CVE-2011-1507

2011-04-2700:00:00

ubuntu.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.111 Low

EPSS

Percentile

95.1%

JSON

Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25,
1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business
Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated
sessions to certain interfaces, which allows remote attackers to cause a
denial of service (file descriptor exhaustion and disk space exhaustion)
via a series of TCP connections.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchasterisk< 1:1.6.2.5-0ubuntu1.4UNKNOWN
ubuntu10.10noarchasterisk< 1:1.6.2.7-1ubuntu1.2UNKNOWN
ubuntu11.04noarchasterisk< 1:1.6.2.9-2ubuntu2.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	asterisk	< 1:1.6.2.5-0ubuntu1.4	UNKNOWN
ubuntu	10.10	noarch	asterisk	< 1:1.6.2.7-1ubuntu1.2	UNKNOWN
ubuntu	11.04	noarch	asterisk	< 1:1.6.2.9-2ubuntu2.1	UNKNOWN