CVE-2011-1175

Current Description

tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.

Evaluator Description

Per: http://cwe.mitre.org/data/definitions/476.html'CWE-476: NULL Pointer Dereference'

Basic Data

PublishedMarch 31, 2011
Last ModifiedAugust 17, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationDigiumAsterisk1.6.1*******
    2.3ApplicationDigiumAsterisk1.6.1beta1******
    2.3ApplicationDigiumAsterisk1.6.1beta2******
    2.3ApplicationDigiumAsterisk1.6.1beta3******
    2.3ApplicationDigiumAsterisk1.6.1beta4******
    2.3ApplicationDigiumAsterisk1.6.1rc1******
    2.3ApplicationDigiumAsterisk1.6.1.0*******
    2.3ApplicationDigiumAsterisk1.6.1.0rc2******
    2.3ApplicationDigiumAsterisk1.6.1.0rc3******
    2.3ApplicationDigiumAsterisk1.6.1.0rc4******
    2.3ApplicationDigiumAsterisk1.6.1.0rc5******
    2.3ApplicationDigiumAsterisk1.6.1.1*******
    2.3ApplicationDigiumAsterisk1.6.1.2*******
    2.3ApplicationDigiumAsterisk1.6.1.3rc1******
    2.3ApplicationDigiumAsterisk1.6.1.4*******
    2.3ApplicationDigiumAsterisk1.6.1.5*******
    2.3ApplicationDigiumAsterisk1.6.1.5rc1******
    2.3ApplicationDigiumAsterisk1.6.1.6*******
    2.3ApplicationDigiumAsterisk1.6.1.7rc1******
    2.3ApplicationDigiumAsterisk1.6.1.7rc2******
    2.3ApplicationDigiumAsterisk1.6.1.8*******
    2.3ApplicationDigiumAsterisk1.6.1.9*******
    2.3ApplicationDigiumAsterisk1.6.1.10*******
    2.3ApplicationDigiumAsterisk1.6.1.10rc1******
    2.3ApplicationDigiumAsterisk1.6.1.10rc2******
    2.3ApplicationDigiumAsterisk1.6.1.10rc3******
    2.3ApplicationDigiumAsterisk1.6.1.11*******
    2.3ApplicationDigiumAsterisk1.6.1.12*******
    2.3ApplicationDigiumAsterisk1.6.1.12rc1******
    2.3ApplicationDigiumAsterisk1.6.1.13*******
    2.3ApplicationDigiumAsterisk1.6.1.13rc1******
    2.3ApplicationDigiumAsterisk1.6.1.14*******
    2.3ApplicationDigiumAsterisk1.6.1.15rc2******
    2.3ApplicationDigiumAsterisk1.6.1.16*******
    2.3ApplicationDigiumAsterisk1.6.1.17*******
    2.3ApplicationDigiumAsterisk1.6.1.18*******
    2.3ApplicationDigiumAsterisk1.6.1.18rc1******
    2.3ApplicationDigiumAsterisk1.6.1.18rc2******
    2.3ApplicationDigiumAsterisk1.6.1.19*******
    2.3ApplicationDigiumAsterisk1.6.1.19rc1******
    2.3ApplicationDigiumAsterisk1.6.1.19rc2******
    2.3ApplicationDigiumAsterisk1.6.1.19rc3******
    2.3ApplicationDigiumAsterisk1.6.1.20*******
    2.3ApplicationDigiumAsterisk1.6.1.20rc1******
    2.3ApplicationDigiumAsterisk1.6.1.20rc2******
    2.3ApplicationDigiumAsterisk1.6.1.21*******
    2.3ApplicationDigiumAsterisk1.6.1.22*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationDigiumAsterisk1.6.2.0*******
    2.3ApplicationDigiumAsterisk1.6.2.0rc2******
    2.3ApplicationDigiumAsterisk1.6.2.0rc3******
    2.3ApplicationDigiumAsterisk1.6.2.0rc4******
    2.3ApplicationDigiumAsterisk1.6.2.0rc5******
    2.3ApplicationDigiumAsterisk1.6.2.0rc6******
    2.3ApplicationDigiumAsterisk1.6.2.0rc7******
    2.3ApplicationDigiumAsterisk1.6.2.0rc8******
    2.3ApplicationDigiumAsterisk1.6.2.1*******
    2.3ApplicationDigiumAsterisk1.6.2.1rc1******
    2.3ApplicationDigiumAsterisk1.6.2.2*******
    2.3ApplicationDigiumAsterisk1.6.2.3rc2******
    2.3ApplicationDigiumAsterisk1.6.2.4*******
    2.3ApplicationDigiumAsterisk1.6.2.5*******
    2.3ApplicationDigiumAsterisk1.6.2.6*******
    2.3ApplicationDigiumAsterisk1.6.2.6rc1******
    2.3ApplicationDigiumAsterisk1.6.2.6rc2******
    2.3ApplicationDigiumAsterisk1.6.2.15rc1******
    2.3ApplicationDigiumAsterisk1.6.2.16*******
    2.3ApplicationDigiumAsterisk1.6.2.16rc1******
    2.3ApplicationDigiumAsterisk1.6.2.16.1*******
    2.3ApplicationDigiumAsterisk1.6.2.17*******
    2.3ApplicationDigiumAsterisk1.6.2.17rc1******
    2.3ApplicationDigiumAsterisk1.6.2.17rc2******
    2.3ApplicationDigiumAsterisk1.6.2.17rc3******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationDigiumAsterisk1.8.0*******
    2.3ApplicationDigiumAsterisk1.8.0beta1******
    2.3ApplicationDigiumAsterisk1.8.0beta2******
    2.3ApplicationDigiumAsterisk1.8.0beta3******
    2.3ApplicationDigiumAsterisk1.8.0beta4******
    2.3ApplicationDigiumAsterisk1.8.0beta5******
    2.3ApplicationDigiumAsterisk1.8.0rc2******
    2.3ApplicationDigiumAsterisk1.8.0rc3******
    2.3ApplicationDigiumAsterisk1.8.0rc4******
    2.3ApplicationDigiumAsterisk1.8.0rc5******
    2.3ApplicationDigiumAsterisk1.8.1*******
    2.3ApplicationDigiumAsterisk1.8.1rc1******
    2.3ApplicationDigiumAsterisk1.8.1.1*******
    2.3ApplicationDigiumAsterisk1.8.1.2*******
    2.3ApplicationDigiumAsterisk1.8.2*******
    2.3ApplicationDigiumAsterisk1.8.2.1*******
    2.3ApplicationDigiumAsterisk1.8.2.2*******
    2.3ApplicationDigiumAsterisk1.8.2.3*******
    2.3ApplicationDigiumAsterisk1.8.3*******
    2.3ApplicationDigiumAsterisk1.8.3rc1******
    2.3ApplicationDigiumAsterisk1.8.3rc2******
    2.3ApplicationDigiumAsterisk1.8.3rc3******

Vulnerable Software List

VendorProductVersions
Digium Asterisk 1.6.1, 1.6.1.0, 1.6.1.1, 1.6.1.10, 1.6.1.11, 1.6.1.12, 1.6.1.13, 1.6.1.14, 1.6.1.15, 1.6.1.16, 1.6.1.17, 1.6.1.18, 1.6.1.19, 1.6.1.2, 1.6.1.20, 1.6.1.21, 1.6.1.22, 1.6.1.3, 1.6.1.4, 1.6.1.5, 1.6.1.6, 1.6.1.7, 1.6.1.8, 1.6.1.9, 1.6.2.0, 1.6.2.1, 1.6.2.15, 1.6.2.16, 1.6.2.16.1, 1.6.2.17, 1.6.2.2, 1.6.2.3, 1.6.2.4, 1.6.2.5, 1.6.2.6, 1.8.0, 1.8.1, 1.8.1.1, 1.8.1.2, 1.8.2, 1.8.2.1, 1.8.2.2, 1.8.2.3, 1.8.3

References

NameSourceURLTags
http://downloads.asterisk.org/pub/security/AST-2011-004.htmlhttp://downloads.asterisk.org/pub/security/AST-2011-004.htmlCONFIRMPatch Vendor Advisory
FEDORA-2011-3958http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.htmlFEDORAPatch
FEDORA-2011-3945http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.htmlFEDORA
FEDORA-2011-3942http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.htmlFEDORA
[oss-security] 20110317 CVE request for Asterisk flawshttp://openwall.com/lists/oss-security/2011/03/17/5MLIST
[oss-security] 20110321 Re: CVE request for Asterisk flawshttp://openwall.com/lists/oss-security/2011/03/21/12MLISTPatch
1025224http://securitytracker.com/id?1025224SECTRACK
DSA-2225http://www.debian.org/security/2011/dsa-2225DEBIAN
46898http://www.securityfocus.com/bid/46898BID
ADV-2011-0686http://www.vupen.com/english/advisories/2011/0686VUPENVendor Advisory
ADV-2011-0790http://www.vupen.com/english/advisories/2011/0790VUPENVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=688678https://bugzilla.redhat.com/show_bug.cgi?id=688678CONFIRM
asterisk-handletcptlsconnection-dos(66140)https://exchange.xforce.ibmcloud.com/vulnerabilities/66140XF