Vulnerability-Lookup

CNVD-2016-01319

Vulnerability from cnvd - Published: 2016-02-26

Title

Digium Asterisk Open Source拒绝服务漏洞

Description

Asterisk Open Source是美国Digium公司的开源电话交换机（PBX）系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Digium Asterisk Open Source存在拒绝服务漏洞，允许远程攻击者通过向量与有关大重新传输超时值导致拒绝服务。

Severity

中

Patch Name

Digium Asterisk Open Source拒绝服务漏洞的补丁

Patch Description

Asterisk Open Source是美国Digium公司的开源电话交换机（PBX）系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Digium Asterisk Open Source存在拒绝服务漏洞，允许远程攻击者通过向量与有关大重新传输超时值导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://downloads.asterisk.org/pub/security/AST-2016-002.html

Reference

http://downloads.asterisk.org/pub/security/AST-2016-002.html

Impacted products

Name
['Digium Asterisk Open Source 1.8.x', 'Digium Asterisk Open Source 11.x(< 11.21.1)', 'Digium Asterisk Open Source 12.x', 'Digium Asterisk Open Source 13.x (< 13.7.1)', 'Digium Certified Asterisk 1.8.28', 'Digium Certified Asterisk 11.6(< 11.6-cert12)', 'Digium Certified Asterisk 13.1(< 13.1-cert3)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "82651"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-2316"
    }
  },
  "description": "Asterisk Open Source\u662f\u7f8e\u56fdDigium\u516c\u53f8\u7684\u5f00\u6e90\u7535\u8bdd\u4ea4\u6362\u673a\uff08PBX\uff09\u7cfb\u7edf\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u8bed\u97f3\u4fe1\u7bb1\u3001\u591a\u65b9\u8bed\u97f3\u4f1a\u8bae\u3001\u4ea4\u4e92\u5f0f\u8bed\u97f3\u5e94\u7b54(IVR)\u7b49\u3002\r\n\r\nDigium Asterisk Open Source\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u5411\u91cf\u4e0e\u6709\u5173\u5927\u91cd\u65b0\u4f20\u8f93\u8d85\u65f6\u503c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Alexander Traud",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://downloads.asterisk.org/pub/security/AST-2016-002.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01319",
  "openTime": "2016-02-26",
  "patchDescription": "Asterisk Open Source\u662f\u7f8e\u56fdDigium\u516c\u53f8\u7684\u5f00\u6e90\u7535\u8bdd\u4ea4\u6362\u673a\uff08PBX\uff09\u7cfb\u7edf\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u8bed\u97f3\u4fe1\u7bb1\u3001\u591a\u65b9\u8bed\u97f3\u4f1a\u8bae\u3001\u4ea4\u4e92\u5f0f\u8bed\u97f3\u5e94\u7b54(IVR)\u7b49\u3002\r\n\r\nDigium Asterisk Open Source\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u5411\u91cf\u4e0e\u6709\u5173\u5927\u91cd\u65b0\u4f20\u8f93\u8d85\u65f6\u503c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Digium Asterisk Open Source\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Digium Asterisk Open Source 1.8.x",
      "Digium Asterisk Open Source 11.x(\u003c 11.21.1)",
      "Digium Asterisk Open Source 12.x",
      "Digium Asterisk Open Source 13.x (\u003c 13.7.1)",
      "Digium Certified Asterisk 1.8.28",
      "Digium Certified Asterisk 11.6(\u003c 11.6-cert12)",
      "Digium Certified Asterisk 13.1(\u003c 13.1-cert3)"
    ]
  },
  "referenceLink": "http://downloads.asterisk.org/pub/security/AST-2016-002.html",
  "serverity": "\u4e2d",
  "submitTime": "2016-02-25",
  "title": "Digium Asterisk Open Source\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2016-2316 (GCVE-0-2016-2316)

Vulnerability from cvelistv5 – Published: 2016-02-22 15:05 – Updated: 2024-08-05 23:24

Summary

chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/82651	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1034930	vdb-entryx_refsource_SECTRACK
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.debian.org/security/2016/dsa-3700	vendor-advisoryx_refsource_DEBIAN
	http://downloads.asterisk.org/pub/security/AST-20…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:24:48.520Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "82651",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/82651"
          },
          {
            "name": "1034930",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034930"
          },
          {
            "name": "FEDORA-2016-3cc13611f4",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
          },
          {
            "name": "FEDORA-2016-153eed2bb8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
          },
          {
            "name": "DSA-3700",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3700"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "82651",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/82651"
        },
        {
          "name": "1034930",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034930"
        },
        {
          "name": "FEDORA-2016-3cc13611f4",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
        },
        {
          "name": "FEDORA-2016-153eed2bb8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
        },
        {
          "name": "DSA-3700",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3700"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-2316",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "82651",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/82651"
            },
            {
              "name": "1034930",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034930"
            },
            {
              "name": "FEDORA-2016-3cc13611f4",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html"
            },
            {
              "name": "FEDORA-2016-153eed2bb8",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html"
            },
            {
              "name": "DSA-3700",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3700"
            },
            {
              "name": "http://downloads.asterisk.org/pub/security/AST-2016-002.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.asterisk.org/pub/security/AST-2016-002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-2316",
    "datePublished": "2016-02-22T15:05:00",
    "dateReserved": "2016-02-11T00:00:00",
    "dateUpdated": "2024-08-05T23:24:48.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2016-01319

CVE-2016-2316 (GCVE-0-2016-2316)

Tags

Sightings

Nomenclature