Bug#618790: AST-2011-003: Resource exhaustion in Asterisk Manager Interface

Tzafrir Cohen tzafrir at debian.org
Fri Mar 18 14:14:20 UTC 2011


Package: asterisk
Version: 1:1.6.2.9-2+squeeze2
Justification: AST-2011-003: Resource exhaustion in Asterisk Manager Interface
Severity: serious
Tags: security patch upstream

Rapidly opening manager connections, sending invalid data, and closing the
connection can cause Asterisk to exhaust available CPU and memory resources.

The manager interface is disabled by default in upstream, but enabled
by default (listening on localhost only) in the version in Debian 5.0 (Lenny)
and 6.0 (Squeeze).

See also http://downloads.asterisk.org/pub/security/AST-2011-003.html

Patches are available in SVN (branches 'squeeze' and 'lenny-security').

-- 
Tzafrir Cohen         | tzafrir at jabber.org | VIM is
http://tzafrir.org.il |                    | a Mutt's
tzafrir at cohens.org.il |                    |  best
tzafrir at debian.org    |                    | friend

-- 
Tzafrir Cohen         | tzafrir at jabber.org | VIM is
http://tzafrir.org.il |                    | a Mutt's
tzafrir at cohens.org.il |                    |  best
tzafrir at debian.org    |                    | friend





More information about the Pkg-voip-maintainers mailing list