Lucene search
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.DEBIAN_DSA-1229.NASLHistoryDec 11, 2006 - 12:00 a.m.
Debian DSA-1229-1 : asterisk - integer overflow
2006-12-1100:00:00
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
www.tenable.com
10
Adam Boileau discovered an integer overflow in the Skinny channel driver in Asterisk, an Open Source Private Branch Exchange or telephone system, as used by Cisco SCCP phones, which allows remote attackers to execute arbitrary code.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-1229. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(23790);
script_version("1.20");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2006-5444");
script_bugtraq_id(20617);
script_xref(name:"CERT", value:"521252");
script_xref(name:"DSA", value:"1229");
script_name(english:"Debian DSA-1229-1 : asterisk - integer overflow");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Adam Boileau discovered an integer overflow in the Skinny channel
driver in Asterisk, an Open Source Private Branch Exchange or
telephone system, as used by Cisco SCCP phones, which allows remote
attackers to execute arbitrary code."
);
script_set_attribute(
attribute:"see_also",
value:"http://www.debian.org/security/2006/dsa-1229"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the asterisk packages.
For the stable distribution (sarge) this problem has been fixed in
version 1.0.7.dfsg.1-2sarge4."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
script_set_attribute(attribute:"patch_publication_date", value:"2006/12/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/11");
script_set_attribute(attribute:"vuln_publication_date", value:"2006/10/18");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"3.1", prefix:"asterisk", reference:"1.0.7.dfsg.1-2sarge4")) flag++;
if (deb_check(release:"3.1", prefix:"asterisk-config", reference:"1.0.7.dfsg.1-2sarge4")) flag++;
if (deb_check(release:"3.1", prefix:"asterisk-dev", reference:"1.0.7.dfsg.1-2sarge4")) flag++;
if (deb_check(release:"3.1", prefix:"asterisk-doc", reference:"1.0.7.dfsg.1-2sarge4")) flag++;
if (deb_check(release:"3.1", prefix:"asterisk-gtk-console", reference:"1.0.7.dfsg.1-2sarge4")) flag++;
if (deb_check(release:"3.1", prefix:"asterisk-h323", reference:"1.0.7.dfsg.1-2sarge4")) flag++;
if (deb_check(release:"3.1", prefix:"asterisk-sounds-main", reference:"1.0.7.dfsg.1-2sarge4")) flag++;
if (deb_check(release:"3.1", prefix:"asterisk-web-vmail", reference:"1.0.7.dfsg.1-2sarge4")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | asterisk | p-cpe:/a:debian:debian_linux:asterisk |
| debian | debian_linux | 3.1 | cpe:/o:debian:debian_linux:3.1 |
Related
openvas
openvas
Debian: Security Advisory (DSA-1229-1)
2008-01-17 00:00:00
FreeBSD Ports: asterisk, asterisk-bristuff
2008-09-04 00:00:00
Debian Security Advisory DSA 1229-1 (asterisk)
2008-01-17 00:00:00
cert
cert
ubuntucve
ubuntucve
CVE-2006-5444
2006-10-23 00:00:00
nessus
nessus
SUSE-SA:2006:069: asterisk
2007-02-18 00:00:00
openSUSE 10 Security Update : asterisk (asterisk-2272)
2007-10-17 00:00:00
cve
cve
CVE-2006-5444
2006-10-23 17:07:00
debian
debian
[SECURITY] [DSA 1229-1] New Asterisk packages fix arbitrary code execution
2006-12-06 00:00:00
cvelist
cvelist
CVE-2006-5444
2006-10-23 17:00:00
debiancve
debiancve
CVE-2006-5444
2006-10-23 17:07:00
suse
suse
remote denial of service in asterisk
2006-11-16 19:14:32
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2006-10-30 00:00:00
Related for DEBIAN_DSA-1229.NASL