Asterisk PJSIP Channel Driver Options DoS (AST-2014-003)
2014-03-14T00:00:00
ID ASTERISK_AST_2014_003.NASL Type nessus Reporter This script is Copyright (C) 2014-2022 Tenable Network Security, Inc. Modified 2022-04-11T00:00:00
Description
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability.
A flaw exists in the PJSIP channel driver when the 'quality_frequency' configuration is enabled on an AOR when the SIP server's challenges for authentication challenges of the 'OPTIONS' request. A remote attacker could use a specially crafted request to crash the program.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(73021);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2014-2288");
script_bugtraq_id(66104);
script_name(english:"Asterisk PJSIP Channel Driver Options DoS (AST-2014-003)");
script_set_attribute(attribute:"synopsis", value:
"A telephony application running on the remote host is affected by a
denial of service vulnerability.");
script_set_attribute(attribute:"description", value:
"According to the version in its SIP banner, the version of Asterisk
running on the remote host is potentially affected by a denial of
service vulnerability.
A flaw exists in the PJSIP channel driver when the 'quality_frequency'
configuration is enabled on an AOR when the SIP server's challenges for
authentication challenges of the 'OPTIONS' request. A remote attacker
could use a specially crafted request to crash the program.
Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
# https://www.asterisk.org/downloads/asterisk-news/security-release-asterisk-1815-cert5-18261-116-cert2-1181-1211-now-available
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9933e282");
script_set_attribute(attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2014-003.html");
script_set_attribute(attribute:"see_also", value:"https://issues.asterisk.org/jira/browse/ASTERISK-23210");
script_set_attribute(attribute:"solution", value:
"Upgrade to Asterisk 12.1.1 or apply the appropriate patch listed in
the Asterisk advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/10");
script_set_attribute(attribute:"patch_publication_date", value:"2014/03/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/14");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:digium:asterisk");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.");
script_dependencies("asterisk_detection.nasl");
script_require_keys("asterisk/sip_detected", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
get_kb_item_or_exit("asterisk/sip_detected");
# see if we were able to get version info from the Asterisk SIP services
asterisk_kbs = get_kb_list("sip/asterisk/*/version");
if (isnull(asterisk_kbs)) exit(1, "Could not obtain any version information from the Asterisk SIP instance(s).");
# Prevent potential false positives.
if (report_paranoia < 2) audit(AUDIT_PARANOID);
is_vuln = FALSE;
not_vuln_installs = make_list();
errors = make_list();
foreach kb_name (keys(asterisk_kbs))
{
vulnerable = 0;
matches = eregmatch(pattern:"/(udp|tcp)/([0-9]+)/version", string:kb_name);
if (isnull(matches))
{
errors = make_list(errors, "Unexpected error parsing port number from '"+kb_name+"'.");
continue;
}
proto = matches[1];
port = matches[2];
version = asterisk_kbs[kb_name];
if (version == 'unknown')
{
errors = make_list(errors, "Unable to obtain version of install on " + proto + "/" + port + ".");
continue;
}
banner = get_kb_item("sip/asterisk/" + proto + "/" + port + "/source");
if (!banner)
{
# We have version but banner is missing; log error
# and use in version-check though.
errors = make_list(errors, "KB item 'sip/asterisk/" + proto + "/" + port + "/source' is missing.");
banner = 'unknown';
}
# Open Source 12.x < 12.1.1
fixed = "12.1.1";
if (
version =~ "^12" &&
(ver_compare(ver:version, fix:fixed, app:"asterisk") == -1) &&
"cert" >!< tolower(version)
)
{
is_vuln = TRUE;
if (report_verbosity > 0)
{
report =
'\n Version source : ' + banner +
'\n Installed version : ' + version +
'\n Fixed version : ' + fixed + '\n';
security_warning(port:port, proto:proto, extra:report);
}
else security_warning(port:port, proto:proto);
}
else not_vuln_installs = make_list(not_vuln_installs, version + " on port " + proto + "/" + port);
}
if (max_index(errors))
{
if (max_index(errors) == 1) errmsg = errors[0];
else errmsg = 'Errors were encountered verifying installs : \n ' + join(errors, sep:'\n ');
exit(1, errmsg);
}
else
{
installs = max_index(not_vuln_installs);
if (installs == 0)
{
if (is_vuln)
exit(0);
else
audit(AUDIT_NOT_INST, "Asterisk");
}
else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, "Asterisk " + not_vuln_installs[0]);
else exit(0, "The Asterisk installs (" + join(not_vuln_installs, sep:", ") + ") are not affected.");
}
{"id": "ASTERISK_AST_2014_003.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Asterisk PJSIP Channel Driver Options DoS (AST-2014-003)", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. \n\nA flaw exists in the PJSIP channel driver when the 'quality_frequency' configuration is enabled on an AOR when the SIP server's challenges for authentication challenges of the 'OPTIONS' request. A remote attacker could use a specially crafted request to crash the program. \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2014-03-14T00:00:00", "modified": "2022-04-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/73021", "reporter": "This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.", "references": ["http://downloads.asterisk.org/pub/security/AST-2014-003.html", "https://issues.asterisk.org/jira/browse/ASTERISK-23210", "http://www.nessus.org/u?9933e282", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2288"], "cvelist": ["CVE-2014-2288"], "immutableFields": [], "lastseen": "2022-04-16T14:02:52", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2288"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-2288"]}, {"type": "freebsd", "idList": ["03159886-A8A3-11E3-8F36-0025905A4771"]}, {"type": "gentoo", "idList": ["GLSA-201405-05"]}, {"type": "nessus", "idList": ["FEDORA_2014-3762.NASL", "FEDORA_2014-3779.NASL", "FREEBSD_PKG_03159886A8A311E38F360025905A4771.NASL", "GENTOO_GLSA-201405-05.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121180"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30355", "SECURITYVULNS:VULN:13599"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-2288"]}], "rev": 4}, "score": {"value": 5.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2014-2288"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-2288"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201405-05.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813197"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13599"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-2288"]}]}, "exploitation": null, "vulnersScore": 5.9}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "pluginID": "73021", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73021);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-2288\");\n script_bugtraq_id(66104);\n\n script_name(english:\"Asterisk PJSIP Channel Driver Options DoS (AST-2014-003)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by a\ndenial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version in its SIP banner, the version of Asterisk\nrunning on the remote host is potentially affected by a denial of\nservice vulnerability. \n\nA flaw exists in the PJSIP channel driver when the 'quality_frequency'\nconfiguration is enabled on an AOR when the SIP server's challenges for\nauthentication challenges of the 'OPTIONS' request. A remote attacker\ncould use a specially crafted request to crash the program. \n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n # https://www.asterisk.org/downloads/asterisk-news/security-release-asterisk-1815-cert5-18261-116-cert2-1181-1211-now-available\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9933e282\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2014-003.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-23210\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk 12.1.1 or apply the appropriate patch listed in\nthe Asterisk advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/14\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\n# see if we were able to get version info from the Asterisk SIP services\nasterisk_kbs = get_kb_list(\"sip/asterisk/*/version\");\nif (isnull(asterisk_kbs)) exit(1, \"Could not obtain any version information from the Asterisk SIP instance(s).\");\n\n# Prevent potential false positives.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from '\"+kb_name+\"'.\");\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port + \".\");\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing; log error\n # and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing.\");\n banner = 'unknown';\n }\n\n # Open Source 12.x < 12.1.1\n fixed = \"12.1.1\";\n\n if (\n version =~ \"^12\" &&\n (ver_compare(ver:version, fix:fixed, app:\"asterisk\") == -1) &&\n \"cert\" >!< tolower(version)\n )\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed + '\\n';\n security_warning(port:port, proto:proto, extra:report);\n }\n else security_warning(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln)\n exit(0);\n else\n audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk \" + not_vuln_installs[0]);\n else exit(0, \"The Asterisk installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "naslFamily": "Misc.", "cpe": ["cpe:/a:digium:asterisk"], "solution": "Upgrade to Asterisk 12.1.1 or apply the appropriate patch listed in the Asterisk advisory.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2014-03-10T00:00:00", "vulnerabilityPublicationDate": "2014-03-10T00:00:00", "exploitableWith": []}
{"securityvulns": [{"lastseen": "2018-08-31T11:10:50", "description": "\r\n\r\n Asterisk Project Security Advisory - AST-2014-003\r\n\r\n Product Asterisk \r\n Summary Remote Crash Vulnerability in PJSIP channel driver \r\n Nature of Advisory Denial of Service \r\n Susceptibility Remote Unauthenticated Sessions \r\n Severity Moderate \r\n Exploits Known No \r\n Reported On January 29, 2014 \r\n Reported By Joshua Colp <jcolp AT digium DOT com> \r\n Posted On March 10, 2014 \r\n Last Updated On March 10, 2014 \r\n Advisory Contact Joshua Colp <jcolp AT digium DOT com> \r\n CVE Name CVE-2014-2288 \r\n\r\n Description A remotely exploitable crash vulnerability exists in the \r\n PJSIP channel driver if the "qualify_frequency" \r\n configuration option is enabled on an AOR and the remote \r\n SIP server challenges for authentication of the resulting \r\n OPTIONS request. The response handling code wrongly assumes \r\n that a PJSIP endpoint will always be associated with an \r\n outgoing request which is incorrect. \r\n\r\n Resolution This patch adds a check when handling responses challenging \r\n for authentication. If no endpoint is associated with the \r\n request no retry with authentication will occur. \r\n\r\n Affected Versions\r\n Product Release Series \r\n Asterisk Open Source 12.x All \r\n\r\n Corrected In \r\n Product Release \r\n Asterisk Open Source 12.x 12.1.1 \r\n\r\n Patches \r\n SVN URL Revision \r\n http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff Asterisk \r\n 12 \r\n\r\n Links https://issues.asterisk.org/jira/browse/ASTERISK-23210 \r\n\r\n Asterisk Project Security Advisories are posted at \r\n http://www.asterisk.org/security \r\n \r\n This document may be superseded by later versions; if so, the latest \r\n version will be posted at \r\n http://downloads.digium.com/pub/security/AST-2014-003.pdf and \r\n http://downloads.digium.com/pub/security/AST-2014-003.html \r\n\r\n Revision History\r\n Date Editor Revisions Made \r\n 03/05/14 Joshua Colp Document Creation \r\n\r\n Asterisk Project Security Advisory - AST-2014-003\r\n Copyright (c) 2014 Digium, Inc. All Rights Reserved.\r\n Permission is hereby granted to distribute and publish this advisory in its\r\n original, unaltered form.\r\n", "edition": 1, "cvss3": {}, "published": "2014-03-13T00:00:00", "title": "AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-2288"], "modified": "2014-03-13T00:00:00", "id": "SECURITYVULNS:DOC:30355", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30355", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:47:30", "description": "Buffer overflow, DoS.", "edition": 2, "cvss3": {}, "published": "2014-03-13T00:00:00", "title": "Asterisk multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-2286", "CVE-2014-2289", "CVE-2014-2287", "CVE-2014-2288"], "modified": "2014-03-13T00:00:00", "id": "SECURITYVULNS:VULN:13599", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13599", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2022-03-23T12:34:37", "description": "The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency \"is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request,\" allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.", "cvss3": {}, "published": "2014-04-18T22:14:00", "type": "cve", "title": "CVE-2014-2288", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2288"], "modified": "2014-04-21T17:50:00", "cpe": ["cpe:/a:digium:asterisk:12.0.0", "cpe:/a:digium:asterisk:12.1.0"], "id": "CVE-2014-2288", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2288", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2021-11-22T21:51:55", "description": "The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when\nqualify_frequency \"is enabled on an AOR and the remote SIP server\nchallenges for authentication of the resulting OPTIONS request,\" allows\nremote attackers to cause a denial of service (crash) via a PJSIP endpoint\nthat does not have an associated outgoing request.", "cvss3": {}, "published": "2014-04-18T00:00:00", "type": "ubuntucve", "title": "CVE-2014-2288", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2288"], "modified": "2014-04-18T00:00:00", "id": "UB:CVE-2014-2288", "href": "https://ubuntu.com/security/CVE-2014-2288", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-05-15T07:30:06", "description": "The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency \"is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request,\" allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.", "cvss3": {}, "published": "2014-04-18T22:14:00", "type": "debiancve", "title": "CVE-2014-2288", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2288"], "modified": "2014-04-18T22:14:00", "id": "DEBIANCVE:CVE-2014-2288", "href": "https://security-tracker.debian.org/tracker/CVE-2014-2288", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:50:53", "description": "The Asterisk project reports :\n\nStack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request.\n\nDenial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers. An attacker can use all available file descriptors using SIP INVITE requests. Asterisk will respond with code 400, 420, or 422 for INVITEs meeting this criteria. Each INVITE meeting these conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly.\n\nRemote Crash Vulnerability in PJSIP channel driver. A remotely exploitable crash vulnerability exists in the PJSIP channel driver if the 'qualify_frequency' configuration option is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request. The response handling code wrongly assumes that a PJSIP endpoint will always be associated with an outgoing request which is incorrect.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-12T00:00:00", "type": "nessus", "title": "FreeBSD : asterisk -- multiple vulnerabilities (03159886-a8a3-11e3-8f36-0025905a4771)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2286", "CVE-2014-2287", "CVE-2014-2288"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:asterisk11", "p-cpe:/a:freebsd:freebsd:asterisk18", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_03159886A8A311E38F360025905A4771.NASL", "href": "https://www.tenable.com/plugins/nessus/72953", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72953);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\", \"CVE-2014-2288\");\n\n script_name(english:\"FreeBSD : asterisk -- multiple vulnerabilities (03159886-a8a3-11e3-8f36-0025905a4771)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk project reports :\n\nStack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP\nrequest that is handled by Asterisk with a large number of Cookie\nheaders could overflow the stack. You could even exhaust memory if you\nsent an unlimited number of headers in the request.\n\nDenial of Service Through File Descriptor Exhaustion with chan_sip\nSession-Timers. An attacker can use all available file descriptors\nusing SIP INVITE requests. Asterisk will respond with code 400, 420,\nor 422 for INVITEs meeting this criteria. Each INVITE meeting these\nconditions will leak a channel and several file descriptors. The file\ndescriptors cannot be released without restarting Asterisk which may\nallow intrusion detection systems to be bypassed by sending the\nrequests slowly.\n\nRemote Crash Vulnerability in PJSIP channel driver. A remotely\nexploitable crash vulnerability exists in the PJSIP channel driver if\nthe 'qualify_frequency' configuration option is enabled on an AOR and\nthe remote SIP server challenges for authentication of the resulting\nOPTIONS request. The response handling code wrongly assumes that a\nPJSIP endpoint will always be associated with an outgoing request\nwhich is incorrect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-001.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-002.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-003.pdf\"\n );\n # https://www.asterisk.org/security\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.asterisk.org/downloads/security-advisories\"\n );\n # https://vuxml.freebsd.org/freebsd/03159886-a8a3-11e3-8f36-0025905a4771.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43eb0eef\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk18\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"asterisk11<11.8.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk18<1.8.26.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:50:20", "description": "The remote host is affected by the vulnerability described in GLSA-201405-05 (Asterisk: Denial of Service)\n\n Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details.\n Impact :\n\n A remote attacker could possibly cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2014-05-05T00:00:00", "type": "nessus", "title": "GLSA-201405-05 : Asterisk: Denial of Service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2286", "CVE-2014-2287", "CVE-2014-2288", "CVE-2014-2289"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:asterisk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201405-05.NASL", "href": "https://www.tenable.com/plugins/nessus/73861", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201405-05.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73861);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\", \"CVE-2014-2288\", \"CVE-2014-2289\");\n script_bugtraq_id(66093, 66094, 66096, 66104);\n script_xref(name:\"GLSA\", value:\"201405-05\");\n\n script_name(english:\"GLSA-201405-05 : Asterisk: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201405-05\n(Asterisk: Denial of Service)\n\n Multiple vulnerabilities have been discovered in Asterisk. Please review\n the CVE identifiers and Asterisk Project Security Advisories referenced\n below for details.\n \nImpact :\n\n A remote attacker could possibly cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://downloads.asterisk.org/pub/security/AST-2014-001.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://downloads.asterisk.org/pub/security/AST-2014-002.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://downloads.asterisk.org/pub/security/AST-2014-003.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://downloads.asterisk.org/pub/security/AST-2014-004.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201405-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Asterisk 11.* users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/asterisk-11.8.1'\n All Asterisk 1.8.* users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.8.26.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/asterisk\", unaffected:make_list(\"ge 11.8.1\", \"rge 1.8.26.1\"), vulnerable:make_list(\"lt 11.8.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Asterisk\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:50:56", "description": "The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security releases are released as versions 1.8.15-cert5, 11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.\n\nThese releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - AST-2014-001: Stack overflow in HTTP processing of Cookie headers.\n\n Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack.\n\n Another vulnerability along similar lines is any HTTP request with a ridiculous number of headers in the request could exhaust system memory.\n\n - AST-2014-002: chan_sip: Exit early on bad session timers request\n\n This change allows chan_sip to avoid creation of the channel and consumption of associated file descriptors altogether if the inbound request is going to be rejected anyway.\n\nAdditionally, the release of 12.1.1 resolves the following issue :\n\n - AST-2014-003: res_pjsip: When handling 401/407 responses don't assume a request will have an endpoint.\n\n This change removes the assumption that an outgoing request will always have an endpoint and makes the authenticate_qualify option work once again.\n\nFinally, a security advisory, AST-2014-004, was released for a vulnerability fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are encouraged to upgrade to 12.1.1 to resolve both vulnerabilities.\n\nThese issues and their resolutions are described in the security advisories.\n\nFor more information about the details of these vulnerabilities, please read security advisories AST-2014-001, AST-2014-002, AST-2014-003, and AST-2014-004, which were released at the same time as this announcement.\n\nFor a full list of changes in the current releases, please see the ChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-1.8.15-cert5 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8.26.1 http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-11.6-cert2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-11.8.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-12.1.1\n\nThe security advisories are available at :\n\n - http://downloads.asterisk.org/pub/security/AST-2014-001.\n pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 2.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 3.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 4.pdf The Asterisk Development Team has announced the release of Asterisk 11.8.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 11.8.0 resolves several issues reported by the community and would have not been possible without your participation.\nThank you!\n\nThe following are the issues resolved in this release :\n\nBugs fixed in this release :\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-22T00:00:00", "type": "nessus", "title": "Fedora 19 : asterisk-11.8.1-1.fc19 (2014-3779)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2286", "CVE-2014-2287", "CVE-2014-2288", "CVE-2014-2289"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:asterisk", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-3779.NASL", "href": "https://www.tenable.com/plugins/nessus/73142", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3779.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73142);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\", \"CVE-2014-2288\", \"CVE-2014-2289\");\n script_bugtraq_id(66093, 66094);\n script_xref(name:\"FEDORA\", value:\"2014-3779\");\n\n script_name(english:\"Fedora 19 : asterisk-11.8.1-1.fc19 (2014-3779)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk Development Team has announced security releases for\nCertified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The\navailable security releases are released as versions 1.8.15-cert5,\n11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.\n\nThese releases are available for immediate download at\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - AST-2014-001: Stack overflow in HTTP processing of\n Cookie headers.\n\n Sending a HTTP request that is handled by Asterisk with\n a large number of Cookie headers could overflow the\n stack.\n\n Another vulnerability along similar lines is any HTTP\n request with a ridiculous number of headers in the\n request could exhaust system memory.\n\n - AST-2014-002: chan_sip: Exit early on bad session timers\n request\n\n This change allows chan_sip to avoid creation of the\n channel and consumption of associated file descriptors\n altogether if the inbound request is going to be\n rejected anyway.\n\nAdditionally, the release of 12.1.1 resolves the following issue :\n\n - AST-2014-003: res_pjsip: When handling 401/407 responses\n don't assume a request will have an endpoint.\n\n This change removes the assumption that an outgoing\n request will always have an endpoint and makes the\n authenticate_qualify option work once again.\n\nFinally, a security advisory, AST-2014-004, was released for a\nvulnerability fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are\nencouraged to upgrade to 12.1.1 to resolve both vulnerabilities.\n\nThese issues and their resolutions are described in the security\nadvisories.\n\nFor more information about the details of these vulnerabilities,\nplease read security advisories AST-2014-001, AST-2014-002,\nAST-2014-003, and AST-2014-004, which were released at the same time\nas this announcement.\n\nFor a full list of changes in the current releases, please see the\nChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release\ns/ChangeLog-1.8.15-cert5\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-1.8.26.1\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release\ns/ChangeLog-11.6-cert2\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-11.8.1\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-12.1.1\n\nThe security advisories are available at :\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-001.\n pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 2.pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 3.pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 4.pdf The Asterisk Development Team has announced the\n release of Asterisk 11.8.0. This release is available\n for immediate download at\n http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 11.8.0 resolves several issues reported by the\ncommunity and would have not been possible without your participation.\nThank you!\n\nThe following are the issues resolved in this release :\n\nBugs fixed in this release :\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-001.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-002.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-003.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-004.pdf\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/releases/\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.26.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68336dff\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.8.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cbb290c2\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.1.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a9e33d8\"\n );\n # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d221303\"\n );\n # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd1dec6c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1074825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1074827\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7456a7c2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"asterisk-11.8.1-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:50:54", "description": "The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security releases are released as versions 1.8.15-cert5, 11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.\n\nThese releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - AST-2014-001: Stack overflow in HTTP processing of Cookie headers.\n\n Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack.\n\n Another vulnerability along similar lines is any HTTP request with a ridiculous number of headers in the request could exhaust system memory.\n\n - AST-2014-002: chan_sip: Exit early on bad session timers request\n\n This change allows chan_sip to avoid creation of the channel and consumption of associated file descriptors altogether if the inbound request is going to be rejected anyway.\n\nAdditionally, the release of 12.1.1 resolves the following issue :\n\n - AST-2014-003: res_pjsip: When handling 401/407 responses don't assume a request will have an endpoint.\n\n This change removes the assumption that an outgoing request will always have an endpoint and makes the authenticate_qualify option work once again.\n\nFinally, a security advisory, AST-2014-004, was released for a vulnerability fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are encouraged to upgrade to 12.1.1 to resolve both vulnerabilities.\n\nThese issues and their resolutions are described in the security advisories.\n\nFor more information about the details of these vulnerabilities, please read security advisories AST-2014-001, AST-2014-002, AST-2014-003, and AST-2014-004, which were released at the same time as this announcement.\n\nFor a full list of changes in the current releases, please see the ChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-1.8.15-cert5 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8.26.1 http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-11.6-cert2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-11.8.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-12.1.1\n\nThe security advisories are available at :\n\n - http://downloads.asterisk.org/pub/security/AST-2014-001.\n pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 2.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 3.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 4.pdf The Asterisk Development Team has announced the release of Asterisk 11.8.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 11.8.0 resolves several issues reported by the community and would have not been possible without your participation.\nThank you!\n\nThe following are the issues resolved in this release :\n\nBugs fixed in this release :\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-22T00:00:00", "type": "nessus", "title": "Fedora 20 : asterisk-11.8.1-1.fc20 (2014-3762)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2286", "CVE-2014-2287", "CVE-2014-2288", "CVE-2014-2289"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:asterisk", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-3762.NASL", "href": "https://www.tenable.com/plugins/nessus/73141", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3762.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73141);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\", \"CVE-2014-2288\", \"CVE-2014-2289\");\n script_bugtraq_id(66093, 66094);\n script_xref(name:\"FEDORA\", value:\"2014-3762\");\n\n script_name(english:\"Fedora 20 : asterisk-11.8.1-1.fc20 (2014-3762)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk Development Team has announced security releases for\nCertified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The\navailable security releases are released as versions 1.8.15-cert5,\n11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.\n\nThese releases are available for immediate download at\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - AST-2014-001: Stack overflow in HTTP processing of\n Cookie headers.\n\n Sending a HTTP request that is handled by Asterisk with\n a large number of Cookie headers could overflow the\n stack.\n\n Another vulnerability along similar lines is any HTTP\n request with a ridiculous number of headers in the\n request could exhaust system memory.\n\n - AST-2014-002: chan_sip: Exit early on bad session timers\n request\n\n This change allows chan_sip to avoid creation of the\n channel and consumption of associated file descriptors\n altogether if the inbound request is going to be\n rejected anyway.\n\nAdditionally, the release of 12.1.1 resolves the following issue :\n\n - AST-2014-003: res_pjsip: When handling 401/407 responses\n don't assume a request will have an endpoint.\n\n This change removes the assumption that an outgoing\n request will always have an endpoint and makes the\n authenticate_qualify option work once again.\n\nFinally, a security advisory, AST-2014-004, was released for a\nvulnerability fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are\nencouraged to upgrade to 12.1.1 to resolve both vulnerabilities.\n\nThese issues and their resolutions are described in the security\nadvisories.\n\nFor more information about the details of these vulnerabilities,\nplease read security advisories AST-2014-001, AST-2014-002,\nAST-2014-003, and AST-2014-004, which were released at the same time\nas this announcement.\n\nFor a full list of changes in the current releases, please see the\nChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release\ns/ChangeLog-1.8.15-cert5\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-1.8.26.1\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release\ns/ChangeLog-11.6-cert2\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-11.8.1\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-12.1.1\n\nThe security advisories are available at :\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-001.\n pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 2.pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 3.pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 4.pdf The Asterisk Development Team has announced the\n release of Asterisk 11.8.0. This release is available\n for immediate download at\n http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 11.8.0 resolves several issues reported by the\ncommunity and would have not been possible without your participation.\nThank you!\n\nThe following are the issues resolved in this release :\n\nBugs fixed in this release :\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-001.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-002.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-003.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-004.pdf\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/releases/\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.26.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68336dff\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.8.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cbb290c2\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.1.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a9e33d8\"\n );\n # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d221303\"\n );\n # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd1dec6c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1074825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1074827\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?52b913c8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"asterisk-11.8.1-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\nThe Asterisk project reports:\n\nStack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP\n\t request that is handled by Asterisk with a large number of Cookie\n\t headers could overflow the stack. You could even exhaust memory if you\n\t sent an unlimited number of headers in the request.\nDenial of Service Through File Descriptor Exhaustion with chan_sip\n\t Session-Timers. An attacker can use all available file descriptors\n\t using SIP INVITE requests. Asterisk will respond with code 400, 420,\n\t or 422 for INVITEs meeting this criteria.\n\t Each INVITE meeting these conditions will leak a channel and several\n\t file descriptors. The file descriptors cannot be released without\n\t restarting Asterisk which may allow intrusion detection systems to be\n\t bypassed by sending the requests slowly.\nRemote Crash Vulnerability in PJSIP channel driver. A remotely\n\t exploitable crash vulnerability exists in the PJSIP channel driver if\n\t the \"qualify_frequency\" configuration option is enabled on an AOR and\n\t the remote SIP server challenges for authentication of the resulting\n\t OPTIONS request. The response handling code wrongly assumes that a\n\t PJSIP endpoint will always be associated with an outgoing request which\n\t is incorrect.\n\n\n", "cvss3": {}, "published": "2014-03-10T00:00:00", "type": "freebsd", "title": "asterisk -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2286", "CVE-2014-2287", "CVE-2014-2288"], "modified": "2014-03-10T00:00:00", "id": "03159886-A8A3-11E3-8F36-0025905A4771", "href": "https://vuxml.freebsd.org/freebsd/03159886-a8a3-11e3-8f36-0025905a4771.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:08:58", "description": "### Background\n\nAsterisk is an open source telephony engine and toolkit.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details. \n\n### Impact\n\nA remote attacker could possibly cause a Denial of Service condition.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Asterisk 11.* users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/asterisk-11.8.1\"\n \n\nAll Asterisk 1.8.* users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/asterisk-1.8.26.1\"", "cvss3": {}, "published": "2014-05-03T00:00:00", "type": "gentoo", "title": "Asterisk: Denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2286", "CVE-2014-2287", "CVE-2014-2288", "CVE-2014-2289"], "modified": "2014-05-03T00:00:00", "id": "GLSA-201405-05", "href": "https://security.gentoo.org/glsa/201405-05", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:36:07", "description": "Gentoo Linux Local Security Checks GLSA 201405-05", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201405-05", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2286", "CVE-2014-2289", "CVE-2014-2287", "CVE-2014-2288"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121180", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121180", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201405-05.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121180\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:07 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201405-05\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201405-05\");\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\", \"CVE-2014-2288\", \"CVE-2014-2289\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201405-05\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-misc/asterisk\", unaffected: make_list(\"ge 11.8.1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/asterisk\", unaffected: make_list(\"ge 1.8.26.1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/asterisk\", unaffected: make_list(), vulnerable: make_list(\"lt 11.8.1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
