Product Asterisk Summary Resource exhaustion in Asterisk Manager Interface Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions if manager interface is accessible Severity Moderate Exploits Known No Reported On March 1, 2011 Reported By Blake Cornell Posted On March 16, 2011 Last Updated On March 14, 2011 Advisory Contact Terry Wilson Rapidly opening manager connections, sending invalid data, and Description closing the connection can cause Asterisk to exhaust available CPU and memory resources. The manager interface is disabled by default. Resolution Failed writes to manager clients are flagged and the connection closed. Affected Versions Product Release Series Asterisk Open Source 1.6.1.x All versions Asterisk Open Source 1.6.2.x All versions Asterisk Open Source 1.8.x All versions Corrected In Product Release Asterisk Open Source 1.6.1.23, 1.6.2.17.1, 1.8.3.1 Patches URL Branch http://downloads.asterisk.org/pub/security/AST-2011-003-1.6.1.diff 1.6.1 http://downloads.asterisk.org/pub/security/AST-2011-003-1.6.2.diff 1.6.2 http://downloads.asterisk.org/pub/security/AST-2011-003-1.8.diff 1.8 Links Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2011-003.pdf and http://downloads.digium.com/pub/security/AST-2011-003.html Revision History Date Editor Revisions Made 2011-03-14 Terry Wilson Initial release