Multiple Asterisk products OutofCall Message Denial of Service Vulnerability (CVE-2014-6610)

Multiple Asterisk products OutofCall Message Denial of Service Vulnerability (CVE-2014-6610)

Release date:
Updated on:

Affected Systems:
Asterisk
Asterisk Open Source 12.x
Asterisk Open Source 11.x
Description:
Bugtraq id: 69962
CVE (CAN) ID: CVE-2014-6610

Asterisk is a free and open-source software that enables the Telephone User Switch (PBX) function.

Multiple Asterisk products have a remote denial of service vulnerability. Attackers can exploit this vulnerability to crash affected applications.

Install Asterisk In Ubuntu 12.10

<* Source: Philippe linders

Link: http://www.securityfocus.com/archive/1/533487
*>

Suggestion:
Vendor patch:

Asterisk
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://downloads.asterisk.org/pub/security/

Svn url Revision
Http://downloads.asterisk.org/pub/security/AST-2014-010-11.diff (Asterisk)
11
Http://downloads.asterisk.org/pub/security/AST-2014-010-12.diff (Asterisk)
12
Http://downloads.asterisk.org/pub/security/AST-2014-010-11.6.diff (Certified)
Asterisk
11.6

Links https://issues.asterisk.org/jira/browse/ASTERISK-24301

This article permanently updates the link address: