.0rc2******
    2.3ApplicationDigiumAsterisk1.6.1.0rc3******
    2.3ApplicationDigiumAsterisk1.6.1.0rc4******
    2.3ApplicationDigiumAsterisk1.6.1.0rc5******
    2.3ApplicationDigiumAsterisk1.6.1.1*******
    2.3ApplicationDigiumAsterisk1.6.1.2*******
    2.3ApplicationDigiumAsterisk1.6.1.3rc1******
    2.3ApplicationDigiumAsterisk1.6.1.4*******
    2.3ApplicationDigiumAsterisk1.6.1.5*******
    2.3ApplicationDigiumAsterisk1.6.1.5rc1******
    2.3ApplicationDigiumAsterisk1.6.1.6*******
    2.3ApplicationDigiumAsterisk1.6.1.7rc1******
    2.3ApplicationDigiumAsterisk1.6.1.7rc2******
    2.3ApplicationDigiumAsterisk1.6.1.8*******
    2.3ApplicationDigiumAsterisk1.6.1.9*******
    2.3ApplicationDigiumAsterisk1.6.1.10*******
    2.3ApplicationDigiumAsterisk1.6.1.10rc1******
    2.3ApplicationDigiumAsterisk1.6.1.10rc2******
    2.3ApplicationDigiumAsterisk1.6.1.10rc3******
    2.3ApplicationDigiumAsterisk1.6.1.11*******
    2.3ApplicationDigiumAsterisk1.6.1.12*******
    2.3ApplicationDigiumAsterisk1.6.1.12rc1******
    2.3ApplicationDigiumAsterisk1.6.1.13*******
    2.3ApplicationDigiumAsterisk1.6.1.13rc1******
    2.3ApplicationDigiumAsterisk1.6.1.14*******
    2.3ApplicationDigiumAsterisk1.6.1.15rc2******
    2.3ApplicationDigiumAsterisk1.6.1.16*******
    2.3ApplicationDigiumAsterisk1.6.1.17*******
    2.3ApplicationDigiumAsterisk1.6.1.18*******
    2.3ApplicationDigiumAsterisk1.6.1.18rc1******
    2.3ApplicationDigiumAsterisk1.6.1.18rc2******
    2.3ApplicationDigiumAsterisk1.6.1.19*******
    2.3ApplicationDigiumAsterisk1.6.1.19rc1******
    2.3ApplicationDigiumAsterisk1.6.1.19rc2******
    2.3ApplicationDigiumAsterisk1.6.1.19rc3******
    2.3ApplicationDigiumAsterisk1.6.1.20*******
    2.3ApplicationDigiumAsterisk1.6.1.20rc1******
    2.3ApplicationDigiumAsterisk1.6.1.20rc2******
    2.3ApplicationDigiumAsterisk1.6.1.21*******
    2.3ApplicationDigiumAsterisk1.6.1.22*******
    2.3ApplicationDigiumAsterisk1.6.1.23*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationDigiumAsterisk1.6.2.0*******
    2.3ApplicationDigiumAsterisk1.6.2.0rc2******
    2.3ApplicationDigiumAsterisk1.6.2.0rc3******
    2.3ApplicationDigiumAsterisk1.6.2.0rc4******
    2.3ApplicationDigiumAsterisk1.6.2.0rc5******
    2.3ApplicationDigiumAsterisk1.6.2.0rc6******
    2.3ApplicationDigiumAsterisk1.6.2.0rc7******
    2.3ApplicationDigiumAsterisk1.6.2.0rc8******
    2.3ApplicationDigiumAsterisk1.6.2.1*******
    2.3ApplicationDigiumAsterisk1.6.2.1rc1******
    2.3ApplicationDigiumAsterisk1.6.2.2*******
    2.3ApplicationDigiumAsterisk1.6.2.3rc2******
    2.3ApplicationDigiumAsterisk1.6.2.4*******
    2.3ApplicationDigiumAsterisk1.6.2.5*******
    2.3ApplicationDigiumAsterisk1.6.2.6*******
    2.3ApplicationDigiumAsterisk1.6.2.6rc1******
    2.3ApplicationDigiumAsterisk1.6.2.6rc2******
    2.3ApplicationDigiumAsterisk1.6.2.15rc1******
    2.3ApplicationDigiumAsterisk1.6.2.16*******
    2.3ApplicationDigiumAsterisk1.6.2.16rc1******
    2.3ApplicationDigiumAsterisk1.6.2.16.1*******
    2.3ApplicationDigiumAsterisk1.6.2.17*******
    2.3ApplicationDigiumAsterisk1.6.2.17rc1******
    2.3ApplicationDigiumAsterisk1.6.2.17rc2******
    2.3ApplicationDigiumAsterisk1.6.2.17rc3******
    2.3ApplicationDigiumAsterisk1.6.2.17.1*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationDigiumAsterisk1.8.0*******
    2.3ApplicationDigiumAsterisk1.8.0beta1******
    2.3ApplicationDigiumAsterisk1.8.0beta2******
    2.3ApplicationDigiumAsterisk1.8.0beta3******
    2.3ApplicationDigiumAsterisk1.8.0beta4******
    2.3ApplicationDigiumAsterisk1.8.0beta5******
    2.3ApplicationDigiumAsterisk1.8.0rc2******
    2.3ApplicationDigiumAsterisk1.8.0rc3******
    2.3ApplicationDigiumAsterisk1.8.0rc4******
    2.3ApplicationDigiumAsterisk1.8.0rc5******
    2.3ApplicationDigiumAsterisk1.8.1*******
    2.3ApplicationDigiumAsterisk1.8.1rc1******
    2.3ApplicationDigiumAsterisk1.8.1.1*******
    2.3ApplicationDigiumAsterisk1.8.1.2*******
    2.3ApplicationDigiumAsterisk1.8.2*******
    2.3ApplicationDigiumAsterisk1.8.2.1*******
    2.3ApplicationDigiumAsterisk1.8.2.2*******
    2.3ApplicationDigiumAsterisk1.8.2.3*******
    2.3ApplicationDigiumAsterisk1.8.3*******
    2.3ApplicationDigiumAsterisk1.8.3rc1******
    2.3ApplicationDigiumAsterisk1.8.3rc2******
    2.3ApplicationDigiumAsterisk1.8.3rc3******
    2.3ApplicationDigiumAsterisk1.8.3.1*******

Vulnerable Software List

VendorProductVersions
Digium Asterisk 1.6.1, 1.6.1.0, 1.6.1.1, 1.6.1.10, 1.6.1.11, 1.6.1.12, 1.6.1.13, 1.6.1.14, 1.6.1.15, 1.6.1.16, 1.6.1.17, 1.6.1.18, 1.6.1.19, 1.6.1.2, 1.6.1.20, 1.6.1.21, 1.6.1.22, 1.6.1.23, 1.6.1.3, 1.6.1.4, 1.6.1.5, 1.6.1.6, 1.6.1.7, 1.6.1.8, 1.6.1.9, 1.6.2.0, 1.6.2.1, 1.6.2.15, 1.6.2.16, 1.6.2.16.1, 1.6.2.17, 1.6.2.17.1, 1.6.2.2, 1.6.2.3, 1.6.2.4, 1.6.2.5, 1.6.2.6, 1.8.0, 1.8.1, 1.8.1.1, 1.8.1.2, 1.8.2, 1.8.2.1, 1.8.2.2, 1.8.2.3, 1.8.3, 1.8.3.1

References

NameSourceURLTags
http://downloads.asterisk.org/pub/security/AST-2011-003.htmlhttp://downloads.asterisk.org/pub/security/AST-2011-003.htmlCONFIRMVendor Advisory
FEDORA-2011-3958http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.htmlFEDORA
FEDORA-2011-3945http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.htmlFEDORA
FEDORA-2011-3942http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.htmlFEDORA
[oss-security] 20110317 CVE request for Asterisk flawshttp://openwall.com/lists/oss-security/2011/03/17/5MLIST
[oss-security] 20110321 Re: CVE request for Asterisk flawshttp://openwall.com/lists/oss-security/2011/03/21/12MLIST
1025223http://securitytracker.com/id?1025223SECTRACK
DSA-2225http://www.debian.org/security/2011/dsa-2225DEBIAN
46897http://www.securityfocus.com/bid/46897BID
ADV-2011-0686http://www.vupen.com/english/advisories/2011/0686VUPENVendor Advisory
ADV-2011-0790http://www.vupen.com/english/advisories/2011/0790VUPENVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=688675https://bugzilla.redhat.com/show_bug.cgi?id=688675CONFIRM
asterisk-writes-dos(66139)https://exchange.xforce.ibmcloud.com/vulnerabilities/66139XF