cnvd-2016-01319
Vulnerability from cnvd
Title
Digium Asterisk Open Source拒绝服务漏洞
Description
Asterisk Open Source是美国Digium公司的开源电话交换机(PBX)系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Digium Asterisk Open Source存在拒绝服务漏洞,允许远程攻击者通过向量与有关大重新传输超时值导致拒绝服务。
Severity
Patch Name
Digium Asterisk Open Source拒绝服务漏洞的补丁
Patch Description
Asterisk Open Source是美国Digium公司的开源电话交换机(PBX)系统软件。该软件支持语音信箱、多方语音会议、交互式语音应答(IVR)等。 Digium Asterisk Open Source存在拒绝服务漏洞,允许远程攻击者通过向量与有关大重新传输超时值导致拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: http://downloads.asterisk.org/pub/security/AST-2016-002.html

Reference
http://downloads.asterisk.org/pub/security/AST-2016-002.html
Impacted products
Name
['Digium Asterisk Open Source 1.8.x', 'Digium Asterisk Open Source 11.x(< 11.21.1)', 'Digium Asterisk Open Source 12.x', 'Digium Asterisk Open Source 13.x (< 13.7.1)', 'Digium Certified Asterisk 1.8.28', 'Digium Certified Asterisk 11.6(< 11.6-cert12)', 'Digium Certified Asterisk 13.1(< 13.1-cert3)']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "82651"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-2316"
    }
  },
  "description": "Asterisk Open Source\u662f\u7f8e\u56fdDigium\u516c\u53f8\u7684\u5f00\u6e90\u7535\u8bdd\u4ea4\u6362\u673a\uff08PBX\uff09\u7cfb\u7edf\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u8bed\u97f3\u4fe1\u7bb1\u3001\u591a\u65b9\u8bed\u97f3\u4f1a\u8bae\u3001\u4ea4\u4e92\u5f0f\u8bed\u97f3\u5e94\u7b54(IVR)\u7b49\u3002\r\n\r\nDigium Asterisk Open Source\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u5411\u91cf\u4e0e\u6709\u5173\u5927\u91cd\u65b0\u4f20\u8f93\u8d85\u65f6\u503c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Alexander Traud",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://downloads.asterisk.org/pub/security/AST-2016-002.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01319",
  "openTime": "2016-02-26",
  "patchDescription": "Asterisk Open Source\u662f\u7f8e\u56fdDigium\u516c\u53f8\u7684\u5f00\u6e90\u7535\u8bdd\u4ea4\u6362\u673a\uff08PBX\uff09\u7cfb\u7edf\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u8bed\u97f3\u4fe1\u7bb1\u3001\u591a\u65b9\u8bed\u97f3\u4f1a\u8bae\u3001\u4ea4\u4e92\u5f0f\u8bed\u97f3\u5e94\u7b54(IVR)\u7b49\u3002\r\n\r\nDigium Asterisk Open Source\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u5411\u91cf\u4e0e\u6709\u5173\u5927\u91cd\u65b0\u4f20\u8f93\u8d85\u65f6\u503c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Digium Asterisk Open Source\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Digium Asterisk Open Source 1.8.x",
      "Digium Asterisk Open Source 11.x(\u003c 11.21.1)",
      "Digium Asterisk Open Source 12.x",
      "Digium Asterisk Open Source 13.x (\u003c 13.7.1)",
      "Digium Certified Asterisk 1.8.28",
      "Digium Certified Asterisk 11.6(\u003c 11.6-cert12)",
      "Digium Certified Asterisk 13.1(\u003c 13.1-cert3)"
    ]
  },
  "referenceLink": "http://downloads.asterisk.org/pub/security/AST-2016-002.html",
  "serverity": "\u4e2d",
  "submitTime": "2016-02-25",
  "title": "Digium Asterisk Open Source\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.