Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2008-0199.
#
include("compat.inc");
if (description)
{
script_id(29848);
script_version ("$Revision: 1.11 $");
script_cvs_date("$Date: 2015/10/21 22:04:03 $");
script_cve_id("CVE-2008-0095");
script_bugtraq_id(27110);
script_xref(name:"FEDORA", value:"2008-0199");
script_name(english:"Fedora 8 : asterisk-1.4.17-1.fc8 (2008-0199)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Fixes AST-2008-001. See :
http://downloads.digium.com/pub/security/AST-2008-001.html
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"http://downloads.digium.com/pub/security/AST-2008-001.html"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2008-January/006520.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?e16e9ca9"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-alsa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-conference");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-fax");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-festival");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-firmware");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-jabber");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-misdn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-mobile");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-oss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-postgresql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-radius");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-skinny");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-tds");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-voicemail");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-voicemail-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-voicemail-odbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-voicemail-plain");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk-zaptel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");
script_set_attribute(attribute:"patch_publication_date", value:"2008/01/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/04");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC8", reference:"asterisk-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-alsa-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-conference-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-curl-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-debuginfo-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-devel-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-fax-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-festival-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-firmware-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-jabber-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-misdn-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-mobile-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-odbc-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-oss-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-postgresql-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-radius-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-skinny-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-snmp-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-tds-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-voicemail-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-voicemail-imap-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-voicemail-odbc-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-voicemail-plain-1.4.17-1.fc8")) flag++;
if (rpm_check(release:"FC8", reference:"asterisk-zaptel-1.4.17-1.fc8")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "asterisk / asterisk-alsa / asterisk-conference / asterisk-curl / etc");
}
{"result": {"cve": [{"id": "CVE-2008-0095", "type": "cve", "title": "CVE-2008-0095", "description": "The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.", "published": "2008-01-07T21:46:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0095", "cvelist": ["CVE-2008-0095"], "lastseen": "2017-08-08T11:24:27"}], "openvas": [{"id": "OPENVAS:860433", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2008-0198", "description": "Check for the Version of asterisk", "published": "2009-02-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860433", "cvelist": ["CVE-2008-0095"], "lastseen": "2017-07-25T10:57:06"}, {"id": "OPENVAS:860909", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2008-0199", "description": "Check for the Version of asterisk", "published": "2009-02-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860909", "cvelist": ["CVE-2008-0095"], "lastseen": "2017-07-25T10:56:54"}], "osvdb": [{"id": "OSVDB:39841", "type": "osvdb", "title": "Asterisk BYE/Also Transfer Method DoS", "description": "## Technical Description\nSuccessful exploitation requires that a dialog has already been established.\n## Solution Description\nUpgrade to version version C.1.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nAsterisk BYE/Also Transfer Method DoS\n## References:\nVendor Specific News/Changelog Entry: http://bugs.digium.com/view.php?id=11637\nVendor Specific News/Changelog Entry: http://downloads.digium.com/pub/security/AST-2008-001.html\nSecurity Tracker: 1019152\n[Secunia Advisory ID:28312](https://secuniaresearch.flexerasoftware.com/advisories/28312/)\n[Secunia Advisory ID:28299](https://secuniaresearch.flexerasoftware.com/advisories/28299/)\nOther Advisory URL: http://downloads.digium.com/pub/security/AST-2008-001.html\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00166.html\nFrSIRT Advisory: ADV-2008-0019\n[CVE-2008-0095](https://vulners.com/cve/CVE-2008-0095)\nBugtraq ID: 27110\n", "published": "2008-01-03T20:19:16", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:39841", "cvelist": ["CVE-2008-0095"], "lastseen": "2017-04-28T13:20:35"}], "exploitdb": [{"id": "EDB-ID:30974", "type": "exploitdb", "title": "Asterisk 1.x - BYE Message Remote Denial of Service Vulnerability", "description": "Asterisk 1.x BYE Message Remote Denial of Service Vulnerability. CVE-2008-0095. Dos exploits for multiple platform", "published": "2008-01-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/30974/", "cvelist": ["CVE-2008-0095"], "lastseen": "2016-02-03T13:33:58"}], "zdt": [{"id": "1337DAY-ID-22123", "type": "zdt", "title": "Asterisk 1.x - BYE Message Remote Denial of Service Vulnerability", "description": "Exploit for multiple platform in category dos / poc", "published": "2014-04-09T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://0day.today/exploit/description/22123", "cvelist": ["CVE-2008-0095"], "lastseen": "2018-03-14T09:18:57"}], "nessus": [{"id": "FEDORA_2008-0198.NASL", "type": "nessus", "title": "Fedora 7 : asterisk-1.4.17-1.fc7 (2008-0198)", "description": "Fixes AST-2008-001. See :\n\nhttp://downloads.digium.com/pub/security/AST-2008-001.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-01-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29847", "cvelist": ["CVE-2008-0095"], "lastseen": "2017-10-29T13:44:33"}]}}
