Candidate: CVE-2011-1175
PublicDate: 2011-03-31 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1175
 http://downloads.asterisk.org/pub/security/AST-2011-004.html
Description:
 tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before
 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote
 attackers to cause a denial of service (NULL pointer dereference and daemon
 crash) by establishing many short TCP sessions to services that use a
 certain TLS API.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=688678
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_asterisk:
 upstream: http://downloads.asterisk.org/pub/security/AST-2011-004-1.6.2.diff
upstream_asterisk: released (1.6.1.24,1.6.2.17.2,1.8.3.2)
dapper_asterisk: ignored (reached end-of-life)
hardy_asterisk: ignored (reached end-of-life)
karmic_asterisk: ignored (reached end-of-life)
lucid_asterisk: released (1:1.6.2.5-0ubuntu1.4)
maverick_asterisk: released (1:1.6.2.7-1ubuntu1.2)
natty_asterisk: released (1:1.6.2.9-2ubuntu2.1)
devel_asterisk: not-affected (1:1.8.3.3-1ubuntu1)