Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.FEDORA_2009-11070.NASL
HistoryNov 25, 2009 - 12:00 a.m.

Fedora 11 : asterisk-1.6.1.9-1.fc11 (2009-11070)

2009-11-2500:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
13
JSON
  • Wed Nov 4 2009 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.6.1.9-1 - Update to 1.6.1.9 to fix AST-2009-009/CVE-2008-7220 and AST-2009-008 - Fix obsoletes for firmware subpackage

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2009-11070.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(42883);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2008-7220", "CVE-2009-3727");
  script_bugtraq_id(36926);
  script_xref(name:"FEDORA", value:"2009-11070");

  script_name(english:"Fedora 11 : asterisk-1.6.1.9-1.fc11 (2009-11070)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Wed Nov 4 2009 Jeffrey C. Ollie <jeff at ocjtech.us> -
    1.6.1.9-1 - Update to 1.6.1.9 to fix
    AST-2009-009/CVE-2008-7220 and AST-2009-008 - Fix
    obsoletes for firmware subpackage

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=523277"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=533137"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2009-November/031285.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?46de86d5"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected asterisk package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(200);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/11/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC11", reference:"asterisk-1.6.1.9-1.fc11")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "asterisk");
}
VendorProductVersionCPE
fedoraprojectfedoraasteriskp-cpe:/a:fedoraproject:fedora:asterisk
fedoraprojectfedora11cpe:/o:fedoraproject:fedora:11

Related

nessus 3
openvas 15
cve 2
prion 2
ibm 2
fedora 5
ubuntucve 2
seebug 1
debiancve 2
securityvulns 1
cvelist 2
gentoo 1
osv 1
debian 1
nessus
nessus
Fedora 10 : asterisk-1.6.0.17-2.fc10 (2009-11126)
2009-11-25 00:00:00
GLSA-201006-20 : Asterisk: Multiple vulnerabilities
2010-06-04 00:00:00
Debian DSA-1952-1 : asterisk - several vulnerabilities, end-of-life announcement in oldstable
2010-02-24 00:00:00
openvas
openvas
Fedora Core 11 FEDORA-2009-11070 (asterisk)
2009-12-03 00:00:00
Gentoo Security Advisory GLSA 201006-20 (asterisk)
2011-03-09 00:00:00
Gentoo Security Advisory GLSA 201006-20 (asterisk)
2011-03-09 00:00:00
cve
cve
CVE-2008-7220
2009-09-13 22:30:00
CVE-2009-3727
2009-11-10 18:30:00
prion
prion
Cross site scripting
2009-09-13 22:30:00
Authorization
2009-11-10 18:30:00
ibm
ibm
Security Bulletin: IBM Sterling B2B Integrator vulnerable to cross-site Ajax request vulnerability due to Prototype JavaScript (CVE-2008-7220)
2022-05-13 14:58:22
Security Bulletin: JavaScript vulnerability affects IBM Sterling B2B Integrator (CVE-2008-7220)
2020-02-05 00:53:36
fedora
fedora
[SECURITY] Fedora 11 Update: asterisk-1.6.1.9-1.fc11
2009-11-24 07:31:23
[SECURITY] Fedora 11 Update: asterisk-1.6.1.11-1.fc11
2009-12-22 04:45:24
[SECURITY] Fedora 10 Update: asterisk-1.6.0.17-2.fc10
2009-11-24 07:43:45
ubuntucve
ubuntucve
CVE-2008-7220
2009-09-13 00:00:00
CVE-2009-3727
2009-11-10 00:00:00
seebug
seebug
Prototype JavaScript Frameworkθ·¨η«™Ajaxθ―·ζ±‚ζΌζ΄ž
2009-11-07 00:00:00
debiancve
debiancve
CVE-2008-7220
2009-09-13 22:30:00
CVE-2009-3727
2009-11-10 18:30:00
securityvulns
securityvulns
AST-2009-009: Cross-site AJAX request vulnerability
2009-11-05 00:00:00
cvelist
cvelist
CVE-2008-7220
2009-09-13 22:00:00
CVE-2009-3727
2009-11-10 18:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2010-06-04 00:00:00
osv
osv
asterisk - several vulnerabilities
2009-12-15 00:00:00
debian
debian
[SECURITY] [DSA 1952-1] New asterisk packages fix several vulnerabilities
2009-12-15 13:06:53
JSON
Related for FEDORA_2009-11070.NASL
nessus3openvas15cve2prion2ibm2fedora5ubuntucve2seebug1debiancve2securityvulns1cvelist2gentoo1osv1debian1