Multiple Asterisk products OutofCall Message Denial of Service Vulnerability (CVE-2014-6610)
Release date:
Updated on:
Affected Systems:
Asterisk
Asterisk Open Source 12.x
Asterisk Open Source 11.x
Description:
Bugtraq id: 69962
CVE (CAN) ID: CVE-2014-6610
Asterisk is a free and open-source software that enables the Telephone User Switch (PBX) function.
Multiple Asterisk products have a remote denial of service vulnerability. Attackers can exploit this vulnerability to crash affected applications.
Install Asterisk In Ubuntu 12.10
<* Source: Philippe linders
Link: http://www.securityfocus.com/archive/1/533487
*>
Suggestion:
Vendor patch:
Asterisk
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://downloads.asterisk.org/pub/security/
Svn url Revision
Http://downloads.asterisk.org/pub/security/AST-2014-010-11.diff (Asterisk)
11
Http://downloads.asterisk.org/pub/security/AST-2014-010-12.diff (Asterisk)
12
Http://downloads.asterisk.org/pub/security/AST-2014-010-11.6.diff (Certified)
Asterisk
11.6
Links https://issues.asterisk.org/jira/browse/ASTERISK-24301
This article permanently updates the link address: