{"id": "FEDORA:8FCFE1105E6", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 12 Update: asterisk-1.6.1.17-1.fc12", "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "published": "2010-04-01T01:38:49", "modified": "2010-04-01T01:38:49", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2009-4055", "CVE-2010-0441"], "lastseen": "2020-12-21T08:17:49", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-4055", "CVE-2010-0441"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310800463", "OPENVAS:66574", "OPENVAS:861792", "OPENVAS:136141256231066574", "OPENVAS:1361412562310861843", "OPENVAS:1361412562310861792", "OPENVAS:136141256231066576", "OPENVAS:861843", "OPENVAS:66576", "OPENVAS:1361412562310100366"]}, {"type": "fedora", "idList": ["FEDORA:CD2F310F894", "FEDORA:8941410F85C", "FEDORA:64CE110FC07", "FEDORA:EFD3410F7E6"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10578", "SECURITYVULNS:VULN:10434", "SECURITYVULNS:DOC:23152", "SECURITYVULNS:DOC:22855"]}, {"type": "nessus", "idList": ["FEDORA_2010-3724.NASL", "FEDORA_2009-12517.NASL", "FEDORA_2010-3381.NASL", "FEDORA_2009-12506.NASL", "DEBIAN_DSA-1952.NASL", "GENTOO_GLSA-201006-20.NASL", "FEDORA_2009-12461.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201006-20"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1952-1:01A35"]}], "modified": "2020-12-21T08:17:49", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2020-12-21T08:17:49", "rev": 2}, "vulnersScore": 7.0}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "12", "arch": "any", "packageName": "asterisk", "packageVersion": "1.6.1.17", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"cve": [{"lastseen": "2020-10-03T11:54:19", "description": "rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.", "edition": 3, "cvss3": {}, "published": "2009-12-02T11:30:00", "title": "CVE-2009-4055", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4055"], "modified": "2018-10-10T19:48:00", "cpe": ["cpe:/a:digium:asterisk:1.4.8", "cpe:/a:digium:asterisk:1.4.17", "cpe:/a:digium:asterisk:b", "cpe:/a:digium:asterisk:1.4.10.1", "cpe:/a:digium:asterisk:1.4.18", "cpe:/a:digium:asterisk:1.4.4", "cpe:/a:digium:asterisk:1.4.16", "cpe:/a:digium:asterisk:1.2.13", "cpe:/a:digium:asterisk:1.6.0.11", "cpe:/a:digium:asterisk:1.4.20", "cpe:/a:digium:asterisk:1.2.30", "cpe:/a:digium:asterisk:1.6.0.4", "cpe:/a:digium:asterisk:c.2.3", "cpe:/a:digium:asterisk:1.4.21.1", "cpe:/a:digium:asterisk:1.2.30.1", "cpe:/a:digium:asterisk:1.2.19", "cpe:/a:digium:asterisk:b.2.5.3", "cpe:/a:digium:asterisk:1.6.0.1", "cpe:/a:digium:asterisk:1.2.2", "cpe:/a:digium:asterisk:1.2.11", "cpe:/a:digium:asterisk:1.2.14", "cpe:/a:digium:asterisk:1.4.1", "cpe:/a:digium:asterisk:1.2.25", "cpe:/a:digium:asterisk:1.6.0.10", "cpe:/a:digium:asterisk:1.6.0.9", "cpe:/a:digium:asterisk:1.2.29", "cpe:/a:digium:asterisk:1.6.1.1", "cpe:/a:digium:asterisk:1.6.0.5", "cpe:/a:digium:asterisk:1.2.26.2", "cpe:/a:digium:asterisk:1.2.31", "cpe:/h:digium:s800i:1.3.0.2", "cpe:/a:digium:asterisk:b.2.3.4", "cpe:/a:digium:asterisk:b.2.3.5", "cpe:/a:digium:asterisk:1.2.24", "cpe:/a:digium:asterisk:1.4.26", "cpe:/a:digium:asterisk:1.4.22", "cpe:/a:digium:asterisk:1.2.28.1", "cpe:/a:digium:asterisk:b.2.3.1", "cpe:/a:digium:asterisk:c", "cpe:/a:digium:asterisk:1.2.3", "cpe:/a:digium:asterisk:1.4.25.1", "cpe:/a:digium:asterisk:c.3.0", "cpe:/a:digium:asterisk:1.4.19.2", "cpe:/a:digium:asterisk:1.4.3", "cpe:/a:digium:asterisk:1.2.30.4", "cpe:/a:digium:asterisk:1.4.22.2", "cpe:/a:digium:asterisk:1.2.20", "cpe:/a:digium:asterisk:1.4.11", "cpe:/a:digium:asterisk:1.6.0.3", "cpe:/a:digium:asterisk:1.6.0.7", "cpe:/a:digium:asterisk:1.2.35", "cpe:/a:digium:asterisk:1.2.33", "cpe:/a:digium:asterisk:1.6.1.6", "cpe:/a:digium:asterisk:1.4.24.1", "cpe:/a:digium:asterisk:1.2.21.1", "cpe:/a:digium:asterisk:1.6.0.18", "cpe:/a:digium:asterisk:1.4.12.1", "cpe:/a:digium:asterisk:1.4.7", "cpe:/a:digium:asterisk:1.2.18", "cpe:/a:digium:asterisk:1.2.22", "cpe:/a:digium:asterisk:1.2.30.3", "cpe:/a:digium:asterisk:b.2.3.2", "cpe:/a:digium:asterisk:1.6.1.5", "cpe:/a:digium:asterisk:b.2.2.0", "cpe:/a:digium:asterisk:1.4.19", "cpe:/a:digium:asterisk:1.2.27", "cpe:/a:digium:asterisk:1.2.28", "cpe:/a:digium:asterisk:1.4.6", "cpe:/a:digium:asterisk:1.6.1.8", "cpe:/a:digium:asterisk:1.2.30.2", "cpe:/a:digium:asterisk:b.2.3.3", "cpe:/a:digium:asterisk:1.4.0", "cpe:/a:digium:asterisk:1.6.0.8", "cpe:/a:digium:asterisk:1.4.10", "cpe:/a:digium:asterisk:1.4.26.1", "cpe:/a:digium:asterisk:1.4.15", "cpe:/h:digium:s800i:1.3.0.3", "cpe:/a:digium:asterisk:1.2.26", "cpe:/a:digium:asterisk:1.4.9", "cpe:/a:digium:asterisk:1.4.20.1", "cpe:/a:digium:asterisk:b.1.3.3", "cpe:/a:digium:asterisk:b.2.5.2", "cpe:/a:digium:asterisk:1.4.23", "cpe:/a:digium:asterisk:1.2.21", "cpe:/a:digium:asterisk:b.2.5.0", "cpe:/a:digium:asterisk:1.4.5", "cpe:/a:digium:asterisk:1.2.34", "cpe:/a:digium:asterisk:1.4.23.1", "cpe:/a:digium:asterisk:1.2.17", "cpe:/a:digium:asterisk:1.4.22.1", "cpe:/a:digium:asterisk:1.4.13", "cpe:/a:digium:asterisk:1.2.36", "cpe:/a:digium:asterisk:1.2.12.1", "cpe:/a:digium:asterisk:1.2.26.1", "cpe:/a:digium:asterisk:1.6.0.14", "cpe:/a:digium:asterisk:1.4.16.1", "cpe:/a:digium:asterisk:1.6.0.16", "cpe:/a:digium:asterisk:1.6.0.6", "cpe:/a:digium:asterisk:b.2.5.1", "cpe:/a:digium:asterisk:1.6.0.2", "cpe:/a:digium:asterisk:1.2.10", "cpe:/a:digium:asterisk:1.4.14", "cpe:/a:digium:asterisk:1.6.1.4", "cpe:/a:digium:asterisk:1.2.31.1", "cpe:/a:digium:asterisk:1.4.25", "cpe:/a:digium:asterisk:1.2.0", "cpe:/a:digium:asterisk:1.6.1.0", "cpe:/a:digium:asterisk:1.4.7.1", "cpe:/a:digium:asterisk:1.2.12", "cpe:/a:digium:asterisk:1.4.12", "cpe:/a:digium:asterisk:b.1.3.2", "cpe:/h:digium:s800i:1.3.0", "cpe:/a:digium:asterisk:1.2.16", "cpe:/a:digium:asterisk:1.4.16.2", "cpe:/a:digium:asterisk:1.6.1.3", "cpe:/a:digium:asterisk:1.4.24", "cpe:/a:digium:asterisk:1.4.2", "cpe:/a:digium:asterisk:1.4.19.1", "cpe:/a:digium:asterisk:1.6.1.7", "cpe:/a:digium:asterisk:b.2.3.6", "cpe:/a:digium:asterisk:1.4.21.2", "cpe:/a:digium:asterisk:1.2.32", "cpe:/a:digium:asterisk:1.2.23", "cpe:/a:digium:asterisk:1.4.23.2", "cpe:/a:digium:asterisk:1.2.15", "cpe:/a:digium:asterisk:1.4.27", "cpe:/a:digium:asterisk:1.6.1.2", "cpe:/a:digium:asterisk:1.6.0", "cpe:/h:digium:s800i:1.3.0.4", "cpe:/a:digium:asterisk:b.2.2.1", "cpe:/a:digium:asterisk:1.4.26.2", "cpe:/a:digium:asterisk:1.6.1.10", "cpe:/a:digium:asterisk:1.4.21", "cpe:/a:digium:asterisk:1.6.0.15", "cpe:/a:digium:asterisk:1.2.1"], "id": "CVE-2009-4055", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4055", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.18:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.21.1:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.13:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.27:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.15:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.26.2:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.21:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.29:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.16:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.28.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:b.2.3.5:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:b.2.2.1:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*", "cpe:2.3:h:digium:s800i:1.3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0:rc6:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.10:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.16:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:b.2.5.0:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:b.1.3.2:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.2:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.25:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.20:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:b.1.3.3:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.16:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.12:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.19:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.25:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:b.2.3.4:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.22:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.19:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.26:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.31.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:b.2.3.2:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:b.2.2.0:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:b:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.20:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.30.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.23:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.26.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0:beta7.1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.30.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:c:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:b.2.3.6:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.30.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.30:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.26:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.17:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.24:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:b.2.5.2:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.11:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.35:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:b.2.5.1:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.23:netsec:*:*:*:*:*:*", "cpe:2.3:h:digium:s800i:1.3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.24:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:b.2.3.1:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.14:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.30.4:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.17:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:b.2.5.3:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.36:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.11:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.33:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.28:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.26.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:b.2.3.3:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:h:digium:s800i:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.3:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.11:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.32:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.34:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.22:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.21:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.16:*:*:*:*:*:*:*", "cpe:2.3:h:digium:s800i:1.3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.0.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.31:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.12.1:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.26.1:netsec:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:57:22", "description": "Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.", "edition": 3, "cvss3": {}, "published": "2010-02-04T20:15:00", "title": "CVE-2010-0441", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0441"], "modified": "2018-10-10T19:52:00", "cpe": ["cpe:/a:asterisk:asterisk:1.6.0.9", "cpe:/a:asterisk:asterisk:1.6.1.2", "cpe:/a:asterisk:asterisk:1.6.0.19", "cpe:/a:asterisk:asterisk:1.6.1.10-rc1", "cpe:/a:asterisk:asterisk:1.6.0.14", "cpe:/a:asterisk:asterisk:1.6.0.20-rc1", "cpe:/a:asterisk:asterisk:1.6.1.9", "cpe:/a:asterisk:asterisk:1.6.0.16-rc1", "cpe:/a:asterisk:asterisk:c.3.3.3", "cpe:/a:asterisk:asterisk:1.6.0.13", "cpe:/a:asterisk:asterisk:c.3.2.2", "cpe:/a:asterisk:asterisk:1.6.1.6", "cpe:/a:asterisk:asterisk:1.6.0.15", "cpe:/a:asterisk:asterisk:1.6.1.1", "cpe:/a:asterisk:asterisk:c.3.1.1", "cpe:/a:asterisk:asterisk:1.6.2.1-rc1", "cpe:/a:asterisk:asterisk:1.6.0.12", "cpe:/a:asterisk:asterisk:1.6.1.10-rc3", "cpe:/a:asterisk:asterisk:1.6.1.5", "cpe:/a:asterisk:asterisk:1.6.0.21-rc1", "cpe:/a:asterisk:asterisk:1.6.1.11", "cpe:/a:asterisk:asterisk:1.6.1.4", "cpe:/a:asterisk:asterisk:1.6.0.3", "cpe:/a:asterisk:asterisk:1.6.1.12-rc1", "cpe:/a:asterisk:asterisk:1.6.2.1", "cpe:/a:asterisk:asterisk:1.6.0.18-rc2", "cpe:/a:asterisk:asterisk:1.6.0.2", "cpe:/a:asterisk:asterisk:1.6.1.13", "cpe:/a:asterisk:asterisk:1.6.1.10", "cpe:/a:asterisk:asterisk:1.6.0.5", "cpe:/a:asterisk:asterisk:1.6.0.18-rc3", "cpe:/a:asterisk:asterisk:1.6.1.13-rc1", "cpe:/a:asterisk:asterisk:1.6.0.6", "cpe:/a:asterisk:asterisk:1.6.0.10", "cpe:/a:asterisk:asterisk:1.6.0.18-rc1", "cpe:/a:asterisk:asterisk:1.6.1.8", "cpe:/a:asterisk:asterisk:1.6.10-rc2", "cpe:/a:asterisk:asterisk:1.6.0.21", "cpe:/a:asterisk:asterisk:c.3.1.0", "cpe:/a:asterisk:asterisk:1.6.1.0", "cpe:/a:asterisk:asterisk:1.6.0.20", "cpe:/a:asterisk:asterisk:1.6.0.16-rc2", "cpe:/a:asterisk:asterisk:1.6.0.1", "cpe:/a:asterisk:asterisk:1.6.0.17", "cpe:/a:asterisk:asterisk:1.6.1.7-rc2", "cpe:/a:asterisk:asterisk:1.6.0", "cpe:/a:asterisk:asterisk:1.6.0.7", "cpe:/a:asterisk:asterisk:1.6.0.8", "cpe:/a:asterisk:asterisk:1.6.0.18", "cpe:/a:asterisk:asterisk:1.6.1.10-rc2", "cpe:/a:asterisk:asterisk:1.6.1.12", "cpe:/a:asterisk:asterisk:1.6.1.7-rc1", "cpe:/a:asterisk:asterisk:1.6.10-rc1"], "id": "CVE-2010-0441", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0441", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:asterisk:asterisk:1.6.0.16-rc2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.7-rc2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:c.3.3.3:*:business:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.10-rc2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.7-rc1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.10-rc2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.2.1-rc1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.20-rc1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.10-rc3:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.21-rc1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.10-rc1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.16-rc1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.18-rc2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:c.3.1.1:*:business:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.13-rc1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.10-rc1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.12-rc1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.18-rc3:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.18-rc1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:c.3.1.0:*:business:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:c.3.2.2:*:business:*:*:*:*:*", "cpe:2.3:a:asterisk:asterisk:1.6.1.9:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-02T10:54:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4055", "CVE-2010-0441"], "description": "Check for the Version of asterisk", "modified": "2017-12-26T00:00:00", "published": "2010-04-06T00:00:00", "id": "OPENVAS:1361412562310861843", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861843", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2010-3381", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2010-3381\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"asterisk on Fedora 12\";\ntag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\n all of the features you would expect from a PBX and more. Asterisk\n does voice over IP in three protocols, and can interoperate with\n almost all standards-based telephony equipment using relatively\n inexpensive hardware.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038283.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861843\");\n script_version(\"$Revision: 8246 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 08:29:20 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-3381\");\n script_cve_id(\"CVE-2009-4055\", \"CVE-2010-0441\");\n script_name(\"Fedora Update for asterisk FEDORA-2010-3381\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~1.6.1.17~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4055", "CVE-2010-0441"], "description": "Check for the Version of asterisk", "modified": "2017-12-13T00:00:00", "published": "2010-04-06T00:00:00", "id": "OPENVAS:861843", "href": "http://plugins.openvas.org/nasl.php?oid=861843", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2010-3381", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2010-3381\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"asterisk on Fedora 12\";\ntag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\n all of the features you would expect from a PBX and more. Asterisk\n does voice over IP in three protocols, and can interoperate with\n almost all standards-based telephony equipment using relatively\n inexpensive hardware.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038283.html\");\n script_id(861843);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-3381\");\n script_cve_id(\"CVE-2009-4055\", \"CVE-2010-0441\");\n script_name(\"Fedora Update for asterisk FEDORA-2010-3381\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~1.6.1.17~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-20T13:17:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4055", "CVE-2010-0441", "CVE-2008-7220"], "description": "Check for the Version of asterisk", "modified": "2017-12-19T00:00:00", "published": "2010-03-31T00:00:00", "id": "OPENVAS:1361412562310861792", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861792", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2010-3724", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2010-3724\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"asterisk on Fedora 11\";\ntag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\n all of the features you would expect from a PBX and more. Asterisk\n does voice over IP in three protocols, and can interoperate with\n almost all standards-based telephony equipment using relatively\n inexpensive hardware.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861792\");\n script_version(\"$Revision: 8168 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 08:30:15 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-31 14:20:46 +0200 (Wed, 31 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-3724\");\n script_cve_id(\"CVE-2009-4055\", \"CVE-2008-7220\", \"CVE-2010-0441\");\n script_name(\"Fedora Update for asterisk FEDORA-2010-3724\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~1.6.1.17~1.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-12T11:10:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4055", "CVE-2010-0441", "CVE-2008-7220"], "description": "Check for the Version of asterisk", "modified": "2017-12-08T00:00:00", "published": "2010-03-31T00:00:00", "id": "OPENVAS:861792", "href": "http://plugins.openvas.org/nasl.php?oid=861792", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2010-3724", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2010-3724\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"asterisk on Fedora 11\";\ntag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\n all of the features you would expect from a PBX and more. Asterisk\n does voice over IP in three protocols, and can interoperate with\n almost all standards-based telephony equipment using relatively\n inexpensive hardware.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html\");\n script_id(861792);\n script_version(\"$Revision: 8037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 07:32:03 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-31 14:20:46 +0200 (Wed, 31 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-3724\");\n script_cve_id(\"CVE-2009-4055\", \"CVE-2008-7220\", \"CVE-2010-0441\");\n script_name(\"Fedora Update for asterisk FEDORA-2010-3724\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~1.6.1.17~1.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4055"], "description": "Asterisk is prone to a remote denial-of-service vulnerability because\n it fails to properly handle malformed RTP comfort noise data.", "modified": "2016-12-30T00:00:00", "published": "2009-12-01T00:00:00", "id": "OPENVAS:1361412562310100366", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100366", "type": "openvas", "title": "Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: asterisk_37153.nasl 4887 2016-12-30 12:54:28Z cfi $\n#\n# Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:digium:asterisk';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100366\");\n script_version(\"$Revision: 4887 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-30 13:54:28 +0100 (Fri, 30 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-01 12:01:39 +0100 (Tue, 01 Dec 2009)\");\n script_bugtraq_id(37153);\n script_cve_id(\"CVE-2009-4055\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"secpod_asterisk_detect.nasl\");\n script_mandatory_keys(\"Asterisk-PBX/Ver\", \"Asterisk-PBX/Installed\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/37153\");\n script_xref(name:\"URL\", value:\"http://www.asterisk.org/\");\n script_xref(name:\"URL\", value:\"http://downloads.asterisk.org/pub/security/AST-2009-010.html\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for details.\");\n\n script_tag(name:\"summary\", value:\"Asterisk is prone to a remote denial-of-service vulnerability because\n it fails to properly handle malformed RTP comfort noise data.\");\n\n script_tag(name:\"impact\", value:\"Successful exploits can crash the application, resulting in denial-of-\n service conditions for legitimate users.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! infos = get_app_version_and_proto( cpe:CPE, port:port ) ) exit( 0 );\n\nversion = infos[\"version\"];\nproto = infos[\"proto\"];\n\nif( version_in_range( version:version, test_version:\"1.6.1\", test_version2:\"1.6.1.10\" ) ||\n version_in_range( version:version, test_version:\"1.4.27\", test_version2:\"1.4.27.0\" ) ||\n version_in_range( version:version, test_version:\"1.2\", test_version2:\"1.2.36\" ) ) {\n report = report_fixed_ver( installed_version:version, fixed_version:\"See references\" );\n security_message( port:port, data:report, protocol:proto );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-04-06T11:38:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4055"], "description": "The remote host is missing an update to asterisk\nannounced via advisory FEDORA-2009-12517.", "modified": "2018-04-06T00:00:00", "published": "2009-12-30T00:00:00", "id": "OPENVAS:136141256231066576", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066576", "type": "openvas", "title": "Fedora Core 12 FEDORA-2009-12517 (asterisk)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12517.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12517 (asterisk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to 1.6.1.11 to fix AST-2009-010/CVE-2009-4055\nhttp://downloads.asterisk.org/pub/security/AST-2009-010.html\n\nChangeLog:\n\n* Mon Nov 30 2009 Jeffrey C. Ollie - 1.6.1.11-1\n- Update to 1.6.1.11 to fix AST-2009-010/CVE-2009-4055\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update asterisk' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12517\";\ntag_summary = \"The remote host is missing an update to asterisk\nannounced via advisory FEDORA-2009-12517.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66576\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4055\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 12 FEDORA-2009-12517 (asterisk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-ais\", rpm:\"asterisk-ais~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-alsa\", rpm:\"asterisk-alsa~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-apidoc\", rpm:\"asterisk-apidoc~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-curl\", rpm:\"asterisk-curl~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-dahdi\", rpm:\"asterisk-dahdi~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-devel\", rpm:\"asterisk-devel~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-fax\", rpm:\"asterisk-fax~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-festival\", rpm:\"asterisk-festival~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-ices\", rpm:\"asterisk-ices~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-jabber\", rpm:\"asterisk-jabber~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-jack\", rpm:\"asterisk-jack~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-ldap\", rpm:\"asterisk-ldap~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-ldap-fds\", rpm:\"asterisk-ldap-fds~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-lua\", rpm:\"asterisk-lua~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-minivm\", rpm:\"asterisk-minivm~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-misdn\", rpm:\"asterisk-misdn~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-odbc\", rpm:\"asterisk-odbc~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-oss\", rpm:\"asterisk-oss~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-portaudio\", rpm:\"asterisk-portaudio~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-postgresql\", rpm:\"asterisk-postgresql~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-radius\", rpm:\"asterisk-radius~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-skinny\", rpm:\"asterisk-skinny~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-snmp\", rpm:\"asterisk-snmp~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-sqlite\", rpm:\"asterisk-sqlite~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-tds\", rpm:\"asterisk-tds~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-unistim\", rpm:\"asterisk-unistim~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-usbradio\", rpm:\"asterisk-usbradio~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-voicemail\", rpm:\"asterisk-voicemail~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-voicemail-imap\", rpm:\"asterisk-voicemail-imap~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-voicemail-odbc\", rpm:\"asterisk-voicemail-odbc~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-voicemail-plain\", rpm:\"asterisk-voicemail-plain~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-debuginfo\", rpm:\"asterisk-debuginfo~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4055"], "description": "The remote host is missing an update to asterisk\nannounced via advisory FEDORA-2009-12517.", "modified": "2017-07-10T00:00:00", "published": "2009-12-30T00:00:00", "id": "OPENVAS:66576", "href": "http://plugins.openvas.org/nasl.php?oid=66576", "type": "openvas", "title": "Fedora Core 12 FEDORA-2009-12517 (asterisk)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12517.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12517 (asterisk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to 1.6.1.11 to fix AST-2009-010/CVE-2009-4055\nhttp://downloads.asterisk.org/pub/security/AST-2009-010.html\n\nChangeLog:\n\n* Mon Nov 30 2009 Jeffrey C. Ollie - 1.6.1.11-1\n- Update to 1.6.1.11 to fix AST-2009-010/CVE-2009-4055\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update asterisk' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12517\";\ntag_summary = \"The remote host is missing an update to asterisk\nannounced via advisory FEDORA-2009-12517.\";\n\n\n\nif(description)\n{\n script_id(66576);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4055\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 12 FEDORA-2009-12517 (asterisk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-ais\", rpm:\"asterisk-ais~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-alsa\", rpm:\"asterisk-alsa~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-apidoc\", rpm:\"asterisk-apidoc~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-curl\", rpm:\"asterisk-curl~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-dahdi\", rpm:\"asterisk-dahdi~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-devel\", rpm:\"asterisk-devel~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-fax\", rpm:\"asterisk-fax~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-festival\", rpm:\"asterisk-festival~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-ices\", rpm:\"asterisk-ices~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-jabber\", rpm:\"asterisk-jabber~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-jack\", rpm:\"asterisk-jack~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-ldap\", rpm:\"asterisk-ldap~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-ldap-fds\", rpm:\"asterisk-ldap-fds~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-lua\", rpm:\"asterisk-lua~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-minivm\", rpm:\"asterisk-minivm~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-misdn\", rpm:\"asterisk-misdn~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-odbc\", rpm:\"asterisk-odbc~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-oss\", rpm:\"asterisk-oss~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-portaudio\", rpm:\"asterisk-portaudio~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-postgresql\", rpm:\"asterisk-postgresql~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-radius\", rpm:\"asterisk-radius~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-skinny\", rpm:\"asterisk-skinny~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-snmp\", rpm:\"asterisk-snmp~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-sqlite\", rpm:\"asterisk-sqlite~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-tds\", rpm:\"asterisk-tds~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-unistim\", rpm:\"asterisk-unistim~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-usbradio\", rpm:\"asterisk-usbradio~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-voicemail\", rpm:\"asterisk-voicemail~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-voicemail-imap\", rpm:\"asterisk-voicemail-imap~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-voicemail-odbc\", rpm:\"asterisk-voicemail-odbc~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-voicemail-plain\", rpm:\"asterisk-voicemail-plain~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-debuginfo\", rpm:\"asterisk-debuginfo~1.6.1.11~1.fc12\", rls:\"FC12\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0441"], "description": "This host is running Asterisk and is prone to Denial of Service\n vulnerability.", "modified": "2019-03-01T00:00:00", "published": "2010-02-11T00:00:00", "id": "OPENVAS:1361412562310800463", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800463", "type": "openvas", "title": "Asterisk T.38 Negotiation Remote Denial Of Service Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_asterisk_sip_sdp_dos_vuln.nasl 13960 2019-03-01 13:18:27Z cfischer $\n#\n# Asterisk T.38 Negotiation Remote Denial Of Service Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:digium:asterisk';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800463\");\n script_version(\"$Revision: 13960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-01 14:18:27 +0100 (Fri, 01 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-11 16:37:59 +0100 (Thu, 11 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2010-0441\");\n script_bugtraq_id(38047);\n script_name(\"Asterisk T.38 Negotiation Remote Denial Of Service Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_asterisk_detect.nasl\");\n script_mandatory_keys(\"Asterisk-PBX/Ver\", \"Asterisk-PBX/Installed\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/38395\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/0289\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2010/Feb/1023532.html\");\n script_xref(name:\"URL\", value:\"http://downloads.asterisk.org/pub/security/AST-2010-001.html\");\n script_xref(name:\"URL\", value:\"http://www.asterisk.org/downloads\");\n script_xref(name:\"URL\", value:\"http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff\");\n script_xref(name:\"URL\", value:\"http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff\");\n script_xref(name:\"URL\", value:\"http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could result in denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Asterisk version 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and\n 1.6.2.x before 1.6.2.2\");\n\n script_tag(name:\"insight\", value:\"The flaw is caused by an error when handling 'T.38 negotiations' over SIP with\n a negative or overly large value in the 'FaxMaxDatagram' field, or without any\n 'FaxMaxDatagram' field, which could allows attackers to crash a server.\");\n\n script_tag(name:\"summary\", value:\"This host is running Asterisk and is prone to Denial of Service\n vulnerability.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 1.6.0.22, 1.6.1.14, 1.6.2.2 or apply the patch from the linked\n references\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! infos = get_app_version_and_proto( cpe:CPE, port:port ) ) exit( 0 );\n\nversion = infos[\"version\"];\nproto = infos[\"proto\"];\n\nif( version_in_range( version:version, test_version:\"1.6.2\", test_version2:\"1.6.2.1\" ) ||\n version_in_range( version:version, test_version:\"1.6.0\", test_version2:\"1.6.0.21\" ) ||\n version_in_range( version:version, test_version:\"1.6.1\", test_version2:\"1.6.1.13\" ) ) {\n report = report_fixed_ver( installed_version:version, fixed_version:\"1.6.0.22/1.6.1.14/1.6.2.2\" );\n security_message( port:port, data:report, protocol:proto );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-04-06T11:39:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4055", "CVE-2008-7220"], "description": "The remote host is missing an update to asterisk\nannounced via advisory FEDORA-2009-12506.", "modified": "2018-04-06T00:00:00", "published": "2009-12-30T00:00:00", "id": "OPENVAS:136141256231066574", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066574", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-12506 (asterisk)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12506.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12506 (asterisk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to 1.6.1.11 to fix AST-2009-010/CVE-2009-4055\nhttp://downloads.asterisk.org/pub/security/AST-2009-010.html\n\nChangeLog:\n\n* Mon Nov 30 2009 Jeffrey C. Ollie - 1.6.1.11-1\n- Update to 1.6.1.11 to fix AST-2009-010/CVE-2009-4055\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update asterisk' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12506\";\ntag_summary = \"The remote host is missing an update to asterisk\nannounced via advisory FEDORA-2009-12506.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66574\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4055\", \"CVE-2008-7220\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-12506 (asterisk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-ais\", rpm:\"asterisk-ais~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-alsa\", rpm:\"asterisk-alsa~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-apidoc\", rpm:\"asterisk-apidoc~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-curl\", rpm:\"asterisk-curl~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-dahdi\", rpm:\"asterisk-dahdi~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-devel\", rpm:\"asterisk-devel~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-fax\", rpm:\"asterisk-fax~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-festival\", rpm:\"asterisk-festival~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-ices\", rpm:\"asterisk-ices~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-jabber\", rpm:\"asterisk-jabber~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-jack\", rpm:\"asterisk-jack~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-ldap\", rpm:\"asterisk-ldap~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-ldap-fds\", rpm:\"asterisk-ldap-fds~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-lua\", rpm:\"asterisk-lua~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-minivm\", rpm:\"asterisk-minivm~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-misdn\", rpm:\"asterisk-misdn~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-odbc\", rpm:\"asterisk-odbc~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-oss\", rpm:\"asterisk-oss~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-portaudio\", rpm:\"asterisk-portaudio~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-postgresql\", rpm:\"asterisk-postgresql~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-radius\", rpm:\"asterisk-radius~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-skinny\", rpm:\"asterisk-skinny~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-snmp\", rpm:\"asterisk-snmp~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-sqlite\", rpm:\"asterisk-sqlite~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-tds\", rpm:\"asterisk-tds~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-unistim\", rpm:\"asterisk-unistim~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-usbradio\", rpm:\"asterisk-usbradio~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-voicemail\", rpm:\"asterisk-voicemail~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-voicemail-imap\", rpm:\"asterisk-voicemail-imap~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-voicemail-odbc\", rpm:\"asterisk-voicemail-odbc~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-voicemail-plain\", rpm:\"asterisk-voicemail-plain~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-debuginfo\", rpm:\"asterisk-debuginfo~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4055", "CVE-2008-7220"], "description": "The remote host is missing an update to asterisk\nannounced via advisory FEDORA-2009-12506.", "modified": "2017-07-10T00:00:00", "published": "2009-12-30T00:00:00", "id": "OPENVAS:66574", "href": "http://plugins.openvas.org/nasl.php?oid=66574", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-12506 (asterisk)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_12506.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-12506 (asterisk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to 1.6.1.11 to fix AST-2009-010/CVE-2009-4055\nhttp://downloads.asterisk.org/pub/security/AST-2009-010.html\n\nChangeLog:\n\n* Mon Nov 30 2009 Jeffrey C. Ollie - 1.6.1.11-1\n- Update to 1.6.1.11 to fix AST-2009-010/CVE-2009-4055\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update asterisk' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12506\";\ntag_summary = \"The remote host is missing an update to asterisk\nannounced via advisory FEDORA-2009-12506.\";\n\n\n\nif(description)\n{\n script_id(66574);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4055\", \"CVE-2008-7220\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-12506 (asterisk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-ais\", rpm:\"asterisk-ais~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-alsa\", rpm:\"asterisk-alsa~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-apidoc\", rpm:\"asterisk-apidoc~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-curl\", rpm:\"asterisk-curl~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-dahdi\", rpm:\"asterisk-dahdi~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-devel\", rpm:\"asterisk-devel~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-fax\", rpm:\"asterisk-fax~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-festival\", rpm:\"asterisk-festival~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-ices\", rpm:\"asterisk-ices~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-jabber\", rpm:\"asterisk-jabber~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-jack\", rpm:\"asterisk-jack~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-ldap\", rpm:\"asterisk-ldap~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-ldap-fds\", rpm:\"asterisk-ldap-fds~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-lua\", rpm:\"asterisk-lua~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-minivm\", rpm:\"asterisk-minivm~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-misdn\", rpm:\"asterisk-misdn~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-odbc\", rpm:\"asterisk-odbc~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-oss\", rpm:\"asterisk-oss~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-portaudio\", rpm:\"asterisk-portaudio~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-postgresql\", rpm:\"asterisk-postgresql~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-radius\", rpm:\"asterisk-radius~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-skinny\", rpm:\"asterisk-skinny~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-snmp\", rpm:\"asterisk-snmp~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-sqlite\", rpm:\"asterisk-sqlite~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-tds\", rpm:\"asterisk-tds~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-unistim\", rpm:\"asterisk-unistim~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-usbradio\", rpm:\"asterisk-usbradio~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-voicemail\", rpm:\"asterisk-voicemail~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-voicemail-imap\", rpm:\"asterisk-voicemail-imap~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-voicemail-odbc\", rpm:\"asterisk-voicemail-odbc~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-voicemail-plain\", rpm:\"asterisk-voicemail-plain~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"asterisk-debuginfo\", rpm:\"asterisk-debuginfo~1.6.1.11~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-7220", "CVE-2009-4055", "CVE-2010-0441"], "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "modified": "2010-03-23T01:56:46", "published": "2010-03-23T01:56:46", "id": "FEDORA:64CE110FC07", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: asterisk-1.6.1.17-1.fc11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4055"], "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "modified": "2009-12-22T04:56:57", "published": "2009-12-22T04:56:57", "id": "FEDORA:CD2F310F894", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: asterisk-1.6.1.11-1.fc12", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-7220", "CVE-2009-4055"], "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "modified": "2009-12-22T04:45:24", "published": "2009-12-22T04:45:24", "id": "FEDORA:EFD3410F7E6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: asterisk-1.6.1.11-1.fc11", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-7220", "CVE-2009-0041", "CVE-2009-4055"], "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "modified": "2009-12-11T18:23:16", "published": "2009-12-11T18:23:16", "id": "FEDORA:8941410F85C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: asterisk-1.6.0.19-1.fc10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-4055"], "description": " Asterisk Project Security Advisory - AST-2009-010\r\n\r\n +------------------------------------------------------------------------+\r\n | Product | Asterisk |\r\n |----------------------+-------------------------------------------------|\r\n | Summary | RTP Remote Crash Vulnerability |\r\n |----------------------+-------------------------------------------------|\r\n | Nature of Advisory | Denial of Service |\r\n |----------------------+-------------------------------------------------|\r\n | Susceptibility | Remote unauthenticated sessions |\r\n |----------------------+-------------------------------------------------|\r\n | Severity | Critical |\r\n |----------------------+-------------------------------------------------|\r\n | Exploits Known | No |\r\n |----------------------+-------------------------------------------------|\r\n | Reported On | November 13, 2009 |\r\n |----------------------+-------------------------------------------------|\r\n | Reported By | issues.asterisk.org user amorsen |\r\n |----------------------+-------------------------------------------------|\r\n | Posted On | November 30, 2009 |\r\n |----------------------+-------------------------------------------------|\r\n | Last Updated On | November 30, 2009 |\r\n |----------------------+-------------------------------------------------|\r\n | Advisory Contact | David Vossel &lt; dvossel AT digium DOT com &gt; |\r\n |----------------------+-------------------------------------------------|\r\n | CVE Name | CVE-2009-4055 |\r\n +------------------------------------------------------------------------+\r\n\r\n +------------------------------------------------------------------------+\r\n | Description | An attacker sending a valid RTP comfort noise payload |\r\n | | containing a data length of 24 bytes or greater can |\r\n | | remotely crash Asterisk. |\r\n +------------------------------------------------------------------------+\r\n\r\n +------------------------------------------------------------------------+\r\n | Resolution | Upgrade to one of the versions of Asterisk listed in the |\r\n | | &quot;Corrected In&quot; section, or apply a patch specified in the |\r\n | | &quot;Patches&quot; section. |\r\n +------------------------------------------------------------------------+\r\n\r\n +------------------------------------------------------------------------+\r\n | Affected Versions |\r\n |------------------------------------------------------------------------|\r\n | Product | Release Series | |\r\n |----------------------------------+----------------+--------------------|\r\n | Asterisk Open Source | 1.2.x | All versions |\r\n |----------------------------------+----------------+--------------------|\r\n | Asterisk Open Source | 1.4.x | All versions |\r\n |----------------------------------+----------------+--------------------|\r\n | Asterisk Open Source | 1.6.x | All versions |\r\n |----------------------------------+----------------+--------------------|\r\n | Asterisk Business Edition | B.x.x | All versions |\r\n |----------------------------------+----------------+--------------------|\r\n | Asterisk Business Edition | C.x.x | All versions |\r\n |----------------------------------+----------------+--------------------|\r\n | s800i &#40;Asterisk Appliance&#41; | 1.3.x | All versions |\r\n +------------------------------------------------------------------------+\r\n\r\n +------------------------------------------------------------------------+\r\n | Corrected In |\r\n |------------------------------------------------------------------------|\r\n | Product | Release |\r\n |---------------------------------------------+--------------------------|\r\n | Asterisk Open Source | 1.2.37 |\r\n |---------------------------------------------+--------------------------|\r\n | Asterisk Open Source | 1.4.27.1 |\r\n |---------------------------------------------+--------------------------|\r\n | Asterisk Open Source | 1.6.0.19 |\r\n |---------------------------------------------+--------------------------|\r\n | Asterisk Open Source | 1.6.1.11 |\r\n |---------------------------------------------+--------------------------|\r\n | Asterisk Business Edition | B.2.5.13 |\r\n |---------------------------------------------+--------------------------|\r\n | Asterisk Business Edition | C.2.4.6 |\r\n |---------------------------------------------+--------------------------|\r\n | Asterisk Business Edition | C.3.2.3 |\r\n |---------------------------------------------+--------------------------|\r\n | S800i &#40;Asterisk Appliance&#41; | 1.3.0.6 |\r\n +------------------------------------------------------------------------+\r\n\r\n +-----------------------------------------------------------------------------+\r\n | Patches |\r\n |-----------------------------------------------------------------------------|\r\n | Link |Branch|\r\n |----------------------------------------------------------------------+------|\r\n |http://downloads.asterisk.org/pub/security/AST-2009-010-1.2.diff.txt |1.2 |\r\n |----------------------------------------------------------------------+------|\r\n |http://downloads.asterisk.org/pub/security/AST-2009-010-1.4.diff.txt |1.4 |\r\n |----------------------------------------------------------------------+------|\r\n |http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.0.diff.txt|1.6.0 |\r\n |----------------------------------------------------------------------+------|\r\n |http://downloads.asterisk.org/pub/security/AST-2009-010-1.6.1.diff.txt|1.6.1 |\r\n +-----------------------------------------------------------------------------+\r\n\r\n +------------------------------------------------------------------------+\r\n | Links | https://issues.asterisk.org/view.php?id=16242 |\r\n +------------------------------------------------------------------------+\r\n\r\n +------------------------------------------------------------------------+\r\n | Asterisk Project Security Advisories are posted at |\r\n | http://www.asterisk.org/security |\r\n | |\r\n | This document may be superseded by later versions; if so, the latest |\r\n | version will be posted at |\r\n | http://downloads.digium.com/pub/security/AST-2009-010.pdf and |\r\n | http://downloads.digium.com/pub/security/AST-2009-010.html |\r\n +------------------------------------------------------------------------+\r\n\r\n +------------------------------------------------------------------------+\r\n | Revision History |\r\n |------------------------------------------------------------------------|\r\n | Date | Editor | Revisions Made |\r\n |------------------+---------------------+-------------------------------|\r\n | 2009-09-03 | David Vossel | Initial release |\r\n +------------------------------------------------------------------------+\r\n\r\n Asterisk Project Security Advisory - AST-2009-010\r\n Copyright &#40;c&#41; 2009 Digium, Inc. All Rights Reserved.\r\n Permission is hereby granted to distribute and publish this advisory in its\r\n original, unaltered form.", "edition": 1, "modified": "2009-12-01T00:00:00", "published": "2009-12-01T00:00:00", "id": "SECURITYVULNS:DOC:22855", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22855", "title": "AST-2009-010: RTP Remote Crash Vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-4055"], "description": "Crash on RTP comfort noise payload processing.", "edition": 1, "modified": "2009-12-01T00:00:00", "published": "2009-12-01T00:00:00", "id": "SECURITYVULNS:VULN:10434", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10434", "title": "Asterisk RTP DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:33", "bulletinFamily": "software", "cvelist": ["CVE-2010-0441"], "description": " Asterisk Project Security Advisory - AST-2010-001\r\n\r\n +------------------------------------------------------------------------+\r\n | Product | Asterisk |\r\n |----------------------+-------------------------------------------------|\r\n | Summary | T.38 Remote Crash Vulnerability |\r\n |----------------------+-------------------------------------------------|\r\n | Nature of Advisory | Denial of Service |\r\n |----------------------+-------------------------------------------------|\r\n | Susceptibility | Remote unauthenticated sessions |\r\n |----------------------+-------------------------------------------------|\r\n | Severity | Critical |\r\n |----------------------+-------------------------------------------------|\r\n | Exploits Known | No |\r\n |----------------------+-------------------------------------------------|\r\n | Reported On | 12/03/09 |\r\n |----------------------+-------------------------------------------------|\r\n | Reported By | issues.asterisk.org users bklang and elsto |\r\n |----------------------+-------------------------------------------------|\r\n | Posted On | 02/03/10 |\r\n |----------------------+-------------------------------------------------|\r\n | Last Updated On | February 2, 2010 |\r\n |----------------------+-------------------------------------------------|\r\n | Advisory Contact | David Vossel &lt; dvossel AT digium DOT com &gt; |\r\n |----------------------+-------------------------------------------------|\r\n | CVE Name | CVE-2010-0441 |\r\n +------------------------------------------------------------------------+\r\n\r\n +------------------------------------------------------------------------+\r\n | Description | An attacker attempting to negotiate T.38 over SIP can |\r\n | | remotely crash Asterisk by modifying the FaxMaxDatagram |\r\n | | field of the SDP to contain either a negative or |\r\n | | exceptionally large value. The same crash occurs when |\r\n | | the FaxMaxDatagram field is omitted from the SDP as |\r\n | | well. |\r\n +------------------------------------------------------------------------+\r\n\r\n +------------------------------------------------------------------------+\r\n | Resolution | Upgrade to one of the versions of Asterisk listed in the |\r\n | | &quot;Corrected In&quot; section, or apply a patch specified in the |\r\n | | &quot;Patches&quot; section. |\r\n +------------------------------------------------------------------------+\r\n\r\n +------------------------------------------------------------------------+\r\n | Affected Versions |\r\n |------------------------------------------------------------------------|\r\n | Product | Release Series | |\r\n |----------------------------------+----------------+--------------------|\r\n | Asterisk Open Source | 1.6.x | All versions |\r\n |----------------------------------+----------------+--------------------|\r\n | Asterisk Business Edition | C.3 | All versions |\r\n +------------------------------------------------------------------------+\r\n\r\n +------------------------------------------------------------------------+\r\n | Corrected In |\r\n |------------------------------------------------------------------------|\r\n | Product | Release |\r\n |------------------------------------------+-----------------------------|\r\n | Asterisk Open Source | 1.6.0.22 |\r\n |------------------------------------------+-----------------------------|\r\n | Asterisk Open Source | 1.6.1.14 |\r\n |------------------------------------------+-----------------------------|\r\n | Asterisk Open Source | 1.6.2.2 |\r\n |------------------------------------------+-----------------------------|\r\n | | C.3.3.2 |\r\n +------------------------------------------------------------------------+\r\n\r\n +-------------------------------------------------------------------------+\r\n | Patches |\r\n |-------------------------------------------------------------------------|\r\n | SVN URL |Branch|\r\n |------------------------------------------------------------------+------|\r\n |http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff|v1.6.0|\r\n |------------------------------------------------------------------+------|\r\n |http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff|v1.6.1|\r\n |------------------------------------------------------------------+------|\r\n |http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff|v1.6.2|\r\n +-------------------------------------------------------------------------+\r\n\r\n +------------------------------------------------------------------------+\r\n | Links | https://issues.asterisk.org/view.php?id=16634 |\r\n | | |\r\n | | https://issues.asterisk.org/view.php?id=16724 |\r\n | | |\r\n | | https://issues.asterisk.org/view.php?id=16517 |\r\n +------------------------------------------------------------------------+\r\n\r\n +------------------------------------------------------------------------+\r\n | Asterisk Project Security Advisories are posted at |\r\n | http://www.asterisk.org/security |\r\n | |\r\n | This document may be superseded by later versions; if so, the latest |\r\n | version will be posted at |\r\n | http://downloads.digium.com/pub/security/.pdf and |\r\n | http://downloads.digium.com/pub/security/.html |\r\n +------------------------------------------------------------------------+\r\n\r\n +------------------------------------------------------------------------+\r\n | Revision History |\r\n |------------------------------------------------------------------------|\r\n | Date | Editor | Revisions Made |\r\n |----------------+----------------------+--------------------------------|\r\n | 02/02/10 | David Vossel | Initial release |\r\n +------------------------------------------------------------------------+\r\n\r\n Asterisk Project Security Advisory - AST-2010-001\r\n Copyright &#40;c&#41; 2010 Digium, Inc. All Rights Reserved.\r\n Permission is hereby granted to distribute and publish this advisory in its\r\n original, unaltered form.", "edition": 1, "modified": "2010-02-04T00:00:00", "published": "2010-02-04T00:00:00", "id": "SECURITYVULNS:DOC:23152", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23152", "title": "AST-2010-001: T.38 Remote Crash Vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:35", "bulletinFamily": "software", "cvelist": ["CVE-2010-0441"], "description": "Integer overflow on T.38 over SIP FaxMaxDatagram field parsing.", "edition": 1, "modified": "2010-02-04T00:00:00", "published": "2010-02-04T00:00:00", "id": "SECURITYVULNS:VULN:10578", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10578", "title": "Asterisk integer overflow", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-12T10:07:00", "description": "Update to 1.6.1.11 to fix AST-2009-010/CVE-2009-4055\nhttp://downloads.asterisk.org/pub/security/AST-2009-010.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "published": "2009-12-22T00:00:00", "title": "Fedora 11 : asterisk-1.6.1.11-1.fc11 (2009-12506)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4055"], "modified": "2009-12-22T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:11", "p-cpe:/a:fedoraproject:fedora:asterisk"], "id": "FEDORA_2009-12506.NASL", "href": "https://www.tenable.com/plugins/nessus/43370", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12506.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43370);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(37153);\n script_xref(name:\"FEDORA\", value:\"2009-12506\");\n\n script_name(english:\"Fedora 11 : asterisk-1.6.1.11-1.fc11 (2009-12506)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.6.1.11 to fix AST-2009-010/CVE-2009-4055\nhttp://downloads.asterisk.org/pub/security/AST-2009-010.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2009-010.html\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032925.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f279562\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"asterisk-1.6.1.11-1.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:07:00", "description": "Update to 1.6.1.11 to fix AST-2009-010/CVE-2009-4055\nhttp://downloads.asterisk.org/pub/security/AST-2009-010.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "published": "2009-12-22T00:00:00", "title": "Fedora 12 : asterisk-1.6.1.11-1.fc12 (2009-12517)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4055"], "modified": "2009-12-22T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:asterisk"], "id": "FEDORA_2009-12517.NASL", "href": "https://www.tenable.com/plugins/nessus/43371", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12517.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43371);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(37153);\n script_xref(name:\"FEDORA\", value:\"2009-12517\");\n\n script_name(english:\"Fedora 12 : asterisk-1.6.1.11-1.fc12 (2009-12517)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.6.1.11 to fix AST-2009-010/CVE-2009-4055\nhttp://downloads.asterisk.org/pub/security/AST-2009-010.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2009-010.html\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032989.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?517f1011\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"asterisk-1.6.1.11-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:07:00", "description": "Update to 1.6.0.19 to fix AST-2009-010/CVE-2009-4055\nhttp://downloads.asterisk.org/pub/security/AST-2009-010.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2009-12-14T00:00:00", "title": "Fedora 10 : asterisk-1.6.0.19-1.fc10 (2009-12461)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4055"], "modified": "2009-12-14T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:asterisk"], "id": "FEDORA_2009-12461.NASL", "href": "https://www.tenable.com/plugins/nessus/43114", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12461.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43114);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-4055\");\n script_bugtraq_id(33174, 37153);\n script_xref(name:\"FEDORA\", value:\"2009-12461\");\n\n script_name(english:\"Fedora 10 : asterisk-1.6.0.19-1.fc10 (2009-12461)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.6.0.19 to fix AST-2009-010/CVE-2009-4055\nhttp://downloads.asterisk.org/pub/security/AST-2009-010.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2009-010.html\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032568.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?adeb809b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"asterisk-1.6.0.19-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:08:39", "description": "Update to 1.6.1.17 * AST-2010-003: Invalid parsing of ACL rules can\ncompromise security * AST-2010-002: This security release is intended\nto raise awareness of how it is possible to insert malicious strings\ninto dialplans, and to advise developers to read the best practices\ndocuments so that they may easily avoid these dangers. * AST-2010-001:\nAn attacker attempting to negotiate T.38 over SIP can remotely crash\nAsterisk by modifying the FaxMaxDatagram field of the SDP to contain\neither a negative or exceptionally large value. The same crash occurs\nwhen the FaxMaxDatagram field is omitted from the SDP as well.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-07-01T00:00:00", "title": "Fedora 12 : asterisk-1.6.1.17-1.fc12 (2010-3381)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0441"], "modified": "2010-07-01T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:asterisk"], "id": "FEDORA_2010-3381.NASL", "href": "https://www.tenable.com/plugins/nessus/47311", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-3381.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47311);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0441\");\n script_bugtraq_id(37153, 38047);\n script_xref(name:\"FEDORA\", value:\"2010-3381\");\n\n script_name(english:\"Fedora 12 : asterisk-1.6.1.17-1.fc12 (2010-3381)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.6.1.17 * AST-2010-003: Invalid parsing of ACL rules can\ncompromise security * AST-2010-002: This security release is intended\nto raise awareness of how it is possible to insert malicious strings\ninto dialplans, and to advise developers to read the best practices\ndocuments so that they may easily avoid these dangers. * AST-2010-001:\nAn attacker attempting to negotiate T.38 over SIP can remotely crash\nAsterisk by modifying the FaxMaxDatagram field of the SDP to contain\neither a negative or exceptionally large value. The same crash occurs\nwhen the FaxMaxDatagram field is omitted from the SDP as well.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=561332\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-April/038283.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38419c6c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"asterisk-1.6.1.17-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:08:39", "description": "Update to 1.6.1.17 * AST-2010-003: Invalid parsing of ACL rules can\ncompromise security * AST-2010-002: This security release is intended\nto raise awareness of how it is possible to insert malicious strings\ninto dialplans, and to advise developers to read the best practices\ndocuments so that they may easily avoid these dangers. * AST-2010-001:\nAn attacker attempting to negotiate T.38 over SIP can remotely crash\nAsterisk by modifying the FaxMaxDatagram field of the SDP to contain\neither a negative or exceptionally large value. The same crash occurs\nwhen the FaxMaxDatagram field is omitted from the SDP as well.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-07-01T00:00:00", "title": "Fedora 11 : asterisk-1.6.1.17-1.fc11 (2010-3724)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1224", "CVE-2010-0685", "CVE-2010-0441"], "modified": "2010-07-01T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:11", "p-cpe:/a:fedoraproject:fedora:asterisk"], "id": "FEDORA_2010-3724.NASL", "href": "https://www.tenable.com/plugins/nessus/47325", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-3724.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47325);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0441\", \"CVE-2010-0685\", \"CVE-2010-1224\");\n script_bugtraq_id(38047, 38314, 38424);\n script_xref(name:\"FEDORA\", value:\"2010-3724\");\n\n script_name(english:\"Fedora 11 : asterisk-1.6.1.17-1.fc11 (2010-3724)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.6.1.17 * AST-2010-003: Invalid parsing of ACL rules can\ncompromise security * AST-2010-002: This security release is intended\nto raise awareness of how it is possible to insert malicious strings\ninto dialplans, and to advise developers to read the best practices\ndocuments so that they may easily avoid these dangers. * AST-2010-001:\nAn attacker attempting to negotiate T.38 over SIP can remotely crash\nAsterisk by modifying the FaxMaxDatagram field of the SDP to contain\neither a negative or exceptionally large value. The same crash occurs\nwhen the FaxMaxDatagram field is omitted from the SDP as well.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=561332\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1bc3d35b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"asterisk-1.6.1.17-1.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:52:40", "description": "The remote host is affected by the vulnerability described in GLSA-201006-20\n(Asterisk: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been reported in Asterisk:\n Nick Baggott reported that Asterisk does not properly process\n overly long ASCII strings in various packets (CVE-2009-2726).\n Noam Rathaus and Blake Cornell reported a flaw in the IAX2 protocol\n implementation (CVE-2009-2346).\n amorsen reported an input\n processing error in the RTP protocol implementation\n (CVE-2009-4055).\n Patrik Karlsson reported an information\n disclosure flaw related to the REGISTER message (CVE-2009-3727).\n A vulnerability was found in the bundled Prototype JavaScript\n library, related to AJAX calls (CVE-2008-7220).\n \nImpact :\n\n A remote attacker could exploit these vulnerabilities by sending a\n specially crafted package, possibly causing a Denial of Service\n condition, or resulting in information disclosure.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2010-06-04T00:00:00", "title": "GLSA-201006-20 : Asterisk: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4055", "CVE-2009-3727", "CVE-2009-2726", "CVE-2009-2346", "CVE-2008-7220"], "modified": "2010-06-04T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:asterisk"], "id": "GENTOO_GLSA-201006-20.NASL", "href": "https://www.tenable.com/plugins/nessus/46809", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201006-20.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46809);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-7220\", \"CVE-2009-2346\", \"CVE-2009-2726\", \"CVE-2009-3727\", \"CVE-2009-4055\");\n script_bugtraq_id(36015, 36275, 36926, 37153);\n script_xref(name:\"GLSA\", value:\"201006-20\");\n\n script_name(english:\"GLSA-201006-20 : Asterisk: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201006-20\n(Asterisk: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been reported in Asterisk:\n Nick Baggott reported that Asterisk does not properly process\n overly long ASCII strings in various packets (CVE-2009-2726).\n Noam Rathaus and Blake Cornell reported a flaw in the IAX2 protocol\n implementation (CVE-2009-2346).\n amorsen reported an input\n processing error in the RTP protocol implementation\n (CVE-2009-4055).\n Patrik Karlsson reported an information\n disclosure flaw related to the REGISTER message (CVE-2009-3727).\n A vulnerability was found in the bundled Prototype JavaScript\n library, related to AJAX calls (CVE-2008-7220).\n \nImpact :\n\n A remote attacker could exploit these vulnerabilities by sending a\n specially crafted package, possibly causing a Denial of Service\n condition, or resulting in information disclosure.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201006-20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Asterisk users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.2.37'\n NOTE: This is a legacy GLSA. Updates for all affected architectures are\n available since January 5, 2010. It is likely that your system is\n already no longer affected by this issue.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/asterisk\", unaffected:make_list(\"ge 1.2.37\"), vulnerable:make_list(\"lt 1.2.37\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Asterisk\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T09:45:48", "description": "Several vulnerabilities have been discovered in asterisk, an Open\nSource PBX and telephony toolkit. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2009-0041\n It is possible to determine valid login names via\n probing, due to the IAX2 response from asterisk\n (AST-2009-001).\n\n - CVE-2008-3903\n It is possible to determine a valid SIP username, when\n Digest authentication and authalwaysreject are enabled\n (AST-2009-003).\n\n - CVE-2009-3727\n It is possible to determine a valid SIP username via\n multiple crafted REGISTER messages (AST-2009-008).\n\n - CVE-2008-7220 CVE-2007-2383\n It was discovered that asterisk contains an obsolete\n copy of the Prototype JavaScript framework, which is\n vulnerable to several security issues. This copy is\n unused and now removed from asterisk (AST-2009-009).\n\n - CVE-2009-4055\n It was discovered that it is possible to perform a\n denial of service attack via RTP comfort noise payload\n with a long data length (AST-2009-010).\n\nThe current version in oldstable is not supported by upstream anymore\nand is affected by several security issues. Backporting fixes for\nthese and any future issues has become unfeasible and therefore we\nneed to drop our security support for the version in oldstable. We\nrecommend that all asterisk users upgrade to the stable distribution\n(lenny).", "edition": 27, "published": "2010-02-24T00:00:00", "title": "Debian DSA-1952-1 : asterisk - several vulnerabilities, end-of-life announcement in oldstable", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4055", "CVE-2009-3727", "CVE-2007-2383", "CVE-2008-7220", "CVE-2008-3903", "CVE-2009-0041"], "modified": "2010-02-24T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:asterisk"], "id": "DEBIAN_DSA-1952.NASL", "href": "https://www.tenable.com/plugins/nessus/44817", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1952. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44817);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-2383\", \"CVE-2008-3903\", \"CVE-2008-7220\", \"CVE-2009-0041\", \"CVE-2009-3727\", \"CVE-2009-4055\");\n script_bugtraq_id(36926, 37153);\n script_xref(name:\"DSA\", value:\"1952\");\n\n script_name(english:\"Debian DSA-1952-1 : asterisk - several vulnerabilities, end-of-life announcement in oldstable\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in asterisk, an Open\nSource PBX and telephony toolkit. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\n - CVE-2009-0041\n It is possible to determine valid login names via\n probing, due to the IAX2 response from asterisk\n (AST-2009-001).\n\n - CVE-2008-3903\n It is possible to determine a valid SIP username, when\n Digest authentication and authalwaysreject are enabled\n (AST-2009-003).\n\n - CVE-2009-3727\n It is possible to determine a valid SIP username via\n multiple crafted REGISTER messages (AST-2009-008).\n\n - CVE-2008-7220 CVE-2007-2383\n It was discovered that asterisk contains an obsolete\n copy of the Prototype JavaScript framework, which is\n vulnerable to several security issues. This copy is\n unused and now removed from asterisk (AST-2009-009).\n\n - CVE-2009-4055\n It was discovered that it is possible to perform a\n denial of service attack via RTP comfort noise payload\n with a long data length (AST-2009-010).\n\nThe current version in oldstable is not supported by upstream anymore\nand is affected by several security issues. Backporting fixes for\nthese and any future issues has become unfeasible and therefore we\nneed to drop our security support for the version in oldstable. We\nrecommend that all asterisk users upgrade to the stable distribution\n(lenny).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=554487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=554486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-3727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-7220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-2383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4055\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1952\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the asterisk packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1:1.4.21.2~dfsg-3+lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"asterisk\", reference:\"1:1.4.21.2~dfsg-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"asterisk-config\", reference:\"1:1.4.21.2~dfsg-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"asterisk-dbg\", reference:\"1:1.4.21.2~dfsg-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"asterisk-dev\", reference:\"1:1.4.21.2~dfsg-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"asterisk-doc\", reference:\"1:1.4.21.2~dfsg-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"asterisk-h323\", reference:\"1:1.4.21.2~dfsg-3+lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"asterisk-sounds-main\", reference:\"1:1.4.21.2~dfsg-3+lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:47", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4055", "CVE-2009-3727", "CVE-2009-2726", "CVE-2009-2346", "CVE-2008-7220"], "edition": 1, "description": "### Background\n\nAsterisk is an open source telephony engine and toolkit. \n\n### Description\n\nMultiple vulnerabilities have been reported in Asterisk: \n\n * Nick Baggott reported that Asterisk does not properly process overly long ASCII strings in various packets (CVE-2009-2726).\n * Noam Rathaus and Blake Cornell reported a flaw in the IAX2 protocol implementation (CVE-2009-2346).\n * amorsen reported an input processing error in the RTP protocol implementation (CVE-2009-4055).\n * Patrik Karlsson reported an information disclosure flaw related to the REGISTER message (CVE-2009-3727).\n * A vulnerability was found in the bundled Prototype JavaScript library, related to AJAX calls (CVE-2008-7220).\n\n### Impact\n\nA remote attacker could exploit these vulnerabilities by sending a specially crafted package, possibly causing a Denial of Service condition, or resulting in information disclosure. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Asterisk users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/asterisk-1.2.37\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since January 5, 2010. It is likely that your system is already no longer affected by this issue.", "modified": "2010-06-04T00:00:00", "published": "2010-06-04T00:00:00", "id": "GLSA-201006-20", "href": "https://security.gentoo.org/glsa/201006-20", "type": "gentoo", "title": "Asterisk: Multiple vulnerabilities", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:11:38", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4055", "CVE-2009-3727", "CVE-2007-2383", "CVE-2008-7220", "CVE-2008-3903", "CVE-2009-0041"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1952-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nDecember 15, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : asterisk \nVulnerability : several vulnerabilities\nProblem type : remote \nDebian-specific: no \nCVE ID : CVE-2009-0041 CVE-2008-3903 CVE-2009-3727 CVE-2008-7220 CVE-2009-4055 CVE-2007-2383\nDebian Bug : 513413 522528 554487 554486 559103 \n\n\nSeveral vulnerabilities have been discovered in asterisk, an Open Source\nPBX and telephony toolkit. The Common Vulnerabilities and Exposures \nproject identifies the following problems: \n\nCVE-2009-0041\n\nIt is possible to determine valid login names via probing, due to the\nIAX2 response from asterisk (AST-2009-001).\n\nCVE-2008-3903\n\nIt is possible to determine a valid SIP username, when Digest\nauthentication and authalwaysreject are enabled (AST-2009-003).\n\nCVE-2009-3727\n\nIt is possible to determine a valid SIP username via multiple crafted\nREGISTER messages (AST-2009-008).\n\nCVE-2008-7220 CVE-2007-2383\n\nIt was discovered that asterisk contains an obsolete copy of the\nPrototype JavaScript framework, which is vulnerable to several security\nissues. This copy is unused and now removed from asterisk\n(AST-2009-009).\n\nCVE-2009-4055\n\nIt was discovered that it is possible to perform a denial of service\nattack via RTP comfort noise payload with a long data length\n(AST-2009-010).\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 1:1.4.21.2~dfsg-3+lenny1.\n\nThe security support for asterisk in the oldstable distribution (etch)\nhas been discontinued before the end of the regular Etch security\nmaintenance life cycle. You are strongly encouraged to upgrade to\nstable.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 1:1.6.2.0~rc7-1.\n\n\nWe recommend that you upgrade your asterisk packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg.orig.tar.gz\n Size/MD5 checksum: 5295205 f641d1140b964e71e38d27bf3b2a2d80\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1.dsc\n Size/MD5 checksum: 1984 69dcaf09361976f55a053512fb26d7b5\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1.diff.gz\n Size/MD5 checksum: 150880 ba6e81cd6ab443ef04467d57a1d954b3\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.4.21.2~dfsg-3+lenny1_all.deb\n Size/MD5 checksum: 1897736 f0b7912d2ea0377bbb3c56cbc067d230\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.4.21.2~dfsg-3+lenny1_all.deb\n Size/MD5 checksum: 478858 b483c77c21df4ae9cea8a4277f96966a\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.4.21.2~dfsg-3+lenny1_all.deb\n Size/MD5 checksum: 32514900 8d959ce35cc61436ee1e09af475459d1\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.4.21.2~dfsg-3+lenny1_all.deb\n Size/MD5 checksum: 427650 fb8a7dd925c8d209f3007e2a7d6602d8\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_alpha.deb\n Size/MD5 checksum: 13039044 3fdf468968472853a921817681130898\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_alpha.deb\n Size/MD5 checksum: 393068 f6360d4fee30fd4e915ce6f381dd5e81\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_alpha.deb\n Size/MD5 checksum: 2761948 017041bb2c755b0e404351134d40808a\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_amd64.deb\n Size/MD5 checksum: 397512 6f2936b9f76618b89c7994d094c372cf\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_amd64.deb\n Size/MD5 checksum: 13086704 ed835ac48b8b0fd614ebc960007b508b\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_amd64.deb\n Size/MD5 checksum: 2605278 dc7e3fe7307e402d8d59504c89434a84\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_arm.deb\n Size/MD5 checksum: 12770542 6b450a1fcae626174db68a0ec9c831be\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_arm.deb\n Size/MD5 checksum: 401766 fee883c4784ad9075da742d83f4baaa3\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_arm.deb\n Size/MD5 checksum: 2510430 cd143e5ccf034d4eba145b2deabe87bd\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_armel.deb\n Size/MD5 checksum: 394588 d3e10caf1c6d790306701d9f34ac4fa4\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_armel.deb\n Size/MD5 checksum: 2540364 bb48863ea50a58f2358768c431fa1ca0\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_armel.deb\n Size/MD5 checksum: 12840170 d02ebc2ddb92f53bcbd089bc4d41bd10\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_hppa.deb\n Size/MD5 checksum: 12871212 af107f8cc96f9b0b7030ec28a1967f13\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_hppa.deb\n Size/MD5 checksum: 2780732 8534dd0bd7e9a46264357beeb692df19\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_hppa.deb\n Size/MD5 checksum: 412474 ac2070408bb67f325bd6ad7d3cbf032d\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_i386.deb\n Size/MD5 checksum: 2407006 2bbd456e2d36a734ac0789b6ff7e9d22\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_i386.deb\n Size/MD5 checksum: 12937820 46acd420961efc6c932d94eec0452ad3\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_i386.deb\n Size/MD5 checksum: 388450 7c9e49cb8610a577d63f3fb77ecd92da\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_ia64.deb\n Size/MD5 checksum: 13034554 8ca056f64fd91cc8597716834c894ce9\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_ia64.deb\n Size/MD5 checksum: 426588 9adc9d1948c77775cea4f248c7f261ae\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_ia64.deb\n Size/MD5 checksum: 3469020 6fcb11fa7b42f4cdce76c5c59a44b45c\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_mips.deb\n Size/MD5 checksum: 381612 8373d46bc9e95e7f15821174f7432652\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_mips.deb\n Size/MD5 checksum: 13433728 245c4ec2754177b5082d809733dc6e28\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_mips.deb\n Size/MD5 checksum: 2464570 6095542e8813aa8b64d025fe6c23697d\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_powerpc.deb\n Size/MD5 checksum: 2806054 30cba312761b5b442ec3fbecf457e2c2\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_powerpc.deb\n Size/MD5 checksum: 391488 ccb3c29a722a0a375aac06bd5937902c\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_powerpc.deb\n Size/MD5 checksum: 13267248 e867f0f519ddf844b366739c62a88869\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_sparc.deb\n Size/MD5 checksum: 2490436 434bf630723e57b97273291e780953c3\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_sparc.deb\n Size/MD5 checksum: 12742386 004d7b7016529815d21e2a086c20c718\n http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_sparc.deb\n Size/MD5 checksum: 389034 601d2368a23b3ee43385b8c28928ba24\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 7, "modified": "2009-12-15T13:06:53", "published": "2009-12-15T13:06:53", "id": "DEBIAN:DSA-1952-1:01A35", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00276.html", "title": "[SECURITY] [DSA 1952-1] New asterisk packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}