Vulnerability Name:

CVE-2017-17090

Assigned:2017-12-01
Published:2017-11-30
Updated:2017-12-07
Summary:An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.
CVSS v3 Severity:7.5 High (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:
References:Source: CONFIRM
Type: UNKNOWN
http://downloads.digium.com/pub/security/AST-2017-013.html

Source: BID
Type: UNKNOWN
102023

Source: XF
Type: UNKNOWN
asterisk-cve201717090-dos(135849)

Source: CONFIRM
Type: UNKNOWN
https://issues.asterisk.org/jira/browse/ASTERISK-27452

Oval Definitions
Definition IDClassTitleLast Modified
oval:com.ubuntu.xenial:def:201717090000
V
CVE-2017-17090 on Ubuntu 16.04 LTS (xenial) - untriaged.
2017-12-01
oval:com.ubuntu.trusty:def:201717090000
V
CVE-2017-17090 on Ubuntu 14.04 LTS (trusty) - untriaged.
2017-12-01
BACK