Lucene search
HistoryMar 15, 2011 - 5:55 p.m.
CVE-2011-1147
cve
2011
1147
buffer overflow
asterisk open source
security vulnerability
nvd
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
Low
0.931 High
EPSS
Percentile
99.1%
Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.
Affected configurations
Node
digiumasteriskMatch1.4.0
ORdigiumasteriskMatch1.4.0beta1
ORdigiumasteriskMatch1.4.0beta2
ORdigiumasteriskMatch1.4.0beta3
ORdigiumasteriskMatch1.4.0beta4
ORdigiumasteriskMatch1.4.1
ORdigiumasteriskMatch1.4.2
ORdigiumasteriskMatch1.4.3
ORdigiumasteriskMatch1.4.10
ORdigiumasteriskMatch1.4.10.1
ORdigiumasteriskMatch1.4.11
ORdigiumasteriskMatch1.4.12
ORdigiumasteriskMatch1.4.12.1
ORdigiumasteriskMatch1.4.13
ORdigiumasteriskMatch1.4.14
ORdigiumasteriskMatch1.4.15
ORdigiumasteriskMatch1.4.16
ORdigiumasteriskMatch1.4.16.1
ORdigiumasteriskMatch1.4.16.2
ORdigiumasteriskMatch1.4.17
ORdigiumasteriskMatch1.4.18
ORdigiumasteriskMatch1.4.19
ORdigiumasteriskMatch1.4.19rc1
ORdigiumasteriskMatch1.4.19rc2
ORdigiumasteriskMatch1.4.19rc3
ORdigiumasteriskMatch1.4.19rc4
ORdigiumasteriskMatch1.4.19.1
ORdigiumasteriskMatch1.4.19.2
ORdigiumasteriskMatch1.4.20
ORdigiumasteriskMatch1.4.20rc1
ORdigiumasteriskMatch1.4.20rc2
ORdigiumasteriskMatch1.4.20rc3
ORdigiumasteriskMatch1.4.20.1
ORdigiumasteriskMatch1.4.21
ORdigiumasteriskMatch1.4.21rc1
ORdigiumasteriskMatch1.4.21rc2
ORdigiumasteriskMatch1.4.21.1
ORdigiumasteriskMatch1.4.21.2
ORdigiumasteriskMatch1.4.22
ORdigiumasteriskMatch1.4.22rc1
ORdigiumasteriskMatch1.4.22rc2
ORdigiumasteriskMatch1.4.22rc3
ORdigiumasteriskMatch1.4.22rc4
ORdigiumasteriskMatch1.4.22rc5
ORdigiumasteriskMatch1.4.22.1
ORdigiumasteriskMatch1.4.22.2
ORdigiumasteriskMatch1.4.23
ORdigiumasteriskMatch1.4.23rc1
ORdigiumasteriskMatch1.4.23rc2
ORdigiumasteriskMatch1.4.23rc3
ORdigiumasteriskMatch1.4.23rc4
ORdigiumasteriskMatch1.4.23.1
ORdigiumasteriskMatch1.4.23.2
ORdigiumasteriskMatch1.4.24
ORdigiumasteriskMatch1.4.24rc1
ORdigiumasteriskMatch1.4.24.1
ORdigiumasteriskMatch1.4.25
ORdigiumasteriskMatch1.4.25rc1
ORdigiumasteriskMatch1.4.25.1
ORdigiumasteriskMatch1.4.26
ORdigiumasteriskMatch1.4.26rc1
ORdigiumasteriskMatch1.4.26rc2
ORdigiumasteriskMatch1.4.26rc3
ORdigiumasteriskMatch1.4.26rc4
ORdigiumasteriskMatch1.4.26rc5
ORdigiumasteriskMatch1.4.26rc6
ORdigiumasteriskMatch1.4.26.1
ORdigiumasteriskMatch1.4.26.2
ORdigiumasteriskMatch1.4.26.3
ORdigiumasteriskMatch1.4.27
ORdigiumasteriskMatch1.4.27rc1
ORdigiumasteriskMatch1.4.27rc2
ORdigiumasteriskMatch1.4.27rc3
ORdigiumasteriskMatch1.4.27rc4
ORdigiumasteriskMatch1.4.27rc5
ORdigiumasteriskMatch1.4.27.1
ORdigiumasteriskMatch1.4.28
ORdigiumasteriskMatch1.4.28rc1
ORdigiumasteriskMatch1.4.29
ORdigiumasteriskMatch1.4.29rc1
ORdigiumasteriskMatch1.4.29.1
ORdigiumasteriskMatch1.4.30
ORdigiumasteriskMatch1.4.30rc2
ORdigiumasteriskMatch1.4.30rc3
ORdigiumasteriskMatch1.4.31
ORdigiumasteriskMatch1.4.31rc1
ORdigiumasteriskMatch1.4.31rc2
ORdigiumasteriskMatch1.4.32
ORdigiumasteriskMatch1.4.32rc1
ORdigiumasteriskMatch1.4.33
ORdigiumasteriskMatch1.4.33rc1
ORdigiumasteriskMatch1.4.33rc2
ORdigiumasteriskMatch1.4.33.1
ORdigiumasteriskMatch1.4.34
ORdigiumasteriskMatch1.4.34rc1
ORdigiumasteriskMatch1.4.34rc2
ORdigiumasteriskMatch1.4.35
ORdigiumasteriskMatch1.4.35rc1
ORdigiumasteriskMatch1.4.36
ORdigiumasteriskMatch1.4.36rc1
ORdigiumasteriskMatch1.4.37
ORdigiumasteriskMatch1.4.37rc1
ORdigiumasteriskMatch1.4.38
ORdigiumasteriskMatch1.4.38rc1
ORdigiumasteriskMatch1.4.39
ORdigiumasteriskMatch1.4.39rc1
ORdigiumasteriskMatch1.4.39.1
Node
digiumasteriskMatch1.6.2.0
ORdigiumasteriskMatch1.6.2.0rc2
ORdigiumasteriskMatch1.6.2.0rc3
ORdigiumasteriskMatch1.6.2.0rc4
ORdigiumasteriskMatch1.6.2.0rc5
ORdigiumasteriskMatch1.6.2.0rc6
ORdigiumasteriskMatch1.6.2.0rc7
ORdigiumasteriskMatch1.6.2.0rc8
ORdigiumasteriskMatch1.6.2.1
ORdigiumasteriskMatch1.6.2.1rc1
ORdigiumasteriskMatch1.6.2.2
ORdigiumasteriskMatch1.6.2.3rc2
ORdigiumasteriskMatch1.6.2.4
ORdigiumasteriskMatch1.6.2.5
ORdigiumasteriskMatch1.6.2.6
ORdigiumasteriskMatch1.6.2.6rc1
ORdigiumasteriskMatch1.6.2.6rc2
ORdigiumasteriskMatch1.6.2.15rc1
ORdigiumasteriskMatch1.6.2.16
ORdigiumasteriskMatch1.6.2.16rc1
ORdigiumasteriskMatch1.6.2.16.1
Node
digiumasteriskMatch1.8.0
ORdigiumasteriskMatch1.8.0beta1
ORdigiumasteriskMatch1.8.0beta2
ORdigiumasteriskMatch1.8.0beta3
ORdigiumasteriskMatch1.8.0beta4
ORdigiumasteriskMatch1.8.0beta5
ORdigiumasteriskMatch1.8.0rc2
ORdigiumasteriskMatch1.8.0rc3
ORdigiumasteriskMatch1.8.0rc4
ORdigiumasteriskMatch1.8.0rc5
ORdigiumasteriskMatch1.8.1
ORdigiumasteriskMatch1.8.1rc1
ORdigiumasteriskMatch1.8.1.1
ORdigiumasteriskMatch1.8.1.2
ORdigiumasteriskMatch1.8.2
ORdigiumasteriskMatch1.8.2.1
ORdigiumasteriskMatch1.8.2.2
ORdigiumasteriskMatch1.8.2.3
Node
digiumasteriskMatchc.1.0beta7business
ORdigiumasteriskMatchc.1.0beta8business
ORdigiumasteriskMatchc.1.6-business
ORdigiumasteriskMatchc.1.6.1-business
ORdigiumasteriskMatchc.1.6.2-business
ORdigiumasteriskMatchc.1.8.0-business
ORdigiumasteriskMatchc.1.8.1-business
ORdigiumasteriskMatchc.2.3-business
ORdigiumasteriskMatchc.3.0-business
ORdigiumasteriskMatchc.3.1.0-business
ORdigiumasteriskMatchc.3.1.1-business
ORdigiumasteriskMatchc.3.2.2-business
ORdigiumasteriskMatchc.3.2.3-business
ORdigiumasteriskMatchc.3.3.2-business
ORdigiumasteriskMatchc.3.6.2-business
Node
digiumasterisknowMatch1.5
ORdigiums800i
Node
digiumasteriskMatch1.6.1.0
ORdigiumasteriskMatch1.6.1.0rc2
ORdigiumasteriskMatch1.6.1.0rc3
ORdigiumasteriskMatch1.6.1.0rc4
ORdigiumasteriskMatch1.6.1.0rc5
ORdigiumasteriskMatch1.6.1.1
ORdigiumasteriskMatch1.6.1.2
ORdigiumasteriskMatch1.6.1.3rc1
ORdigiumasteriskMatch1.6.1.4
ORdigiumasteriskMatch1.6.1.5
ORdigiumasteriskMatch1.6.1.5rc1
ORdigiumasteriskMatch1.6.1.6
ORdigiumasteriskMatch1.6.1.7rc1
ORdigiumasteriskMatch1.6.1.7rc2
ORdigiumasteriskMatch1.6.1.8
ORdigiumasteriskMatch1.6.1.9
ORdigiumasteriskMatch1.6.1.10
ORdigiumasteriskMatch1.6.1.10rc1
ORdigiumasteriskMatch1.6.1.10rc2
ORdigiumasteriskMatch1.6.1.10rc3
ORdigiumasteriskMatch1.6.1.11
ORdigiumasteriskMatch1.6.1.12
ORdigiumasteriskMatch1.6.1.12rc1
ORdigiumasteriskMatch1.6.1.13
ORdigiumasteriskMatch1.6.1.13rc1
ORdigiumasteriskMatch1.6.1.14
ORdigiumasteriskMatch1.6.1.15rc2
ORdigiumasteriskMatch1.6.1.16
ORdigiumasteriskMatch1.6.1.17
ORdigiumasteriskMatch1.6.1.18
ORdigiumasteriskMatch1.6.1.18rc1
ORdigiumasteriskMatch1.6.1.18rc2
ORdigiumasteriskMatch1.6.1.19
ORdigiumasteriskMatch1.6.1.19rc1
ORdigiumasteriskMatch1.6.1.19rc2
ORdigiumasteriskMatch1.6.1.19rc3
ORdigiumasteriskMatch1.6.1.20
ORdigiumasteriskMatch1.6.1.20rc1
ORdigiumasteriskMatch1.6.1.20rc2
ORdigiumasteriskMatch1.6.1.21
References
downloads.asterisk.org/pub/security/AST-2011-002.html
lists.fedoraproject.org/pipermail/package-announce/2011-March/055030.html
lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html
lists.fedoraproject.org/pipermail/package-announce/2011-March/055634.html
secunia.com/advisories/43429
secunia.com/advisories/43702
www.debian.org/security/2011/dsa-2225
www.openwall.com/lists/oss-security/2011/03/11/2
www.openwall.com/lists/oss-security/2011/03/11/8
www.securityfocus.com/bid/46474
www.securitytracker.com/id?1025101
www.vupen.com/english/advisories/2011/0635
Related
openvas
openvas
FreeBSD Ports: asterisk14
2011-03-05 00:00:00
Fedora Update for asterisk FEDORA-2011-2438
2011-03-15 00:00:00
Fedora Update for asterisk FEDORA-2011-2558
2011-03-15 00:00:00
nvd
nvd
CVE-2011-1147
2011-03-15 17:55:05
nessus
nessus
Asterisk main/udptl.c Buffer Overflows (AST-2011-002)
2011-02-23 00:00:00
Fedora 15 : asterisk-1.8.3-1.fc15 (2011-2360)
2011-03-07 00:00:00
Fedora 14 : asterisk-1.6.2.17-1.fc14 (2011-2438)
2011-03-10 00:00:00
prion
prion
Heap overflow
2011-03-15 17:55:00
cvelist
cvelist
CVE-2011-1147
2011-03-15 17:00:00
ubuntucve
ubuntucve
CVE-2011-1147
2011-03-15 00:00:00
debiancve
debiancve
CVE-2011-1147
2011-03-15 17:55:05
osv
osv
asterisk - several
2011-04-25 00:00:00
debian
debian
[SECURITY] [DSA 2225-1] asterisk security update
2011-04-26 21:01:18
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2011-10-24 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
Low
0.931 High
EPSS
Percentile
99.1%
Related for CVE-2011-1147