CVE-2011-1507 Information
Description
Asterisk Open Source 1.4.x before 1.4.40.1 1.6.1.x before 1.6.1.25 1.6.2.x before 1.6.2.17.3 and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections.
Reference
http://downloads.digium.com/pub/security/AST-2011-005.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html http://secunia.com/advisories/44197 http://secunia.com/advisories/44529 http://securitytracker.com/id?1025432 http://www.debian.org/security/2011/dsa-2225 http://www.vupen.com/english/advisories/2011/1086 http://www.vupen.com/english/advisories/2011/1107 http://www.vupen.com/english/advisories/2011/1188 https://bugzilla.redhat.com/show_bug.cgi?id=698916
Share on: