What is the severity of CVE-2011-1507?

CVE-2011-1507 is classified as a high severity vulnerability due to the potential for remote attackers to exhaust server resources.

How do I fix CVE-2011-1507?

To fix CVE-2011-1507, you should update to a patched version of Asterisk that limits unauthenticated connections and their duration.

Which versions of Asterisk are affected by CVE-2011-1507?

CVE-2011-1507 affects multiple versions of Asterisk, particularly those in the 1.4.x ranges up to 1.4.39.

What are the potential impacts of CVE-2011-1507?

The impacts of CVE-2011-1507 can include service disruption due to resource exhaustion, potentially leading to denial of service.

Is there a workaround for CVE-2011-1507?

A temporary workaround for CVE-2011-1507 is to implement network-level filtering to limit connections to vulnerable Asterisk interfaces.

Vulnerability/
CVE-2011-1507

medium

CWE

399

22/4/2011

27/4/2011

6/8/2024

CVE-2011-1507

First published: Fri Apr 22 2011(Updated: )

Asterisk did not limit the number of unauthenticated connections to vulnerable interfaces and did not limit the time unauthenticated clients remain connected to some interfaces. A remote attacker could open many subsequent connections to vulnerable Asterisk interfaces, leading to file descriptor resource exhaustion or possibly to disk space exhaustion (due Asterisk feature of logging failures to open new file descriptors into its log file). References: [1] <a href="http://downloads.asterisk.org/pub/security/AST-2011-005.html">http://downloads.asterisk.org/pub/security/AST-2011-005.html</a> Upstream patches: [2] <a href="http://downloads.asterisk.org/pub/security/AST-2011-005-1.4.diff">http://downloads.asterisk.org/pub/security/AST-2011-005-1.4.diff</a> (against v1.4 branch) [3] <a href="http://downloads.asterisk.org/pub/security/AST-2011-005-1.6.1.diff">http://downloads.asterisk.org/pub/security/AST-2011-005-1.6.1.diff</a> (against v1.6.1 branch) [4] <a href="http://downloads.asterisk.org/pub/security/AST-2011-005-1.6.2.diff">http://downloads.asterisk.org/pub/security/AST-2011-005-1.6.2.diff</a> (against v1.6.2 branch) [5] <a href="http://downloads.asterisk.org/pub/security/AST-2011-005-1.8.diff">http://downloads.asterisk.org/pub/security/AST-2011-005-1.8.diff</a> (against v1.8 branch)

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Asterisk	=1.4.37-rc1
Asterisk	=1.4.26.3
Asterisk	=1.4.22-rc3
Asterisk	=1.4.27-rc2
Asterisk	=1.4.36-rc1
Asterisk	=1.4.26-rc4
Asterisk	=1.4.28
Asterisk	=1.4.27-rc1
Asterisk	=1.4.27.1
Asterisk	=1.4.26-rc5
Asterisk	=1.4.0-beta4
Asterisk	=1.4.0-beta2
Asterisk	=1.4.35-rc1
Asterisk	=1.4.26.2
Asterisk	=1.4.19.2
Asterisk	=1.4.26.1
Asterisk	=1.4.20-rc1
Asterisk	=1.4.16
Asterisk	=1.4.3
Asterisk	=1.4.27-rc3
Asterisk	=1.4.19.1
Asterisk	=1.4.30
Asterisk	=1.4.38-rc1
Asterisk	=1.4.38
Asterisk	=1.4.33
Asterisk	=1.4.23-rc4
Asterisk	=1.4.22
Asterisk	=1.4.0
Asterisk	=1.4.32
Asterisk	=1.4.31-rc2
Asterisk	=1.4.22.2
Asterisk	=1.4.26-rc3
Asterisk	=1.4.33-rc1
Asterisk	=1.4.20
Asterisk	=1.4.39
Asterisk	=1.4.22.1
Asterisk	=1.4.39.2
Asterisk	=1.4.12.1
Asterisk	=1.4.2
Asterisk	=1.4.19
Asterisk	=1.4.29
Asterisk	=1.4.20-rc3
Asterisk	=1.4.18
Asterisk	=1.4.34
Asterisk	=1.4.21-rc2
Asterisk	=1.4.22-rc1
Asterisk	=1.4.40
Asterisk	=1.4.10
Asterisk	=1.4.35
Asterisk	=1.4.24.1
Asterisk	=1.4.10.1
Asterisk	=1.4.16.1
Asterisk	=1.4.19-rc4
Asterisk	=1.4.31
Asterisk	=1.4.33.1
Asterisk	=1.4.25-rc1
Asterisk	=1.4.25
Asterisk	=1.4.11
Asterisk	=1.4.23
Asterisk	=1.4.39.1
Asterisk	=1.4.26-rc2
Asterisk	=1.4.29-rc1
Asterisk	=1.4.22-rc2
Asterisk	=1.4.15
Asterisk	=1.4.34-rc2
Asterisk	=1.4.31-rc1
Asterisk	=1.4.28-rc1
Asterisk	=1.4.40-rc1
Asterisk	=1.4.19-rc3
Asterisk	=1.4.23-rc1
Asterisk	=1.4.27
Asterisk	=1.4.25.1
Asterisk	=1.4.34-rc1
Asterisk	=1.4.21.1
Asterisk	=1.4.19-rc2
Asterisk	=1.4.12
Asterisk	=1.4.37
Asterisk	=1.4.20-rc2
Asterisk	=1.4.19-rc1
Asterisk	=1.4.13
Asterisk	=1.4.21.2
Asterisk	=1.4.27-rc4
Asterisk	=1.4.33-rc2
Asterisk	=1.4.17
Asterisk	=1.4.40-rc2
Asterisk	=1.4.29.1
Asterisk	=1.4.23-rc2
Asterisk	=1.4.22-rc4
Asterisk	=1.4.22-rc5
Asterisk	=1.4.21-rc1
Asterisk	=1.4.26-rc1
Asterisk	=1.4.26-rc6
Asterisk	=1.4.1
Asterisk	=1.4.32-rc1
Asterisk	=1.4.39-rc1
Asterisk	=1.4.14
Asterisk	=1.4.20.1
Asterisk	=1.4.24
Asterisk	=1.4.0-beta1
Asterisk	=1.4.40-rc3
Asterisk	=1.4.24-rc1
Asterisk	=1.4.26
Asterisk	=1.4.16.2
Asterisk	=1.4.23.2
Asterisk	=1.4.27-rc5
Asterisk	=1.4.30-rc2
Asterisk	=1.4.23.1
Asterisk	=1.4.23-rc3
Asterisk	=1.4.30-rc3
Asterisk	=1.4.36
Asterisk	=1.4.0-beta3
Asterisk	=1.4.21
Asterisk	=1.6.2.16.2
Asterisk	=1.6.2.0-rc3
Asterisk	=1.6.2.0-rc2
Asterisk	=1.6.2.1
Asterisk	=1.6.2.0-rc4
Asterisk	=1.6.2.4
Asterisk	=1.6.2.6
Asterisk	=1.6.2.0-rc5
Asterisk	=1.6.2.0-rc7
Asterisk	=1.6.2.16-rc1
Asterisk	=1.6.2.17-rc1
Asterisk	=1.6.2.1-rc1
Asterisk	=1.6.2.16
Asterisk	=1.6.2.15-rc1
Asterisk	=1.6.2.17
Asterisk	=1.6.2.6-rc1
Asterisk	=1.6.2.17.1
Asterisk	=1.6.2.2
Asterisk	=1.6.2.0-rc8
Asterisk	=1.6.2.3-rc2
Asterisk	=1.6.2.17-rc3
Asterisk	=1.6.2.16.1
Asterisk	=1.6.2.0
Asterisk	=1.6.2.17-rc2
Asterisk	=1.6.2.5
Asterisk	=1.6.2.0-rc6
Asterisk	=1.6.2.6-rc2
Asterisk	=1.6.2.17.2
Asterisk	=1.8.3-rc3
Asterisk	=1.8.3
Asterisk	=1.8.2.4
Asterisk	=1.8.0-beta2
Asterisk	=1.8.3-rc1
Asterisk	=1.8.1
Asterisk	=1.8.1.2
Asterisk	=1.8.0-beta4
Asterisk	=1.8.0-rc5
Asterisk	=1.8.3.1
Asterisk	=1.8.0-beta3
Asterisk	=1.8.0-beta5
Asterisk	=1.8.3.2
Asterisk	=1.8.0-rc2
Asterisk	=1.8.3-rc2
Asterisk	=1.8.2.3
Asterisk	=1.8.2.1
Asterisk	=1.8.1-rc1
Asterisk	=1.8.0
Asterisk	=1.8.0-rc3
Asterisk	=1.8.1.1
Asterisk	=1.8.2
Asterisk	=1.8.2.2
Asterisk	=1.8.0-beta1
Asterisk	=1.8.0-rc4
Asterisk	=c.3.1.0
Asterisk	=c.1.8.1
Asterisk	=c.2.3
Asterisk	=c.3.6.2
Asterisk	=c.3.1.1
Asterisk	=c.3.2.2
Asterisk	=c.1.0-beta7
Asterisk	=c.1.8.0
Asterisk	=c.1.6.2
Asterisk	=c.3.0
Asterisk	=c.3.6.3
Asterisk	=c.3.2.3
Asterisk	=c.1.6.1
Asterisk	=c.1.0-beta8
Asterisk	=c.1.6
Asterisk	=c.3.3.2
Asterisk	=1.6.1.0-rc4
Asterisk	=1.6.1.8
Asterisk	=1.6.1.7-rc1
Asterisk	=1.6.1.5-rc1
Asterisk	=1.6.1.12
Asterisk	=1.6.1.0-rc5
Asterisk	=1.6.1.3-rc1
Asterisk	=1.6.1.15-rc2
Asterisk	=1.6.1.24
Asterisk	=1.6.1.18-rc1
Asterisk	=1.6.1.2
Asterisk	=1.6.1.19-rc2
Asterisk	=1.6.1.6
Asterisk	=1.6.1.5
Asterisk	=1.6.1.20-rc1
Asterisk	=1.6.1.0
Asterisk	=1.6.1.18-rc2
Asterisk	=1.6.1.14
Asterisk	=1.6.1.20-rc2
Asterisk	=1.6.1.10-rc2
Asterisk	=1.6.1.19
Asterisk	=1.6.1.12-rc1
Asterisk	=1.6.1.22
Asterisk	=1.6.1.11
Asterisk	=1.6.1.10-rc3
Asterisk	=1.6.1.20
Asterisk	=1.6.1.9
Asterisk	=1.6.1.19-rc3
Asterisk	=1.6.1.18
Asterisk	=1.6.1.17
Asterisk	=1.6.1.4
Asterisk	=1.6.1.10
Asterisk	=1.6.1.16
Asterisk	=1.6.1.7-rc2
Asterisk	=1.6.1.23
Asterisk	=1.6.1.0-rc2
Asterisk	=1.6.1.21
Asterisk	=1.6.1.0-rc3
Asterisk	=1.6.1.10-rc1
Asterisk	=1.6.1.19-rc1
Asterisk	=1.6.1.13
Asterisk	=1.6.1.13-rc1
Asterisk	=1.6.1.1
Asterisk	=c.3.6.3

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=698916

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-1507?
CVE-2011-1507 is classified as a high severity vulnerability due to the potential for remote attackers to exhaust server resources.
How do I fix CVE-2011-1507?
To fix CVE-2011-1507, you should update to a patched version of Asterisk that limits unauthenticated connections and their duration.
Which versions of Asterisk are affected by CVE-2011-1507?
CVE-2011-1507 affects multiple versions of Asterisk, particularly those in the 1.4.x ranges up to 1.4.39.
What are the potential impacts of CVE-2011-1507?
The impacts of CVE-2011-1507 can include service disruption due to resource exhaustion, potentially leading to denial of service.
Is there a workaround for CVE-2011-1507?
A temporary workaround for CVE-2011-1507 is to implement network-level filtering to limit connections to vulnerable Asterisk interfaces.

agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/references
agent/remedy
agent/last-modified-date
agent/severity
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2011-1507
agent/trending
agent/source
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/tags
agent/softwarecombine
vendor/digium
canonical/asterisk
version/asterisk/1.4.37-rc1
version/asterisk/1.4.26.3
version/asterisk/1.4.22-rc3
version/asterisk/1.4.27-rc2
version/asterisk/1.4.36-rc1
version/asterisk/1.4.26-rc4
version/asterisk/1.4.28
version/asterisk/1.4.27-rc1
version/asterisk/1.4.27.1
version/asterisk/1.4.26-rc5
version/asterisk/1.4.0-beta4
version/asterisk/1.4.0-beta2
version/asterisk/1.4.35-rc1
version/asterisk/1.4.26.2
version/asterisk/1.4.19.2
version/asterisk/1.4.26.1
version/asterisk/1.4.20-rc1
version/asterisk/1.4.16
version/asterisk/1.4.3
version/asterisk/1.4.27-rc3
version/asterisk/1.4.19.1
version/asterisk/1.4.30
version/asterisk/1.4.38-rc1
version/asterisk/1.4.38
version/asterisk/1.4.33
version/asterisk/1.4.23-rc4
version/asterisk/1.4.22
version/asterisk/1.4.0
version/asterisk/1.4.32
version/asterisk/1.4.31-rc2
version/asterisk/1.4.22.2
version/asterisk/1.4.26-rc3
version/asterisk/1.4.33-rc1
version/asterisk/1.4.20
version/asterisk/1.4.39
version/asterisk/1.4.22.1
version/asterisk/1.4.39.2
version/asterisk/1.4.12.1
version/asterisk/1.4.2
version/asterisk/1.4.19
version/asterisk/1.4.29
version/asterisk/1.4.20-rc3
version/asterisk/1.4.18
version/asterisk/1.4.34
version/asterisk/1.4.21-rc2
version/asterisk/1.4.22-rc1
version/asterisk/1.4.40
version/asterisk/1.4.10
version/asterisk/1.4.35
version/asterisk/1.4.24.1
version/asterisk/1.4.10.1
version/asterisk/1.4.16.1
version/asterisk/1.4.19-rc4
version/asterisk/1.4.31
version/asterisk/1.4.33.1
version/asterisk/1.4.25-rc1
version/asterisk/1.4.25
version/asterisk/1.4.11
version/asterisk/1.4.23
version/asterisk/1.4.39.1
version/asterisk/1.4.26-rc2
version/asterisk/1.4.29-rc1
version/asterisk/1.4.22-rc2
version/asterisk/1.4.15
version/asterisk/1.4.34-rc2
version/asterisk/1.4.31-rc1
version/asterisk/1.4.28-rc1
version/asterisk/1.4.40-rc1
version/asterisk/1.4.19-rc3
version/asterisk/1.4.23-rc1
version/asterisk/1.4.27
version/asterisk/1.4.25.1
version/asterisk/1.4.34-rc1
version/asterisk/1.4.21.1
version/asterisk/1.4.19-rc2
version/asterisk/1.4.12
version/asterisk/1.4.37
version/asterisk/1.4.20-rc2
version/asterisk/1.4.19-rc1
version/asterisk/1.4.13
version/asterisk/1.4.21.2
version/asterisk/1.4.27-rc4
version/asterisk/1.4.33-rc2
version/asterisk/1.4.17
version/asterisk/1.4.40-rc2
version/asterisk/1.4.29.1
version/asterisk/1.4.23-rc2
version/asterisk/1.4.22-rc4
version/asterisk/1.4.22-rc5
version/asterisk/1.4.21-rc1
version/asterisk/1.4.26-rc1
version/asterisk/1.4.26-rc6
version/asterisk/1.4.1
version/asterisk/1.4.32-rc1
version/asterisk/1.4.39-rc1
version/asterisk/1.4.14
version/asterisk/1.4.20.1
version/asterisk/1.4.24
version/asterisk/1.4.0-beta1
version/asterisk/1.4.40-rc3
version/asterisk/1.4.24-rc1
version/asterisk/1.4.26
version/asterisk/1.4.16.2
version/asterisk/1.4.23.2
version/asterisk/1.4.27-rc5
version/asterisk/1.4.30-rc2
version/asterisk/1.4.23.1
version/asterisk/1.4.23-rc3
version/asterisk/1.4.30-rc3
version/asterisk/1.4.36
version/asterisk/1.4.0-beta3
version/asterisk/1.4.21
version/asterisk/1.6.2.16.2
version/asterisk/1.6.2.0-rc3
version/asterisk/1.6.2.0-rc2
version/asterisk/1.6.2.1
version/asterisk/1.6.2.0-rc4
version/asterisk/1.6.2.4
version/asterisk/1.6.2.6
version/asterisk/1.6.2.0-rc5
version/asterisk/1.6.2.0-rc7
version/asterisk/1.6.2.16-rc1
version/asterisk/1.6.2.17-rc1
version/asterisk/1.6.2.1-rc1
version/asterisk/1.6.2.16
version/asterisk/1.6.2.15-rc1
version/asterisk/1.6.2.17
version/asterisk/1.6.2.6-rc1
version/asterisk/1.6.2.17.1
version/asterisk/1.6.2.2
version/asterisk/1.6.2.0-rc8
version/asterisk/1.6.2.3-rc2
version/asterisk/1.6.2.17-rc3
version/asterisk/1.6.2.16.1
version/asterisk/1.6.2.0
version/asterisk/1.6.2.17-rc2
version/asterisk/1.6.2.5
version/asterisk/1.6.2.0-rc6
version/asterisk/1.6.2.6-rc2
version/asterisk/1.6.2.17.2
version/asterisk/1.8.3-rc3
version/asterisk/1.8.3
version/asterisk/1.8.2.4
version/asterisk/1.8.0-beta2
version/asterisk/1.8.3-rc1
version/asterisk/1.8.1
version/asterisk/1.8.1.2
version/asterisk/1.8.0-beta4
version/asterisk/1.8.0-rc5
version/asterisk/1.8.3.1
version/asterisk/1.8.0-beta3
version/asterisk/1.8.0-beta5
version/asterisk/1.8.3.2
version/asterisk/1.8.0-rc2
version/asterisk/1.8.3-rc2
version/asterisk/1.8.2.3
version/asterisk/1.8.2.1
version/asterisk/1.8.1-rc1
version/asterisk/1.8.0
version/asterisk/1.8.0-rc3
version/asterisk/1.8.1.1
version/asterisk/1.8.2
version/asterisk/1.8.2.2
version/asterisk/1.8.0-beta1
version/asterisk/1.8.0-rc4
version/asterisk/c.3.1.0
version/asterisk/c.1.8.1
version/asterisk/c.2.3
version/asterisk/c.3.6.2
version/asterisk/c.3.1.1
version/asterisk/c.3.2.2
version/asterisk/c.1.0-beta7
version/asterisk/c.1.8.0
version/asterisk/c.1.6.2
version/asterisk/c.3.0
version/asterisk/c.3.6.3
version/asterisk/c.3.2.3
version/asterisk/c.1.6.1
version/asterisk/c.1.0-beta8
version/asterisk/c.1.6
version/asterisk/c.3.3.2
version/asterisk/1.6.1.0-rc4
version/asterisk/1.6.1.8
version/asterisk/1.6.1.7-rc1
version/asterisk/1.6.1.5-rc1
version/asterisk/1.6.1.12
version/asterisk/1.6.1.0-rc5
version/asterisk/1.6.1.3-rc1
version/asterisk/1.6.1.15-rc2
version/asterisk/1.6.1.24
version/asterisk/1.6.1.18-rc1
version/asterisk/1.6.1.2
version/asterisk/1.6.1.19-rc2
version/asterisk/1.6.1.6
version/asterisk/1.6.1.5
version/asterisk/1.6.1.20-rc1
version/asterisk/1.6.1.0
version/asterisk/1.6.1.18-rc2
version/asterisk/1.6.1.14
version/asterisk/1.6.1.20-rc2
version/asterisk/1.6.1.10-rc2
version/asterisk/1.6.1.19
version/asterisk/1.6.1.12-rc1
version/asterisk/1.6.1.22
version/asterisk/1.6.1.11
version/asterisk/1.6.1.10-rc3
version/asterisk/1.6.1.20
version/asterisk/1.6.1.9
version/asterisk/1.6.1.19-rc3
version/asterisk/1.6.1.18
version/asterisk/1.6.1.17
version/asterisk/1.6.1.4
version/asterisk/1.6.1.10
version/asterisk/1.6.1.16
version/asterisk/1.6.1.7-rc2
version/asterisk/1.6.1.23
version/asterisk/1.6.1.0-rc2
version/asterisk/1.6.1.21
version/asterisk/1.6.1.0-rc3
version/asterisk/1.6.1.10-rc1
version/asterisk/1.6.1.19-rc1
version/asterisk/1.6.1.13
version/asterisk/1.6.1.13-rc1
version/asterisk/1.6.1.1

CVE-2011-1507

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-1507?

How do I fix CVE-2011-1507?

Which versions of Asterisk are affected by CVE-2011-1507?

What are the potential impacts of CVE-2011-1507?

Is there a workaround for CVE-2011-1507?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2011-1507?

How do I fix CVE-2011-1507?

Which versions of Asterisk are affected by CVE-2011-1507?

What are the potential impacts of CVE-2011-1507?

Is there a workaround for CVE-2011-1507?