Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-0495

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.

Published

2011-01-20T19:00:08.600

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

6.4

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	digium	asterisk	< c.3.6.2	Yes
Application	digium	asterisk	≤ 1.2.40	Yes
Application	digium	asterisk	< 1.4.38.1	Yes
Application	digium	asterisk	< 1.4.39.1	Yes
Application	digium	asterisk	< 1.6.1.21	Yes
Application	digium	asterisk	< 1.6.2.15.1	Yes
Application	digium	asterisk	< 1.6.2.16.1	Yes
Application	digium	asterisk	< 1.8.1.2	Yes
Application	digium	asterisk	< 1.8.2.2	Yes
Application	digium	asterisknow	1.5	Yes
Operating System	fedoraproject	fedora	13	Yes
Operating System	fedoraproject	fedora	14	Yes
Operating System	debian	debian_linux	6.0	Yes
Operating System	digium	s800i_firmware	1.2.0	Yes
Hardware	digium	s800i	-	No

References

http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff Patch, Vendor Advisory ([email protected])
http://downloads.asterisk.org/pub/security/AST-2011-001.html Vendor Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html Third Party Advisory ([email protected])
http://osvdb.org/70518 Broken Link ([email protected])
http://secunia.com/advisories/42935 Third Party Advisory ([email protected])
http://secunia.com/advisories/43119 Third Party Advisory ([email protected])
http://secunia.com/advisories/43373 Third Party Advisory ([email protected])
http://www.debian.org/security/2011/dsa-2171 Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/515781/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/45839 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2011/0159 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2011/0281 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2011/0449 Permissions Required ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/64831 Third Party Advisory, VDB Entry ([email protected])
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://downloads.asterisk.org/pub/security/AST-2011-001.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/70518 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42935 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43119 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43373 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2011/dsa-2171 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/515781/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/45839 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0159 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0281 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0449 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64831 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)