CVE-2011-1174
published 2011-03-31CVE-2011-1174: manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.72%
84.2th percentile
manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:1.8.3.3-1 (bullseye) | asterisk 1:1.8.3.3-1 (bullseye) |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
| digium | asterisk | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2011-1174: asterisk - manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2....
vendor_debian·2011·CVSS 5.0
CVE-2011-1174 [MEDIUM] CVE-2011-1174: asterisk - manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2....
manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.
Scope: local
bullseye: resolved (fixed in 1:1.8.3.3-1)
sid: resolved (fixed in 1:1.8.3.3-1)
GHSA
GHSA-j5wq-5rfm-xx8g: manager
ghsa_unreviewed·2022-05-17
CVE-2011-1174 [MEDIUM] GHSA-j5wq-5rfm-xx8g: manager
manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.
OSV
CVE-2011-1174: manager
osv·2011-03-31·CVSS 5.0
CVE-2011-1174 [MEDIUM] CVE-2011-1174: manager
manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-1174 asterisk: resource exhaustion in Asterisk Manager Interface (AST-2011-003)
bugzilla·2011-03-17·CVSS 5.0
CVE-2011-1174 [MEDIUM] CVE-2011-1174 asterisk: resource exhaustion in Asterisk Manager Interface (AST-2011-003)
CVE-2011-1174 asterisk: resource exhaustion in Asterisk Manager Interface (AST-2011-003)
AST-2011-003 [1] describes a resrouce exhaustion flaw in the Asterisk Manager Interface. If manger connections were rapily opened, sent invalid data, then closed, it could cause Asterisk to exhaust available CPU and memory resources. The Manager Interface is disabled by default. Versions 1.6.2.x and 1.8.x are affected, and 1.6.2.17.1 and 1.8.3.1 have been released to correct this flaw.
[1] http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
Discussion:
This is assigned CVE-2011-1174.
---
This is corrected via these builds that have the fixes from upstream:
Fedora-13: asterisk-1.6.2.18-1.fc13
Fedora-14: asterisk-1.6.2.18-1.fc14
Fedora-15: asterisk-1.8.3.3-1.fc15
Fedora-Rawhide: asterisk-1
Bugzilla
CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)
bugzilla·2011-02-01·CVSS 5.0
CVE-2011-0284 [MEDIUM] CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)
CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)
A double-free flaw was found in the way the MIT Kerberos
KDC handled initial authentication requests (AS-REQ), when
the KDC was configured to provide the PKINIT capability.
A remote attacker could use this flaw to cause the KDC
daemon to abort by using a specially-crafted AS-REQ request.
Different vulnerability than CVE-2010-1320 and CVE-2005-1174.
Discussion:
Created attachment 476397
Proposed patch from Nalin Dahyabhai to fix the issue
---
This issue did NOT affect the versions of the krb5 package, as shipped
with Red Hat Enterprise Linux 3, 4, or 5.
This issue affects the version of the krb5 package, as shipped
with Red Hat Enterprise Linux 6.
--
This i
http://downloads.asterisk.org/pub/security/AST-2011-003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.htmlhttp://openwall.com/lists/oss-security/2011/03/17/5http://openwall.com/lists/oss-security/2011/03/21/12http://securitytracker.com/id?1025223http://www.debian.org/security/2011/dsa-2225http://www.securityfocus.com/bid/46897http://www.vupen.com/english/advisories/2011/0686http://www.vupen.com/english/advisories/2011/0790https://bugzilla.redhat.com/show_bug.cgi?id=688675https://exchange.xforce.ibmcloud.com/vulnerabilities/66139http://downloads.asterisk.org/pub/security/AST-2011-003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.htmlhttp://openwall.com/lists/oss-security/2011/03/17/5http://openwall.com/lists/oss-security/2011/03/21/12http://securitytracker.com/id?1025223http://www.debian.org/security/2011/dsa-2225http://www.securityfocus.com/bid/46897http://www.vupen.com/english/advisories/2011/0686http://www.vupen.com/english/advisories/2011/0790https://bugzilla.redhat.com/show_bug.cgi?id=688675https://exchange.xforce.ibmcloud.com/vulnerabilities/66139
2011-03-31
Published