Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 Tenable Network Security, Inc.FEDORA_2010-3724.NASL
HistoryJul 01, 2010 - 12:00 a.m.

Fedora 11 : asterisk-1.6.1.17-1.fc11 (2010-3724)

2010-07-0100:00:00
This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.
www.tenable.com
20

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.342 Low

EPSS

Percentile

97.1%

JSON

Update to 1.6.1.17 * AST-2010-003: Invalid parsing of ACL rules can compromise security * AST-2010-002: This security release is intended to raise awareness of how it is possible to insert malicious strings into dialplans, and to advise developers to read the best practices documents so that they may easily avoid these dangers. * AST-2010-001:
An attacker attempting to negotiate T.38 over SIP can remotely crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain either a negative or exceptionally large value. The same crash occurs when the FaxMaxDatagram field is omitted from the SDP as well.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2010-3724.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(47325);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2010-0441", "CVE-2010-0685", "CVE-2010-1224");
  script_bugtraq_id(38047, 38314, 38424);
  script_xref(name:"FEDORA", value:"2010-3724");

  script_name(english:"Fedora 11 : asterisk-1.6.1.17-1.fc11 (2010-3724)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Update to 1.6.1.17 * AST-2010-003: Invalid parsing of ACL rules can
compromise security * AST-2010-002: This security release is intended
to raise awareness of how it is possible to insert malicious strings
into dialplans, and to advise developers to read the best practices
documents so that they may easily avoid these dangers. * AST-2010-001:
An attacker attempting to negotiate T.38 over SIP can remotely crash
Asterisk by modifying the FaxMaxDatagram field of the SDP to contain
either a negative or exceptionally large value. The same crash occurs
when the FaxMaxDatagram field is omitted from the SDP as well.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=561332"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1bc3d35b"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected asterisk package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/03/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC11", reference:"asterisk-1.6.1.17-1.fc11")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "asterisk");
}
VendorProductVersionCPE
fedoraprojectfedoraasteriskp-cpe:/a:fedoraproject:fedora:asterisk
fedoraprojectfedora11cpe:/o:fedoraproject:fedora:11

Related

nvd 3
debiancve 3
prion 3
cve 3
cvelist 3
openvas 6
ubuntucve 3
nessus 1
altlinux 1
securityvulns 2
fedora 2
nvd
nvd
CVE-2010-0685
2010-02-23 20:30:00
CVE-2010-1224
2010-04-01 21:30:00
CVE-2010-0441
2010-02-04 20:15:24
debiancve
debiancve
CVE-2010-0685
2010-02-23 20:30:00
CVE-2010-1224
2010-04-01 21:30:00
CVE-2010-0441
2010-02-04 20:15:24
prion
prion
Design/Logic Flaw
2010-02-23 20:30:00
Design/Logic Flaw
2010-04-01 21:30:00
Code injection
2010-02-04 20:15:00
cve
cve
CVE-2010-1224
2010-04-01 21:30:00
CVE-2010-0685
2010-02-23 20:30:00
CVE-2010-0441
2010-02-04 20:15:24
cvelist
cvelist
CVE-2010-1224
2010-04-01 21:00:00
CVE-2010-0685
2010-02-23 20:00:00
CVE-2010-0441
2010-02-04 18:00:00
openvas
openvas
Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability (AST-2010-003)
2010-03-02 00:00:00
Asterisk T.38 Negotiation Remote DoS Vulnerability (AST-2010-001)
2010-02-11 00:00:00
Fedora Update for asterisk FEDORA-2010-3381
2010-04-06 00:00:00
ubuntucve
ubuntucve
CVE-2010-0685
2010-02-23 00:00:00
CVE-2010-1224
2010-04-01 00:00:00
CVE-2010-0441
2010-02-04 00:00:00
nessus
nessus
Fedora 12 : asterisk-1.6.1.17-1.fc12 (2010-3381)
2010-07-01 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package asterisk1.6.2 version 1.6.2.2-alt1
2010-02-04 00:00:00
securityvulns
securityvulns
Asterisk integer overflow
2010-02-04 00:00:00
AST-2010-001: T.38 Remote Crash Vulnerability
2010-02-04 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: asterisk-1.6.1.17-1.fc12
2010-04-01 01:38:49
[SECURITY] Fedora 11 Update: asterisk-1.6.1.17-1.fc11
2010-03-23 01:56:46

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.342 Low

EPSS

Percentile

97.1%

JSON
Related for FEDORA_2010-3724.NASL
nvd3debiancve3prion3cve3cvelist3openvas6ubuntucve3nessus1altlinux1securityvulns2fedora2