ID CVE-2014-2287 Type cve Reporter NVD Modified 2014-04-21T13:37:29
Description
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.
{"securityvulns": [{"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "description": "\r\n\r\n Asterisk Project Security Advisory - AST-2014-002\r\n\r\n Product Asterisk \r\n Summary Denial of Service Through File Descriptor Exhaustion \r\n with chan_sip Session-Timers \r\n Nature of Advisory Denial of Service \r\n Susceptibility Remote Authenticated or Anonymous Sessions \r\n Severity Moderate \r\n Exploits Known No \r\n Reported On 2014/02/25 \r\n Reported By Corey Farrell \r\n Posted On March 10, 2014 \r\n Last Updated On March 10, 2014 \r\n Advisory Contact Kinsey Moore <kmoore AT digium DOT com> \r\n CVE Name CVE-2014-2287 \r\n\r\n Description An attacker can use all available file descriptors using \r\n SIP INVITE requests. \r\n \r\n Knowledge required to achieve the attack: \r\n \r\n * Valid account credentials or anonymous dial in \r\n \r\n * A valid extension that can be dialed from the SIP account \r\n \r\n Trigger conditions: \r\n \r\n * chan_sip configured with "session-timers" set to \r\n "originate" or "accept" \r\n \r\n ** The INVITE request must contain either a Session-Expires \r\n or a Min-SE header with malformed values or values \r\n disallowed by the system's configuration. \r\n \r\n * chan_sip configured with "session-timers" set to "refuse" \r\n \r\n ** The INVITE request must offer "timer" in the "Supported" \r\n header \r\n \r\n Asterisk will respond with code 400, 420, or 422 for \r\n INVITEs meeting this criteria. Each INVITE meeting these \r\n conditions will leak a channel and several file \r\n descriptors. The file descriptors cannot be released \r\n without restarting Asterisk which may allow intrusion \r\n detection systems to be bypassed by sending the requests \r\n slowly. \r\n\r\n Resolution Upgrade to a version with the patch integrated or apply the \r\n appropriate patch. \r\n\r\n Affected Versions\r\n Product Release Series \r\n Asterisk Open Source 1.8.x All \r\n Asterisk Open Source 11.x All \r\n Asterisk Open Source 12.x All \r\n Certified Asterisk 1.8.15 All \r\n Certified Asterisk 11.6 All \r\n\r\n Corrected In \r\n Product Release \r\n Asterisk Open Source 1.8.x 1.8.26.1 \r\n Asterisk Open Source 11.x 11.8.1 \r\n Asterisk Open Source 12.x 12.1.1 \r\n Certified Asterisk 1.8.15 1.8.15-cert5 \r\n Certified Asterisk 11.6 11.6-cert2 \r\n\r\n Patches \r\n SVN URL Revision \r\n http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff Asterisk \r\n 1.8 \r\n http://downloads.asterisk.org/pub/security/AST-2014-002-11.diff Asterisk \r\n 11 \r\n http://downloads.asterisk.org/pub/security/AST-2014-002-12.diff Asterisk \r\n 12 \r\n http://downloads.asterisk.org/pub/security/AST-2014-002-11.6.diff Asterisk \r\n 11.6 \r\n Certified \r\n http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.15.diff Asterisk \r\n 1.8.15 \r\n Certified \r\n\r\n Links https://issues.asterisk.org/jira/browse/ASTERISK-23373 \r\n\r\n Asterisk Project Security Advisories are posted at \r\n http://www.asterisk.org/security \r\n \r\n This document may be superseded by later versions; if so, the latest \r\n version will be posted at \r\n http://downloads.digium.com/pub/security/AST-2014-002.pdf and \r\n http://downloads.digium.com/pub/security/AST-2014-002.html \r\n\r\n Revision History\r\n Date Editor Revisions Made \r\n 2014/03/04 Kinsey Moore Document Creation \r\n 2014/03/06 Kinsey Moore Corrections and Wording Clarification \r\n 2014/03/10 Kinsey Moore Added missing patch links \r\n\r\n Asterisk Project Security Advisory - AST-2014-002\r\n Copyright (c) 2014 Digium, Inc. All Rights Reserved.\r\n Permission is hereby granted to distribute and publish this advisory in its\r\n original, unaltered form.\r\n", "modified": "2014-03-13T00:00:00", "published": "2014-03-13T00:00:00", "id": "SECURITYVULNS:DOC:30354", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30354", "title": "AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers", "type": "securityvulns", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "description": "Buffer overflow, DoS.", "modified": "2014-03-13T00:00:00", "published": "2014-03-13T00:00:00", "id": "SECURITYVULNS:VULN:13599", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13599", "title": "Asterisk multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:49:47", "bulletinFamily": "unix", "description": "Package : asterisk\nVersion : 1:1.8.13.1~dfsg1-3+deb7u6\nCVE ID : CVE-2014-2287\n\nBrad Barnett found that the recent security update of Asterisk could\ncause immediate SIP termination due to an incomplete fix for\nCVE-2014-2287.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1:1.8.13.1~dfsg1-3+deb7u6.\n\nWe recommend that you upgrade your asterisk packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2017-01-27T12:19:38", "published": "2017-01-27T12:19:38", "id": "DEBIAN:DLA-781-2:535E8", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201701/msg00039.html", "title": "[SECURITY] [DLA 781-2] asterisk regression update", "type": "debian", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:48:46", "bulletinFamily": "unix", "description": "Package : asterisk\nVersion : 1:1.8.13.1~dfsg1-3+deb7u5\nCVE ID : CVE-2014-2287 CVE-2016-7551\nDebian Bug : 838832 741313\n\nTwo security vulnerabilities were discovered in Asterisk, an Open\nSource PBX and telephony toolkit.\n\nCVE-2014-2287\n\n channels/chan_sip.c in Asterisk when chan_sip has a certain\n configuration, allows remote authenticated users to cause a denial\n of service (channel and file descriptor consumption) via an INVITE\n request with a (1) Session-Expires or (2) Min-SE header with a\n malformed or invalid value.\n\nCVE-2016-7551\n\n The overlap dialing feature in chan_sip allows chan_sip to report\n to a device that the number that has been dialed is incomplete and\n more digits are required. If this functionality is used with a\n device that has performed username/password authentication RTP\n resources are leaked. This occurs because the code fails to release\n the old RTP resources before allocating new ones in this scenario.\n If all resources are used then RTP port exhaustion will occur and\n no RTP sessions are able to be set up.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1:1.8.13.1~dfsg1-3+deb7u5.\n\nWe recommend that you upgrade your asterisk packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2017-01-13T00:32:46", "published": "2017-01-13T00:32:46", "id": "DEBIAN:DLA-781-1:85351", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201701/msg00013.html", "title": "[SECURITY] [DLA 781-1] asterisk security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:29:03", "bulletinFamily": "scanner", "description": "Brad Barnett found that the recent security update of Asterisk could cause immediate SIP termination due to an incomplete fix for CVE-2014-2287.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1:1.8.13.1~dfsg1-3+deb7u6.\n\nWe recommend that you upgrade your asterisk packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-09T00:00:00", "id": "DEBIAN_DLA-781.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96459", "published": "2017-01-13T00:00:00", "title": "Debian DLA-781-2 : asterisk regression update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-781-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96459);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/07/09 14:30:26\");\n\n script_cve_id(\"CVE-2014-2287\");\n script_bugtraq_id(66094);\n\n script_name(english:\"Debian DLA-781-2 : asterisk regression update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Brad Barnett found that the recent security update of Asterisk could\ncause immediate SIP termination due to an incomplete fix for\nCVE-2014-2287.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1:1.8.13.1~dfsg1-3+deb7u6.\n\nWe recommend that you upgrade your asterisk packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/01/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/asterisk\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-dahdi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-mobile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-mp3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-ooh323\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-voicemail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-voicemail-imapstorage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-voicemail-odbcstorage\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"asterisk\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-config\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-dahdi\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-dbg\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-dev\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-doc\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-mobile\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-modules\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-mp3\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-mysql\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-ooh323\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-voicemail\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-voicemail-imapstorage\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-voicemail-odbcstorage\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:55", "bulletinFamily": "scanner", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. \n\nA denial of service flaw exists with the SIP INVITE request handling. It is possible for a remote attacker to use all available file descriptors using SIP INVITE requests. These file descriptors cannot be released without restarting Asterisk, which could allow an attacker to bypass intrusion detection systems. \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "modified": "2018-11-15T00:00:00", "id": "ASTERISK_AST_2014_002.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73020", "published": "2014-03-14T00:00:00", "title": "Asterisk SIP File Descriptor Exhaustion with chan_sip Session-Timers DoS (AST-2014-002)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73020);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2014-2287\");\n script_bugtraq_id(66094);\n\n script_name(english:\"Asterisk SIP File Descriptor Exhaustion with chan_sip Session-Timers DoS (AST-2014-002)\");\n script_summary(english:\"Checks version in SIP banner\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by a\ndenial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version in its SIP banner, the version of Asterisk\nrunning on the remote host is potentially affected by a denial of\nservice vulnerability. \n\nA denial of service flaw exists with the SIP INVITE request handling. \nIt is possible for a remote attacker to use all available file\ndescriptors using SIP INVITE requests. These file descriptors cannot be\nreleased without restarting Asterisk, which could allow an attacker to\nbypass intrusion detection systems. \n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk 1.8.26.1 / 11.8.1 / 12.1.1 / Certified Asterisk\n1.8.15-cert5 / 11.6-cert2, or apply the appropriate patch listed in\nthe Asterisk advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n # https://www.asterisk.org/downloads/asterisk-news/security-release-asterisk-1815-cert5-18261-116-cert2-1181-1211-now-available\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9933e282\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2014-002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-23373\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/14\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\n# see if we were able to get version info from the Asterisk SIP services\nasterisk_kbs = get_kb_list(\"sip/asterisk/*/version\");\nif (isnull(asterisk_kbs)) exit(1, \"Could not obtain any version information from the Asterisk SIP instance(s).\");\n\n# Prevent potential false positives.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from '\"+kb_name+\"'.\");\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port + \".\");\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing; log error\n # and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing.\");\n banner = 'unknown';\n }\n\n # Open Source 1.8.x < 1.8.26.1\n if (version =~ \"^1\\.8([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"1.8.26.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 11.x < 11.8.1\n if (version =~ \"^11([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"11.8.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");;\n }\n\n # Open Source 12.x < 12.1.1\n if (version =~ \"^12([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"12.1.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");;\n }\n\n # Asterisk Certified 1.8.15-certx < 1.8.15-cert5\n if (version =~ \"^1\\.8\\.15([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"1.8.15-cert5\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Asterisk Certified 11.6-certx < 11.6-cert2\n if (version =~ \"^11\\.6([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"11.6-cert2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n if (vulnerable < 0)\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed + '\\n';\n security_warning(port:port, proto:proto, extra:report);\n }\n else security_warning(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln)\n exit(0);\n else\n audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk \" + not_vuln_installs[0]);\n else exit(0, \"The Asterisk installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:04", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been discovered and corrected in asterisk :\n\nSending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request (CVE-2014-2286).\n\nAn attacker can use all available file descriptors using SIP INVITE requests. Asterisk will respond with code 400, 420, or 422 for INVITEs meeting this criteria. Each INVITE meeting these conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly (CVE-2014-2287).\n\nThe updated packages has been upgraded to the 11.8.1 version which is not vulnerable to these issues.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2014-078.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73582", "published": "2014-04-17T00:00:00", "title": "Mandriva Linux Security Advisory : asterisk (MDVSA-2014:078)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:078. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73582);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\");\n script_bugtraq_id(66093, 66094);\n script_xref(name:\"MDVSA\", value:\"2014:078\");\n\n script_name(english:\"Mandriva Linux Security Advisory : asterisk (MDVSA-2014:078)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in \nasterisk :\n\nSending a HTTP request that is handled by Asterisk with a large number\nof Cookie headers could overflow the stack. You could even exhaust\nmemory if you sent an unlimited number of headers in the request\n(CVE-2014-2286).\n\nAn attacker can use all available file descriptors using SIP INVITE\nrequests. Asterisk will respond with code 400, 420, or 422 for INVITEs\nmeeting this criteria. Each INVITE meeting these conditions will leak\na channel and several file descriptors. The file descriptors cannot be\nreleased without restarting Asterisk which may allow intrusion\ndetection systems to be bypassed by sending the requests slowly\n(CVE-2014-2287).\n\nThe updated packages has been upgraded to the 11.8.1 version which is\nnot vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-002.html\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.8.1-summary.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?14c01017\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-cel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-corosync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-dahdi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-fax\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-festival\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ices\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-jabber\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-minivm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mobile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mp3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ooh323\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-osp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-oss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-pktccops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-portaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-saycountpl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-skinny\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-speex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-tds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-unistim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-plain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64asteriskssl1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-addons-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-devel-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-firmware-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-gui-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-alsa-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-calendar-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-cel-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-corosync-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-curl-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-dahdi-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-fax-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-festival-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ices-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-jabber-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-jack-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ldap-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-lua-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-minivm-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mobile-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mp3-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mysql-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ooh323-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-osp-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-oss-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-pgsql-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-pktccops-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-portaudio-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-radius-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-saycountpl-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-skinny-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-snmp-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-speex-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-sqlite-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-tds-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-unistim-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-imap-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-plain-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64asteriskssl1-11.8.1-1.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:54", "bulletinFamily": "scanner", "description": "The Asterisk project reports :\n\nStack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request.\n\nDenial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers. An attacker can use all available file descriptors using SIP INVITE requests. Asterisk will respond with code 400, 420, or 422 for INVITEs meeting this criteria. Each INVITE meeting these conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly.\n\nRemote Crash Vulnerability in PJSIP channel driver. A remotely exploitable crash vulnerability exists in the PJSIP channel driver if the 'qualify_frequency' configuration option is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request. The response handling code wrongly assumes that a PJSIP endpoint will always be associated with an outgoing request which is incorrect.", "modified": "2018-12-19T00:00:00", "id": "FREEBSD_PKG_03159886A8A311E38F360025905A4771.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72953", "published": "2014-03-12T00:00:00", "title": "FreeBSD : asterisk -- multiple vulnerabilities (03159886-a8a3-11e3-8f36-0025905a4771)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72953);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\", \"CVE-2014-2288\");\n\n script_name(english:\"FreeBSD : asterisk -- multiple vulnerabilities (03159886-a8a3-11e3-8f36-0025905a4771)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk project reports :\n\nStack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP\nrequest that is handled by Asterisk with a large number of Cookie\nheaders could overflow the stack. You could even exhaust memory if you\nsent an unlimited number of headers in the request.\n\nDenial of Service Through File Descriptor Exhaustion with chan_sip\nSession-Timers. An attacker can use all available file descriptors\nusing SIP INVITE requests. Asterisk will respond with code 400, 420,\nor 422 for INVITEs meeting this criteria. Each INVITE meeting these\nconditions will leak a channel and several file descriptors. The file\ndescriptors cannot be released without restarting Asterisk which may\nallow intrusion detection systems to be bypassed by sending the\nrequests slowly.\n\nRemote Crash Vulnerability in PJSIP channel driver. A remotely\nexploitable crash vulnerability exists in the PJSIP channel driver if\nthe 'qualify_frequency' configuration option is enabled on an AOR and\nthe remote SIP server challenges for authentication of the resulting\nOPTIONS request. The response handling code wrongly assumes that a\nPJSIP endpoint will always be associated with an outgoing request\nwhich is incorrect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-001.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-002.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-003.pdf\"\n );\n # https://www.asterisk.org/security\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.asterisk.org/downloads/security-advisories\"\n );\n # https://vuxml.freebsd.org/freebsd/03159886-a8a3-11e3-8f36-0025905a4771.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43eb0eef\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk18\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"asterisk11<11.8.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk18<1.8.26.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:58", "bulletinFamily": "scanner", "description": "The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security releases are released as versions 1.8.15-cert5, 11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.\n\nThese releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - AST-2014-001: Stack overflow in HTTP processing of Cookie headers.\n\n Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack.\n\n Another vulnerability along similar lines is any HTTP request with a ridiculous number of headers in the request could exhaust system memory.\n\n - AST-2014-002: chan_sip: Exit early on bad session timers request\n\n This change allows chan_sip to avoid creation of the channel and consumption of associated file descriptors altogether if the inbound request is going to be rejected anyway.\n\nAdditionally, the release of 12.1.1 resolves the following issue :\n\n - AST-2014-003: res_pjsip: When handling 401/407 responses don't assume a request will have an endpoint.\n\n This change removes the assumption that an outgoing request will always have an endpoint and makes the authenticate_qualify option work once again.\n\nFinally, a security advisory, AST-2014-004, was released for a vulnerability fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are encouraged to upgrade to 12.1.1 to resolve both vulnerabilities.\n\nThese issues and their resolutions are described in the security advisories.\n\nFor more information about the details of these vulnerabilities, please read security advisories AST-2014-001, AST-2014-002, AST-2014-003, and AST-2014-004, which were released at the same time as this announcement.\n\nFor a full list of changes in the current releases, please see the ChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-1.8.15-cert5 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8.26.1 http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-11.6-cert2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-11.8.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-12.1.1\n\nThe security advisories are available at :\n\n - http://downloads.asterisk.org/pub/security/AST-2014-001.\n pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 2.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 3.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 4.pdf The Asterisk Development Team has announced the release of Asterisk 11.8.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 11.8.0 resolves several issues reported by the community and would have not been possible without your participation.\nThank you!\n\nThe following are the issues resolved in this release :\n\nBugs fixed in this release :\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-24T00:00:00", "id": "FEDORA_2014-3762.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73141", "published": "2014-03-22T00:00:00", "title": "Fedora 20 : asterisk-11.8.1-1.fc20 (2014-3762)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3762.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73141);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\", \"CVE-2014-2288\", \"CVE-2014-2289\");\n script_bugtraq_id(66093, 66094);\n script_xref(name:\"FEDORA\", value:\"2014-3762\");\n\n script_name(english:\"Fedora 20 : asterisk-11.8.1-1.fc20 (2014-3762)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk Development Team has announced security releases for\nCertified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The\navailable security releases are released as versions 1.8.15-cert5,\n11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.\n\nThese releases are available for immediate download at\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - AST-2014-001: Stack overflow in HTTP processing of\n Cookie headers.\n\n Sending a HTTP request that is handled by Asterisk with\n a large number of Cookie headers could overflow the\n stack.\n\n Another vulnerability along similar lines is any HTTP\n request with a ridiculous number of headers in the\n request could exhaust system memory.\n\n - AST-2014-002: chan_sip: Exit early on bad session timers\n request\n\n This change allows chan_sip to avoid creation of the\n channel and consumption of associated file descriptors\n altogether if the inbound request is going to be\n rejected anyway.\n\nAdditionally, the release of 12.1.1 resolves the following issue :\n\n - AST-2014-003: res_pjsip: When handling 401/407 responses\n don't assume a request will have an endpoint.\n\n This change removes the assumption that an outgoing\n request will always have an endpoint and makes the\n authenticate_qualify option work once again.\n\nFinally, a security advisory, AST-2014-004, was released for a\nvulnerability fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are\nencouraged to upgrade to 12.1.1 to resolve both vulnerabilities.\n\nThese issues and their resolutions are described in the security\nadvisories.\n\nFor more information about the details of these vulnerabilities,\nplease read security advisories AST-2014-001, AST-2014-002,\nAST-2014-003, and AST-2014-004, which were released at the same time\nas this announcement.\n\nFor a full list of changes in the current releases, please see the\nChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release\ns/ChangeLog-1.8.15-cert5\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-1.8.26.1\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release\ns/ChangeLog-11.6-cert2\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-11.8.1\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-12.1.1\n\nThe security advisories are available at :\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-001.\n pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 2.pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 3.pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 4.pdf The Asterisk Development Team has announced the\n release of Asterisk 11.8.0. This release is available\n for immediate download at\n http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 11.8.0 resolves several issues reported by the\ncommunity and would have not been possible without your participation.\nThank you!\n\nThe following are the issues resolved in this release :\n\nBugs fixed in this release :\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-001.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-002.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-003.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-004.pdf\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/releases/\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.26.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68336dff\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.8.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cbb290c2\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.1.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a9e33d8\"\n );\n # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d221303\"\n );\n # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd1dec6c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1074825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1074827\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?52b913c8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"asterisk-11.8.1-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:58", "bulletinFamily": "scanner", "description": "The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security releases are released as versions 1.8.15-cert5, 11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.\n\nThese releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - AST-2014-001: Stack overflow in HTTP processing of Cookie headers.\n\n Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack.\n\n Another vulnerability along similar lines is any HTTP request with a ridiculous number of headers in the request could exhaust system memory.\n\n - AST-2014-002: chan_sip: Exit early on bad session timers request\n\n This change allows chan_sip to avoid creation of the channel and consumption of associated file descriptors altogether if the inbound request is going to be rejected anyway.\n\nAdditionally, the release of 12.1.1 resolves the following issue :\n\n - AST-2014-003: res_pjsip: When handling 401/407 responses don't assume a request will have an endpoint.\n\n This change removes the assumption that an outgoing request will always have an endpoint and makes the authenticate_qualify option work once again.\n\nFinally, a security advisory, AST-2014-004, was released for a vulnerability fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are encouraged to upgrade to 12.1.1 to resolve both vulnerabilities.\n\nThese issues and their resolutions are described in the security advisories.\n\nFor more information about the details of these vulnerabilities, please read security advisories AST-2014-001, AST-2014-002, AST-2014-003, and AST-2014-004, which were released at the same time as this announcement.\n\nFor a full list of changes in the current releases, please see the ChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-1.8.15-cert5 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8.26.1 http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-11.6-cert2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-11.8.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-12.1.1\n\nThe security advisories are available at :\n\n - http://downloads.asterisk.org/pub/security/AST-2014-001.\n pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 2.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 3.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 4.pdf The Asterisk Development Team has announced the release of Asterisk 11.8.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 11.8.0 resolves several issues reported by the community and would have not been possible without your participation.\nThank you!\n\nThe following are the issues resolved in this release :\n\nBugs fixed in this release :\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-24T00:00:00", "id": "FEDORA_2014-3779.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73142", "published": "2014-03-22T00:00:00", "title": "Fedora 19 : asterisk-11.8.1-1.fc19 (2014-3779)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3779.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73142);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\", \"CVE-2014-2288\", \"CVE-2014-2289\");\n script_bugtraq_id(66093, 66094);\n script_xref(name:\"FEDORA\", value:\"2014-3779\");\n\n script_name(english:\"Fedora 19 : asterisk-11.8.1-1.fc19 (2014-3779)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk Development Team has announced security releases for\nCertified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The\navailable security releases are released as versions 1.8.15-cert5,\n11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.\n\nThese releases are available for immediate download at\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - AST-2014-001: Stack overflow in HTTP processing of\n Cookie headers.\n\n Sending a HTTP request that is handled by Asterisk with\n a large number of Cookie headers could overflow the\n stack.\n\n Another vulnerability along similar lines is any HTTP\n request with a ridiculous number of headers in the\n request could exhaust system memory.\n\n - AST-2014-002: chan_sip: Exit early on bad session timers\n request\n\n This change allows chan_sip to avoid creation of the\n channel and consumption of associated file descriptors\n altogether if the inbound request is going to be\n rejected anyway.\n\nAdditionally, the release of 12.1.1 resolves the following issue :\n\n - AST-2014-003: res_pjsip: When handling 401/407 responses\n don't assume a request will have an endpoint.\n\n This change removes the assumption that an outgoing\n request will always have an endpoint and makes the\n authenticate_qualify option work once again.\n\nFinally, a security advisory, AST-2014-004, was released for a\nvulnerability fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are\nencouraged to upgrade to 12.1.1 to resolve both vulnerabilities.\n\nThese issues and their resolutions are described in the security\nadvisories.\n\nFor more information about the details of these vulnerabilities,\nplease read security advisories AST-2014-001, AST-2014-002,\nAST-2014-003, and AST-2014-004, which were released at the same time\nas this announcement.\n\nFor a full list of changes in the current releases, please see the\nChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release\ns/ChangeLog-1.8.15-cert5\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-1.8.26.1\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release\ns/ChangeLog-11.6-cert2\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-11.8.1\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-12.1.1\n\nThe security advisories are available at :\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-001.\n pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 2.pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 3.pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 4.pdf The Asterisk Development Team has announced the\n release of Asterisk 11.8.0. This release is available\n for immediate download at\n http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 11.8.0 resolves several issues reported by the\ncommunity and would have not been possible without your participation.\nThank you!\n\nThe following are the issues resolved in this release :\n\nBugs fixed in this release :\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-001.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-002.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-003.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-004.pdf\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/releases/\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.26.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68336dff\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.8.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cbb290c2\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.1.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a9e33d8\"\n );\n # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d221303\"\n );\n # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd1dec6c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1074825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1074827\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7456a7c2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"asterisk-11.8.1-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:08", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201405-05 (Asterisk: Denial of Service)\n\n Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details.\n Impact :\n\n A remote attacker could possibly cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-07-12T00:00:00", "id": "GENTOO_GLSA-201405-05.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73861", "published": "2014-05-05T00:00:00", "title": "GLSA-201405-05 : Asterisk: Denial of Service", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201405-05.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73861);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\", \"CVE-2014-2288\", \"CVE-2014-2289\");\n script_bugtraq_id(66093, 66094, 66096, 66104);\n script_xref(name:\"GLSA\", value:\"201405-05\");\n\n script_name(english:\"GLSA-201405-05 : Asterisk: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201405-05\n(Asterisk: Denial of Service)\n\n Multiple vulnerabilities have been discovered in Asterisk. Please review\n the CVE identifiers and Asterisk Project Security Advisories referenced\n below for details.\n \nImpact :\n\n A remote attacker could possibly cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://downloads.asterisk.org/pub/security/AST-2014-001.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://downloads.asterisk.org/pub/security/AST-2014-002.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://downloads.asterisk.org/pub/security/AST-2014-003.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://downloads.asterisk.org/pub/security/AST-2014-004.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201405-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Asterisk 11.* users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/asterisk-11.8.1'\n All Asterisk 1.8.* users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.8.26.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/asterisk\", unaffected:make_list(\"ge 11.8.1\", \"rge 1.8.26.1\"), vulnerable:make_list(\"lt 11.8.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Asterisk\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T17:31:02", "bulletinFamily": "exploit", "description": "CVE ID:CVE-2014-2287\r\n\r\nAsterisk\u662f\u4e00\u6b3e\u5b9e\u73b0\u7535\u8bdd\u7528\u6237\u4ea4\u6362\u673a\uff08PBX\uff09\u529f\u80fd\u7684\u81ea\u7531\u8f6f\u4ef6\u3001\u5f00\u6e90\u8f6f\u4ef6\u3002\r\n\r\nAsterisk\u5904\u7406\u7279\u5236\u7684SIP INVITE\u8bf7\u6c42\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u7531\u4e8e\u6ca1\u6709\u6b63\u786e\u91ca\u653e\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u6076\u610f\u8bf7\u6c42\u6d88\u8017\u5b8c\u6240\u6709\u53ef\u7528\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\n0\nAsterisk Open Source 1.8.26.0\r\nAsterisk Open Source 11.8.0\r\nAsterisk Open Source 12.1.0\r\nCertified Asterisk 1.8.15-cert4\r\nCertified Asterisk 11.6-cert1\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nAsterisk\r\n-----\r\nAsterisk Open Source 1.8.26.1, 11.8.1, 12.1.1\u548cCertified Asterisk1.8.15-cert4\uff0c11.6-cert1\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.asterisk.org/", "modified": "2014-03-13T00:00:00", "published": "2014-03-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61784", "id": "SSV:61784", "title": "Asterisk SIP INVITE\u8bf7\u6c42\u5904\u7406\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}], "openvas": [{"lastseen": "2017-07-25T10:48:18", "bulletinFamily": "scanner", "description": "Check for the Version of asterisk", "modified": "2017-07-10T00:00:00", "published": "2014-03-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867628", "id": "OPENVAS:867628", "title": "Fedora Update for asterisk FEDORA-2014-3762", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2014-3762\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867628);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-25 10:19:01 +0530 (Tue, 25 Mar 2014)\");\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2014-3762\");\n\n tag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\nall of the features you would expect from a PBX and more. Asterisk\ndoes voice over IP in three protocols, and can interoperate with\nalmost all standards-based telephony equipment using relatively\ninexpensive hardware.\n\";\n\n tag_affected = \"asterisk on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-3762\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html\");\n script_summary(\"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.8.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:34", "bulletinFamily": "scanner", "description": "Check for the Version of asterisk", "modified": "2017-07-10T00:00:00", "published": "2014-03-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867624", "id": "OPENVAS:867624", "title": "Fedora Update for asterisk FEDORA-2014-3779", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2014-3779\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867624);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-25 10:18:48 +0530 (Tue, 25 Mar 2014)\");\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2014-3779\");\n\n tag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\nall of the features you would expect from a PBX and more. Asterisk\ndoes voice over IP in three protocols, and can interoperate with\nalmost all standards-based telephony equipment using relatively\ninexpensive hardware.\n\";\n\n tag_affected = \"asterisk on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-3779\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html\");\n script_summary(\"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.8.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:09", "bulletinFamily": "scanner", "description": "Check for the Version of asterisk", "modified": "2018-04-06T00:00:00", "published": "2014-03-25T00:00:00", "id": "OPENVAS:1361412562310867624", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867624", "title": "Fedora Update for asterisk FEDORA-2014-3779", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2014-3779\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867624\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-25 10:18:48 +0530 (Tue, 25 Mar 2014)\");\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2014-3779\");\n\n tag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\nall of the features you would expect from a PBX and more. Asterisk\ndoes voice over IP in three protocols, and can interoperate with\nalmost all standards-based telephony equipment using relatively\ninexpensive hardware.\n\";\n\n tag_affected = \"asterisk on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-3779\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.8.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:28", "bulletinFamily": "scanner", "description": "Check for the Version of asterisk", "modified": "2018-04-06T00:00:00", "published": "2014-03-25T00:00:00", "id": "OPENVAS:1361412562310867628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867628", "title": "Fedora Update for asterisk FEDORA-2014-3762", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2014-3762\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867628\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-25 10:19:01 +0530 (Tue, 25 Mar 2014)\");\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2014-3762\");\n\n tag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\nall of the features you would expect from a PBX and more. Asterisk\ndoes voice over IP in three protocols, and can interoperate with\nalmost all standards-based telephony equipment using relatively\ninexpensive hardware.\n\";\n\n tag_affected = \"asterisk on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-3762\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.8.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-29T12:38:56", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201405-05", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121180", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121180", "title": "Gentoo Security Advisory GLSA 201405-05", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201405-05.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121180\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:07 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201405-05\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201405-05\");\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\", \"CVE-2014-2288\", \"CVE-2014-2289\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201405-05\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-misc/asterisk\", unaffected: make_list(\"ge 11.8.1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/asterisk\", unaffected: make_list(\"ge 1.8.26.1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/asterisk\", unaffected: make_list(), vulnerable: make_list(\"lt 11.8.1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:51", "bulletinFamily": "unix", "description": "\nThe Asterisk project reports:\n\nStack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP\n\t request that is handled by Asterisk with a large number of Cookie\n\t headers could overflow the stack. You could even exhaust memory if you\n\t sent an unlimited number of headers in the request.\nDenial of Service Through File Descriptor Exhaustion with chan_sip\n\t Session-Timers. An attacker can use all available file descriptors\n\t using SIP INVITE requests. Asterisk will respond with code 400, 420,\n\t or 422 for INVITEs meeting this criteria.\n\t Each INVITE meeting these conditions will leak a channel and several\n\t file descriptors. The file descriptors cannot be released without\n\t restarting Asterisk which may allow intrusion detection systems to be\n\t bypassed by sending the requests slowly.\nRemote Crash Vulnerability in PJSIP channel driver. A remotely\n\t exploitable crash vulnerability exists in the PJSIP channel driver if\n\t the \"qualify_frequency\" configuration option is enabled on an AOR and\n\t the remote SIP server challenges for authentication of the resulting\n\t OPTIONS request. The response handling code wrongly assumes that a\n\t PJSIP endpoint will always be associated with an outgoing request which\n\t is incorrect.\n\n", "modified": "2014-03-10T00:00:00", "published": "2014-03-10T00:00:00", "id": "03159886-A8A3-11E3-8F36-0025905A4771", "href": "https://vuxml.freebsd.org/freebsd/03159886-a8a3-11e3-8f36-0025905a4771.html", "title": "asterisk -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:54", "bulletinFamily": "unix", "description": "### Background\n\nAsterisk is an open source telephony engine and toolkit.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details. \n\n### Impact\n\nA remote attacker could possibly cause a Denial of Service condition.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Asterisk 11.* users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/asterisk-11.8.1\"\n \n\nAll Asterisk 1.8.* users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/asterisk-1.8.26.1\"", "modified": "2014-05-03T00:00:00", "published": "2014-05-03T00:00:00", "id": "GLSA-201405-05", "href": "https://security.gentoo.org/glsa/201405-05", "type": "gentoo", "title": "Asterisk: Denial of Service", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
