CVE-2011-2535:Asterisk Open Source versions before 1.4.41.1, 1.6.2.18.1, and 1.8.4.3, as well as Asterisk Business Edition C.3 before C.3.7.3, are affected by a vulnerability in the IAX2 channel driver that allows remote attackers to cause a denial of service or potentially have other unspecified impacts via a crafted frame.

splash
Back

Description Preview

The vulnerability exists in the chan_iax2.c file in the IAX2 channel driver of Asterisk Open Source versions prior to 1.4.41.1, 1.6.2.18.1, and 1.8.4.3, as well as Asterisk Business Edition C.3 before C.3.7.3. An attacker can exploit this vulnerability by sending a specially crafted frame to the affected system, which can result in a denial of service condition (daemon crash) or potentially lead to other unspecified impacts.

Overview

This vulnerability in the IAX2 channel driver of Asterisk Open Source and Asterisk Business Edition allows remote attackers to disrupt the normal operation of the affected systems, potentially leading to a denial of service or other adverse effects. The issue stems from improper handling of memory addresses contained in option control frames.

Remediation

To mitigate this vulnerability, it is recommended to upgrade to the patched versions of Asterisk Open Source (1.4.41.1, 1.6.2.18.1, 1.8.4.3) or Asterisk Business Edition (C.3.7.3) where the issue has been addressed. Additionally, network security best practices should be followed to minimize the risk of exploitation from external attackers.

References

  1. Secunia Advisory: link
  2. Asterisk Security Advisory: link
  3. IBM X-Force Vulnerability Report: link
  4. SecurityFocus BID: link
  5. SecurityTracker ID: link
  6. Debian Security Advisory: link
  7. Fedora Security Advisory: link
  8. OSVDB Entry: link

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Retail Trade
    Retail Trade
  2. Manufacturing
    Manufacturing
  3. Accommodation & Food Services
    Accommodation & Food Services
  4. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  5. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  6. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  7. Construction
    Construction
  8. Educational Services
    Educational Services
  9. Finance and Insurance
    Finance and Insurance
  10. Health Care & Social Assistance
    Health Care & Social Assistance
  11. Information
    Information
  12. Management of Companies & Enterprises
    Management of Companies & Enterprises
  13. Mining
    Mining
  14. Other Services (except Public Administration)
    Other Services (except Public Administration)
  15. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  16. Public Administration
    Public Administration
  17. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database