Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27183
HistoryOct 24, 2011 - 12:00 a.m.

AST-2011-012: Remote crash vulnerability in SIP channel driver

2011-10-2400:00:00
vulners.com
4
JSON
           Asterisk Project Security Advisory - AST-2011-012

      Product         Asterisk                                            
      Summary         Remote crash vulnerability in SIP channel driver    
 Nature of Advisory   Remote crash                                        
   Susceptibility     Remote authenticated sessions                       
      Severity        Critical                                            
   Exploits Known     No                                                  
    Reported On       October 4, 2011                                     
    Reported By       Ehsan Foroughi                                      
     Posted On        October 17, 2011                                    
  Last Updated On     October 17, 2011                                    
  Advisory Contact    Terry Wilson <[email protected]>                   
      CVE Name        CVE-2011-4063                                       

Description  A remote authenticated user can cause a crash with a         
             malformed request due to an unitialized variable.            

Resolution  Ensure variables are initialized in all cases when parsing    
            the request.                                                  

                           Affected Versions
       Product         Release Series  
Asterisk Open Source       1.8.x       All versions                       
Asterisk Open Source        10.x       All versions (currently in beta)   

                              Corrected In
              Product                              Release                
        Asterisk Open Source                 1.8.7.1, 10.0.0-rc1          

                                Patches                         
                         Download URL                           Revision

http://downloads.asterisk.org/pub/security/AST-2011-012-1.8.diff 1.8
http://downloads.asterisk.org/pub/security/AST-2011-012-10.diff 10

        Links          

Asterisk Project Security Advisories are posted at                        
http://www.asterisk.org/security                                          
                                                                          
This document may be superseded by later versions; if so, the latest      
version will be posted at                                                 
http://downloads.digium.com/pub/security/AST-2011-012.pdf and             
http://downloads.digium.com/pub/security/AST-2011-012.html                

                            Revision History
       Date                 Editor                 Revisions Made         

           Asterisk Project Security Advisory - AST-2011-012
          Copyright (c) 2011 Digium, Inc. All Rights Reserved.

Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.

Related

openvas 8
nessus 5
securityvulns 1
fedora 2
prion 1
checkpoint_advisories 2
cve 1
freebsd 1
ubuntucve 1
debiancve 1
gentoo 1
openvas
openvas
FreeBSD Ports: asterisk18
2012-02-13 00:00:00
Fedora Update for asterisk FEDORA-2011-14480
2012-04-02 00:00:00
Fedora Update for asterisk FEDORA-2011-14538
2011-11-11 00:00:00
nessus
nessus
FreeBSD : asterisk -- remote crash vulnerability in SIP channel driver (a95092a6-f8f1-11e0-a7ea-00215c6a37bb)
2011-10-18 00:00:00
Fedora 16 : asterisk-1.8.7.1-1.fc16 (2011-14480)
2011-11-14 00:00:00
Asterisk SIP Channel Driver Uninitialized Variable Request Parsing DoS (AST-2011-012)
2011-11-22 00:00:00
securityvulns
securityvulns
Asterisk uninitilized memory reference
2011-10-24 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: asterisk-1.8.7.1-1.fc16
2011-11-10 17:47:36
[SECURITY] Fedora 15 Update: asterisk-1.8.7.1-1.fc15
2011-11-10 17:43:25
prion
prion
Design/Logic Flaw
2011-10-21 10:55:00
checkpoint_advisories
checkpoint_advisories
Digium Asterisk SIP Channel Driver Denial Of Service - High Confidence (CVE-2011-4063)
2013-03-18 00:00:00
Digium Asterisk SIP Channel Driver Denial Of Service (CVE-2011-4063)
2012-01-12 00:00:00
cve
cve
CVE-2011-4063
2011-10-21 10:55:00
freebsd
freebsd
asterisk -- remote crash vulnerability in SIP channel driver
2011-10-17 00:00:00
ubuntucve
ubuntucve
CVE-2011-4063
2011-10-21 00:00:00
debiancve
debiancve
CVE-2011-4063
2011-10-21 10:55:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2011-10-24 00:00:00
JSON
Related for SECURITYVULNS:DOC:27183
openvas8nessus5securityvulns1fedora2prion1checkpoint_advisories2cve1freebsd1ubuntucve1debiancve1gentoo1