Oval Definition:oval:org.mitre.oval:def:13073
Revision Date:2014-06-23Version:19
Title:DSA-2276-1 asterisk -- multiple denial of service
Description:Paul Belanger reported a vulnerability in Asterisk identified as AST-2011-008 through which an unauthenticated attacker may crash an Asterisk server remotely. A package containing a null char causes the SIP header parser to alter unrelated memory structures. Jared Mauch reported a vulnerability in Asterisk identified as AST-2011-009 through which an unauthenticated attacker may crash an Asterisk server remotely. If a user sends a package with a Contact header with a missing left angle bracket the server will crash. A possible workaround is to disable chan_sip. The vulnerability identified as AST-2011-010 reported about an input validation error in the IAX2 channel driver. An unauthenticated attacker may crash an Asterisk server remotely by sending a crafted option control frame.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2011-2529
CVE-2011-2535
DSA-2276-1
Platform(s):Debian GNU/kFreeBSD 6.0
Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Product(s):asterisk
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Installed architecture is all
  • AND asterisk DPKG is earlier than 1.4.21.2~dfsg-3+lenny3
  • OR Release section
  • Debian 6.0 is installed
  • AND GNU/Linux or GNU/kFreeBSD kernel
  • Debian GNU/Linux is installed
  • OR Debian GNU/kFreeBSD is installed
  • AND Installed architecture is all
  • AND asterisk DPKG is earlier than 1.6.2.9-2+squeeze3
    • BACK