Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2276-2
HistoryJul 10, 2011 - 12:00 a.m.

asterisk - multiple issues

2011-07-1000:00:00
Google
osv.dev
7

0.387 Low

EPSS

Percentile

97.3%

JSON

Paul Belanger reported a vulnerability in Asterisk identified as
AST-2011-008
(CVE-2011-2529)
through which an unauthenticated attacker may crash an Asterisk
server remotely. A package containing a NULL char causes the SIP header parser
to alter unrelated memory structures.

Jared Mauch reported a vulnerability in Asterisk identified as
AST-2011-009
through which an unauthenticated attacker may crash an Asterisk server remotely.
If a user sends a package with a Contact header with a missing left angle
bracket (<) the server will crash. A possible workaround is to disable chan_sip.

The vulnerability identified as
AST-2011-010
(CVE-2011-2535)
reported about an
input validation error in the IAX2 channel driver. An unauthenticated attacker
may crash an Asterisk server remotely by sending a crafted option control frame.

For the oldstable distribution (lenny), this problem has been fixed in
version 1.4.21.2~dfsg-3+lenny5.

For the stable distribution (squeeze), this problem has been fixed in
version 1.6.2.9-2+squeeze3.

For the testing distribution (wheezy), this problem has been fixed in
version 1:1.8.4.3-1.

For the unstable distribution (sid), this problem has been fixed in
version 1:1.8.4.3-1.

We recommend that you upgrade your asterisk packages.

Related

nessus 5
debian 2
openvas 10
osv 1
freebsd 1
debiancve 2
nvd 2
ubuntucve 2
prion 2
cvelist 2
cve 2
gentoo 1
nessus
nessus
Debian DSA-2276-1 : asterisk - multiple denial of service
2011-07-12 00:00:00
Asterisk Multiple Channel Drivers Denial of Service (AST-2011-008 / AST-2011-009 / AST-2011-010)
2011-06-29 00:00:00
Fedora 14 : asterisk-1.6.2.19-1.fc14 (2011-8914)
2011-07-13 00:00:00
debian
debian
[SECURITY] [DSA 2276-2] asterisk regression update
2011-07-11 18:59:48
[SECURITY] [DSA 2276-1] asterisk security update
2011-07-10 15:17:03
openvas
openvas
Debian Security Advisory DSA 2276-1 (asterisk)
2011-08-03 00:00:00
Debian Security Advisory DSA 2276-2 (asterisk)
2011-08-03 00:00:00
Fedora Update for asterisk FEDORA-2011-8914
2011-07-18 00:00:00
osv
osv
asterisk - multiple issues
2011-07-10 00:00:00
freebsd
freebsd
Asterisk -- multiple vulnerabilities
2011-06-24 00:00:00
debiancve
debiancve
CVE-2011-2535
2011-07-06 19:55:03
CVE-2011-2529
2011-07-06 19:55:03
nvd
nvd
CVE-2011-2535
2011-07-06 19:55:03
CVE-2011-2529
2011-07-06 19:55:03
ubuntucve
ubuntucve
CVE-2011-2535
2011-07-06 00:00:00
CVE-2011-2529
2011-07-06 00:00:00
prion
prion
Design/Logic Flaw
2011-07-06 19:55:00
Memory corruption
2011-07-06 19:55:00
cvelist
cvelist
CVE-2011-2535
2011-07-06 19:00:00
CVE-2011-2529
2011-07-06 19:00:00
cve
cve
CVE-2011-2535
2011-07-06 19:55:03
CVE-2011-2529
2011-07-06 19:55:03
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2011-10-24 00:00:00

0.387 Low

EPSS

Percentile

97.3%

JSON
Related for OSV:DSA-2276-2
nessus5debian2openvas10osv1freebsd1debiancve2nvd2ubuntucve2prion2cvelist2cve2gentoo1