Oval Definition:oval:org.mitre.oval:def:12914
Revision Date:2014-06-23Version:20
Title:DSA-2225-1 asterisk -- several
Description:Several vulnerabilities have been discovered in Asterisk, an Open Source PBX and telephony toolkit. CVE-2011-1147 Matthew Nicholson discovered that incorrect handling of UDPTL packets may lead to denial of service of the execution of arbitrary code. CVE-2011-1174 Blake Cornell discovered that incorrect connection handling in the manager interface may lead to denial of service. CVE-2011-1175 Blake Cornell and Chris May discovered that incorrect TCP connection handling may lead to denial of service. CVE-2011-1507 Tzafrir Cohen discovered that insufficient limitation of connection requests in several TCP based services may lead to denial of service. CVE-2011-1599 Matthew Nicholson discovered a privilege escalation vulnerability in the manager interface.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2011-1147
CVE-2011-1174
CVE-2011-1175
CVE-2011-1507
CVE-2011-1599
DSA-2225-1
Platform(s):Debian GNU/kFreeBSD 6.0
Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Product(s):asterisk
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Installed architecture is all
  • AND asterisk DPKG is earlier than 1:1.4.21.2~dfsg-3+lenny2.1
  • OR Release section
  • Debian 6.0 is installed
  • AND GNU/Linux or GNU/kFreeBSD kernel
  • Debian GNU/Linux is installed
  • OR Debian GNU/kFreeBSD is installed
  • AND Installed architecture is all
  • AND asterisk DPKG is earlier than 1:1.6.2.9-2+squeeze2
    • BACK