6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.931 High
EPSS
Percentile
99.1%
The Asterisk Development Team has announced the release of Asterisk 1.6.2.17. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/ The release of Asterisk 1.6.2.17 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following is a sample of the issues resolved in this release :
Resolve duplicated data in the AstDB when using DIALGROUP() (Closes issue #18091. Reported by bunny.
Patched by tilghman)
Correct issue where res_config_odbc could populate fields with invalid data. (Closes issue #18251, #18279.
Reported by bcnit, zerohalo. Tested by trev, jthurman, elguero, zerohalo. Patched by tilghman)
When using cdr_pgsql the billsec field was not populated correctly on unanswered calls. (Closes issue #18406.
Reported by joscas. Patched by tilghman)
Resolve issue where re-transmissions of SUBSCRIBE could break presence. (Closes issue #18075. Reported by mdu113. Patched by twilson)
Fix regression causing forwarding voicemails to not work with file storage. (Closes issue #18358. Reported by cabal95. Patched by jpeeler)
This version of Asterisk includes the new Compiler Flags option BETTER_BACKTRACES which uses libbfd to search for better symbol information within both the Asterisk binary, as well as loaded modules, to assist when using inline backtraces to track down problems. (Patched by tilghman)
Resolve several issues with DTMF based attended transfers. (Closes issues #17999, #17096, #18395, #17273. Reported by iskatel, gelo, shihchaun, grecco.
Patched by rmudgett). NOTE: Be sure to read the ChangeLog for more information about these changes.
Resolve issue where no Music On Hold may be triggered when using res_timing_dahdi. (Closes issues #18262.
Reported by francesco_r. Patched by cjacobson. Tested by francesco_r, rfrantik, one47)
Fix regression that changed behavior of queues when ringing a queue member. (Closes issue #18747, #18733.
Reported by vrban. Patched by qwell.) Additionally, this release has the changes related to security bulletin AST-2011-002 which can be found at http://downloads.asterisk.org/pub/security/AST-2011-002.
pdf For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/Cha ngeLog-1.6.2.17 Asterisk Project Security Advisory - AST-2011-002 Product Asterisk Summary Multiple array overflow and crash vulnerabilities in UDPTL code Nature of Advisory Exploitable Stack and Heap Array Overflows Susceptibility Remote Unauthenticated Sessions Severity Critical Exploits Known No Reported On January 27, 2011 Reported By Matthew Nicholson Posted On February 21, 2011 Last Updated On February 21, 2011 Advisory Contact Matthew Nicholson <mnicholson at digium.com> CVE Name Description When decoding UDPTL packets, multiple stack and heap based arrays can be made to overflow by specially crafted packets. Systems doing T.38 pass through or termination are vulnerable. Resolution The UDPTL decoding routines have been modified to respect the limits of exploitable arrays. In asterisk versions not containing the fix for this issue, disabling T.38 support will prevent this vulnerability from being exploited. T.38 support can be disabled in chan_sip by setting the t38pt_udptl option to ‘no’ (it is off by default). t38pt_udptl = no The chan_ooh323 module should also be disabled by adding the following line in modles.conf. noload => chan_ooh323 Affected Versions Product Release Series Asterisk Open Source 1.4.x All versions Asterisk Open Source 1.6.x All versions Asterisk Business Edition C.x.x All versions AsteriskNOW 1.5 All versions s800i (Asterisk Appliance) 1.2.x All versions Corrected In Product Release Asterisk Open Source 1.4.39.2, 1.6.1.22, 1.6.2.16.2, 1.8.2.4 Asterisk Business Edition C.3.6.3 Patches URL Branch http://downloads.asterisk.org/pub/security/AST-2011-002- 1.4.diff 1.4 http://downloads.asterisk.org/pub/security/AST-2011-002- 1.6.1.diff 1.6.1 http://downloads.asterisk.org/pub/security/AST-2011-002- 1.6.2.diff 1.6.2 http://downloads.asterisk.org/pub/security/AST-2011-002- 1.8.diff 1.8 Links Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2011-002.pd f and http://downloads.digium.com/pub/security/AST-2011-002.ht ml Revision History Date Editor Revisions Made 02/21/11 Matthew Nicholson Initial Release Asterisk Project Security Advisory - AST-2011-002 Copyright © 2011 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2011-2438.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(52602);
script_version("1.16");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2011-1147");
script_bugtraq_id(46474);
script_xref(name:"FEDORA", value:"2011-2438");
script_name(english:"Fedora 14 : asterisk-1.6.2.17-1.fc14 (2011-2438)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"The Asterisk Development Team has announced the release of Asterisk
1.6.2.17. This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/ The release of
Asterisk 1.6.2.17 resolves several issues reported by the community
and would have not been possible without your participation. Thank
you! The following is a sample of the issues resolved in this
release :
- Resolve duplicated data in the AstDB when using
DIALGROUP() (Closes issue #18091. Reported by bunny.
Patched by tilghman)
- Correct issue where res_config_odbc could populate
fields with invalid data. (Closes issue #18251, #18279.
Reported by bcnit, zerohalo. Tested by trev, jthurman,
elguero, zerohalo. Patched by tilghman)
- When using cdr_pgsql the billsec field was not populated
correctly on unanswered calls. (Closes issue #18406.
Reported by joscas. Patched by tilghman)
- Resolve issue where re-transmissions of SUBSCRIBE could
break presence. (Closes issue #18075. Reported by
mdu113. Patched by twilson)
- Fix regression causing forwarding voicemails to not work
with file storage. (Closes issue #18358. Reported by
cabal95. Patched by jpeeler)
- This version of Asterisk includes the new Compiler Flags
option BETTER_BACKTRACES which uses libbfd to search for
better symbol information within both the Asterisk
binary, as well as loaded modules, to assist when using
inline backtraces to track down problems. (Patched by
tilghman)
- Resolve several issues with DTMF based attended
transfers. (Closes issues #17999, #17096, #18395,
#17273. Reported by iskatel, gelo, shihchaun, grecco.
Patched by rmudgett). NOTE: Be sure to read the
ChangeLog for more information about these changes.
- Resolve issue where no Music On Hold may be triggered
when using res_timing_dahdi. (Closes issues #18262.
Reported by francesco_r. Patched by cjacobson. Tested by
francesco_r, rfrantik, one47)
- Fix regression that changed behavior of queues when
ringing a queue member. (Closes issue #18747, #18733.
Reported by vrban. Patched by qwell.) Additionally, this
release has the changes related to security bulletin
AST-2011-002 which can be found at
http://downloads.asterisk.org/pub/security/AST-2011-002.
pdf For a full list of changes in this release, please
see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/Cha
ngeLog-1.6.2.17 Asterisk Project Security Advisory -
AST-2011-002 Product Asterisk Summary Multiple array
overflow and crash vulnerabilities in UDPTL code Nature
of Advisory Exploitable Stack and Heap Array Overflows
Susceptibility Remote Unauthenticated Sessions Severity
Critical Exploits Known No Reported On January 27, 2011
Reported By Matthew Nicholson Posted On February 21,
2011 Last Updated On February 21, 2011 Advisory Contact
Matthew Nicholson <mnicholson at digium.com> CVE Name
Description When decoding UDPTL packets, multiple stack
and heap based arrays can be made to overflow by
specially crafted packets. Systems doing T.38 pass
through or termination are vulnerable. Resolution The
UDPTL decoding routines have been modified to respect
the limits of exploitable arrays. In asterisk versions
not containing the fix for this issue, disabling T.38
support will prevent this vulnerability from being
exploited. T.38 support can be disabled in chan_sip by
setting the t38pt_udptl option to 'no' (it is off by
default). t38pt_udptl = no The chan_ooh323 module should
also be disabled by adding the following line in
modles.conf. noload => chan_ooh323 Affected Versions
Product Release Series Asterisk Open Source 1.4.x All
versions Asterisk Open Source 1.6.x All versions
Asterisk Business Edition C.x.x All versions AsteriskNOW
1.5 All versions s800i (Asterisk Appliance) 1.2.x All
versions Corrected In Product Release Asterisk Open
Source 1.4.39.2, 1.6.1.22, 1.6.2.16.2, 1.8.2.4 Asterisk
Business Edition C.3.6.3 Patches URL Branch
http://downloads.asterisk.org/pub/security/AST-2011-002-
1.4.diff 1.4
http://downloads.asterisk.org/pub/security/AST-2011-002-
1.6.1.diff 1.6.1
http://downloads.asterisk.org/pub/security/AST-2011-002-
1.6.2.diff 1.6.2
http://downloads.asterisk.org/pub/security/AST-2011-002-
1.8.diff 1.8 Links Asterisk Project Security Advisories
are posted at http://www.asterisk.org/security This
document may be superseded by later versions; if so, the
latest version will be posted at
http://downloads.digium.com/pub/security/AST-2011-002.pd
f and
http://downloads.digium.com/pub/security/AST-2011-002.ht
ml Revision History Date Editor Revisions Made 02/21/11
Matthew Nicholson Initial Release Asterisk Project
Security Advisory - AST-2011-002 Copyright (c) 2011
Digium, Inc. All Rights Reserved. Permission is hereby
granted to distribute and publish this advisory in its
original, unaltered form.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"http://downloads.asterisk.org/pub/security/AST-2011-002-1.4.diff"
);
script_set_attribute(
attribute:"see_also",
value:"http://downloads.asterisk.org/pub/security/AST-2011-002-1.6.1.diff"
);
script_set_attribute(
attribute:"see_also",
value:"http://downloads.asterisk.org/pub/security/AST-2011-002-1.6.2.diff"
);
script_set_attribute(
attribute:"see_also",
value:"http://downloads.asterisk.org/pub/security/AST-2011-002-1.8.diff"
);
script_set_attribute(
attribute:"see_also",
value:"http://downloads.asterisk.org/pub/security/AST-2011-002.pdf"
);
script_set_attribute(
attribute:"see_also",
value:"http://downloads.asterisk.org/pub/telephony/asterisk/"
);
# http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.17
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?21150610"
);
# http://downloads.digium.com/pub/security/AST-2011-002.html
script_set_attribute(
attribute:"see_also",
value:"https://downloads.digium.com/pub/security/AST-2011-002.html"
);
# http://downloads.digium.com/pub/security/AST-2011-002.pdf
script_set_attribute(
attribute:"see_also",
value:"https://downloads.digium.com/pub/security/AST-2011-002.pdf"
);
# http://www.asterisk.org/security
script_set_attribute(
attribute:"see_also",
value:"https://www.asterisk.org/downloads/security-advisories"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?0a9fa273"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected asterisk package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/15");
script_set_attribute(attribute:"patch_publication_date", value:"2011/03/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/10");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC14", reference:"asterisk-1.6.2.17-1.fc14")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "asterisk");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | asterisk | p-cpe:/a:fedoraproject:fedora:asterisk |
fedoraproject | fedora | 14 | cpe:/o:fedoraproject:fedora:14 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1147
downloads.asterisk.org/pub/security/AST-2011-002-1.4.diff
downloads.asterisk.org/pub/security/AST-2011-002-1.6.1.diff
downloads.asterisk.org/pub/security/AST-2011-002-1.6.2.diff
downloads.asterisk.org/pub/security/AST-2011-002-1.8.diff
downloads.asterisk.org/pub/security/AST-2011-002.pdf
downloads.asterisk.org/pub/telephony/asterisk/
www.nessus.org/u?0a9fa273
www.nessus.org/u?21150610
downloads.digium.com/pub/security/AST-2011-002.html
downloads.digium.com/pub/security/AST-2011-002.pdf
www.asterisk.org/downloads/security-advisories