Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-3964-1:27F1C
HistorySep 04, 2017 - 9:32 p.m.

[SECURITY] [DSA 3964-1] asterisk security update

2017-09-0421:32:18
lists.debian.org
11

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.961 High

EPSS

Percentile

99.5%

JSON

Debian Security Advisory DSA-3964-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
September 04, 2017 https://www.debian.org/security/faq

Package : asterisk
CVE ID : CVE-2017-14099 CVE-2017-14100

Multiple vulnerabilities have been discovered in Asterisk, an open source
PBX and telephony toolkit, which may result in disclosure of RTP
connections or the execution of arbitrary shell commands.

For additional information please refer to the upstream advisories:
http://downloads.asterisk.org/pub/security/AST-2017-005.html
http://downloads.asterisk.org/pub/security/AST-2017-006.html

For the oldstable distribution (jessie), these problems have been fixed
in version 1:11.13.1~dfsg-2+deb8u3.

For the stable distribution (stretch), these problems have been fixed in
version 1:13.14.1~dfsg-2+deb9u1.

We recommend that you upgrade your asterisk packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9mipselasterisk-mobile-dbgsym< 1:13.14.1~dfsg-2+deb9u1asterisk-mobile-dbgsym_1:13.14.1~dfsg-2+deb9u1_mipsel.deb
Debian9amd64asterisk-mysql-dbgsym< 1:13.14.1~dfsg-2+deb9u1asterisk-mysql-dbgsym_1:13.14.1~dfsg-2+deb9u1_amd64.deb
Debian8armhfasterisk-dahdi< 1:11.13.1~dfsg-2+deb8u3asterisk-dahdi_1:11.13.1~dfsg-2+deb8u3_armhf.deb
Debian8mipselasterisk-vpb< 1:11.13.1~dfsg-2+deb8u3asterisk-vpb_1:11.13.1~dfsg-2+deb8u3_mipsel.deb
Debian8kfreebsd-i386asterisk< 1:11.13.1~dfsg-2+deb8u3asterisk_1:11.13.1~dfsg-2+deb8u3_kfreebsd-i386.deb
Debian9i386asterisk< 1:13.14.1~dfsg-2+deb9u1asterisk_1:13.14.1~dfsg-2+deb9u1_i386.deb
Debian9mipsasterisk-ooh323< 1:13.14.1~dfsg-2+deb9u1asterisk-ooh323_1:13.14.1~dfsg-2+deb9u1_mips.deb
Debian8kfreebsd-i386asterisk-mysql< 1:11.13.1~dfsg-2+deb8u3asterisk-mysql_1:11.13.1~dfsg-2+deb8u3_kfreebsd-i386.deb
Debian8amd64asterisk-dbg< 1:11.13.1~dfsg-2+deb8u3asterisk-dbg_1:11.13.1~dfsg-2+deb8u3_amd64.deb
Debian8armelasterisk-mobile< 1:11.13.1~dfsg-2+deb8u3asterisk-mobile_1:11.13.1~dfsg-2+deb8u3_armel.deb
Rows per page:
1-10 of 4141

Related

freebsd 2
openvas 4
nessus 7
osv 4
gentoo 1
cve 2
debian 1
checkpoint_advisories 2
nvd 2
cvelist 2
debiancve 2
prion 2
ubuntucve 2
freebsd
freebsd
asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm
2017-08-31 00:00:00
asterisk -- RTP/RTCP information leak
2017-09-01 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3964-1)
2017-09-03 00:00:00
Asterisk Multiple Vulnerabilities (Aug 2017)
2017-09-01 00:00:00
Debian: Security Advisory (DLA-1122-1)
2018-02-06 00:00:00
nessus
nessus
Debian DSA-3964-1 : asterisk - security update
2017-09-05 00:00:00
FreeBSD : asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm (c599f95c-8ee5-11e7-8be8-001999f8d30b)
2017-09-05 00:00:00
Asterisk 11.x < 11.25.2 / 11.6 < 11.6-cert17 / 13.x < 13.17.1 / 14.x < 14.6.1 / 13.13 < 13.13-cert5 Multiple Vulnerabilities (AST-2017-005 - AST-2017-007)
2017-09-05 00:00:00
osv
osv
asterisk - security update
2017-09-04 00:00:00
asterisk - security update
2017-10-05 00:00:00
CVE-2017-14100
2017-09-02 16:29:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2017-10-29 00:00:00
cve
cve
CVE-2017-14100
2017-09-02 16:29:00
CVE-2017-14099
2017-09-02 16:29:00
debian
debian
[SECURITY] [DLA 1122-1] asterisk security update
2017-10-05 13:03:23
checkpoint_advisories
checkpoint_advisories
Digium Asterisk RTP Stack Information Disclosure (CVE-2017-14099)
2017-09-28 00:00:00
Digium Asterisk app_minivm Caller-ID Command Execution (CVE-2017-14100)
2017-10-08 00:00:00
nvd
nvd
CVE-2017-14099
2017-09-02 16:29:00
CVE-2017-14100
2017-09-02 16:29:00
cvelist
cvelist
CVE-2017-14099
2017-09-02 16:00:00
CVE-2017-14100
2017-09-02 16:00:00
debiancve
debiancve
CVE-2017-14100
2017-09-02 16:29:00
CVE-2017-14099
2017-09-02 16:29:00
prion
prion
Design/Logic Flaw
2017-09-02 16:29:00
Command injection
2017-09-02 16:29:00
ubuntucve
ubuntucve
CVE-2017-14099
2017-09-02 00:00:00
CVE-2017-14100
2017-09-02 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.961 High

EPSS

Percentile

99.5%

JSON
Related for DEBIAN:DSA-3964-1:27F1C
freebsd2openvas4nessus7osv4gentoo1cve2debian1checkpoint_advisories2nvd2cvelist2debiancve2prion2ubuntucve2