Executive Summary

Informations
Name CVE-2011-4063 First vendor Publication 2011-10-21
Vendor Cve Last vendor Modification 2018-10-09

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4063

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

OpenVAS Exploits

Date Description
2012-04-02 Name : Fedora Update for asterisk FEDORA-2011-14480
File : nvt/gb_fedora_2011_14480_asterisk_fc16.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-21 (Asterisk)
File : nvt/glsa_201110_21.nasl
2011-11-11 Name : Fedora Update for asterisk FEDORA-2011-14538
File : nvt/gb_fedora_2011_14538_asterisk_fc15.nasl
0000-00-00 Name : FreeBSD Ports: asterisk18
File : nvt/freebsd_asterisk181.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
76784 Asterisk SIP Channel Driver chan_sip.c Uninitialized Variable Request Parsing...

Snort® IPS/IDS

Date Description
2014-01-10 Digium Asterisk channel driver denial of service attempt
RuleID : 21103 - Revision : 4 - Type : PROTOCOL-VOIP
2014-01-10 Digium Asterisk channel driver denial of service attempt
RuleID : 21102 - Revision : 4 - Type : PROTOCOL-VOIP
2014-01-10 Digium Asterisk channel driver denial of service attempt
RuleID : 21101 - Revision : 7 - Type : PROTOCOL-VOIP

Nessus® Vulnerability Scanner

Date Description
2011-11-22 Name : A telephony application running on the remote host is affected by a denial of...
File : asterisk_ast_2011_012.nasl - Type : ACT_GATHER_INFO
2011-11-14 Name : The remote Fedora host is missing a security update.
File : fedora_2011-14480.nasl - Type : ACT_GATHER_INFO
2011-11-14 Name : The remote Fedora host is missing a security update.
File : fedora_2011-14538.nasl - Type : ACT_GATHER_INFO
2011-10-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-21.nasl - Type : ACT_GATHER_INFO
2011-10-18 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_a95092a6f8f111e0a7ea00215c6a37bb.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/50177
BUGTRAQ http://www.securityfocus.com/archive/1/520141/100/0/threaded
CONFIRM http://downloads.digium.com/pub/security/AST-2011-012.html
SECTRACK http://www.securitytracker.com/id?1026191
SECUNIA http://secunia.com/advisories/46420
SREASON http://securityreason.com/securityalert/8478
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/70706

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2021-05-04 12:17:45
  • Multiple Updates
2021-04-22 01:21:03
  • Multiple Updates
2020-05-23 00:32:06
  • Multiple Updates
2018-10-10 00:19:45
  • Multiple Updates
2017-08-29 09:23:35
  • Multiple Updates
2016-04-26 21:11:55
  • Multiple Updates
2014-02-17 11:05:54
  • Multiple Updates
2014-01-19 21:28:11
  • Multiple Updates
2013-05-10 23:10:01
  • Multiple Updates