Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD3C7D565A-6C64-11E0-813A-6C626DD55A41
HistoryApr 21, 2011 - 12:00 a.m.

Asterisk -- multiple vulnerabilities

2011-04-2100:00:00
vuxml.freebsd.org
14

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.111 Low

EPSS

Percentile

95.1%

JSON

The Asterisk Development Team reports:

It is possible for a user of the Asterisk Manager Interface to
bypass a security check and execute shell commands when they
should not have that ability. Sending the “Async” header with
the “Application” header during an Originate action, allows
authenticated manager users to execute shell commands. Only
users with the “system” privilege should be able to do this.
On systems that have the Asterisk Manager Interface, Skinny, SIP
over TCP, or the built in HTTP server enabled, it is possible for
an attacker to open as many connections to asterisk as he wishes.
This will cause Asterisk to run out of available file descriptors
and stop processing any new calls. Additionally, disk space can
be exhausted as Asterisk logs failures to open new file
descriptors.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchasterisk14< 1.4.40.1UNKNOWN
FreeBSDanynoarchasterisk16< 1.6.2.17.3UNKNOWN
FreeBSDanynoarchasterisk18< 1.8.3.3UNKNOWN

Related

nessus 7
prion 1
openvas 10
securityvulns 2
ubuntucve 1
cve 1
debiancve 1
fedora 3
debian 1
osv 1
gentoo 1
nessus
nessus
FreeBSD : Asterisk -- multiple vulnerabilities (3c7d565a-6c64-11e0-813a-6c626dd55a41)
2011-04-22 00:00:00
Fedora 14 : asterisk-1.6.2.18-1.fc14 (2011-6225)
2011-05-17 00:00:00
Fedora 15 : asterisk-1.8.3.3-1.fc15 (2011-5835)
2011-04-27 00:00:00
prion
prion
Code injection
2011-04-27 00:55:00
openvas
openvas
FreeBSD Ports: asterisk14
2011-05-12 00:00:00
FreeBSD Ports: asterisk14
2011-05-12 00:00:00
Fedora Update for asterisk FEDORA-2011-6208
2011-05-10 00:00:00
securityvulns
securityvulns
Asterisk security vulnerabilities
2011-04-27 00:00:00
AST-2011-005: File Descriptor Resource Exhaustion
2011-04-27 00:00:00
ubuntucve
ubuntucve
CVE-2011-1507
2011-04-27 00:00:00
cve
cve
CVE-2011-1507
2011-04-27 00:55:00
debiancve
debiancve
CVE-2011-1507
2011-04-27 00:55:00
fedora
fedora
[SECURITY] Fedora 15 Update: asterisk-1.8.3.3-1.fc15
2011-04-26 16:06:08
[SECURITY] Fedora 14 Update: asterisk-1.6.2.18-1.fc14
2011-05-17 01:05:44
[SECURITY] Fedora 13 Update: asterisk-1.6.2.18-1.fc13
2011-05-07 13:27:17
debian
debian
[SECURITY] [DSA 2225-1] asterisk security update
2011-04-26 21:18:08
osv
osv
asterisk - several
2011-04-25 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2011-10-24 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.111 Low

EPSS

Percentile

95.1%

JSON
Related for 3C7D565A-6C64-11E0-813A-6C626DD55A41
nessus7prion1openvas10securityvulns2ubuntucve1cve1debiancve1fedora3debian1osv1gentoo1