Lucene search
This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.MANDRIVA_MDVSA-2014-218.NASLHistoryNov 24, 2014 - 12:00 a.m.
Mandriva Linux Security Advisory : asterisk (MDVSA-2014:218)
2014-11-2400:00:00
This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
3.4 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
0.975 High
EPSS
Percentile
100.0%
Multiple vulnerabilities has been discovered and corrected in asterisk :
Remote crash when handling out of call message in certain dialplan configurations (CVE-2014-6610).
Asterisk Susceptibility to POODLE Vulnerability (CVE-2014-3566).
Mixed IP address families in access control lists may permit unwanted traffic.
High call load may result in hung channels in ConfBridge.
Permission escalation through ConfBridge actions/dialplan functions.
The updated packages has been upgraded to the 11.14.1 version which is not vulnerable to these issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2014:218.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(79405);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/26");
script_cve_id("CVE-2014-3566", "CVE-2014-6610");
script_bugtraq_id(69962, 70574);
script_xref(name:"MDVSA", value:"2014:218");
script_name(english:"Mandriva Linux Security Advisory : asterisk (MDVSA-2014:218)");
script_set_attribute(attribute:"synopsis", value:
"The remote Mandriva Linux host is missing one or more security
updates.");
script_set_attribute(attribute:"description", value:
"Multiple vulnerabilities has been discovered and corrected in
asterisk :
Remote crash when handling out of call message in certain dialplan
configurations (CVE-2014-6610).
Asterisk Susceptibility to POODLE Vulnerability (CVE-2014-3566).
Mixed IP address families in access control lists may permit unwanted
traffic.
High call load may result in hung channels in ConfBridge.
Permission escalation through ConfBridge actions/dialplan functions.
The updated packages has been upgraded to the 11.14.1 version which is
not vulnerable to these issues.");
script_set_attribute(attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2014-010.html");
script_set_attribute(attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2014-011.html");
script_set_attribute(attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2014-012.html");
script_set_attribute(attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2014-014.html");
script_set_attribute(attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2014-017.html");
# http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.14.1-summary.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8fb08e9b");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2014/11/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-addons");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-firmware");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-gui");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-alsa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-calendar");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-cel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-corosync");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-dahdi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-fax");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-festival");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-ices");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-jabber");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-jack");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-lua");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-minivm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-mobile");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-mp3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-ooh323");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-osp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-oss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-pgsql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-pktccops");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-portaudio");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-radius");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-saycountpl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-skinny");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-snmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-speex");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-sqlite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-tds");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-unistim");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-imap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-plain");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64asteriskssl1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Mandriva Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2014-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-addons-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-devel-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-firmware-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-gui-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-alsa-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-calendar-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-cel-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-corosync-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-curl-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-dahdi-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-fax-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-festival-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-ices-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-jabber-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-jack-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-ldap-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-lua-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-minivm-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-mobile-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-mp3-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-mysql-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-ooh323-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-osp-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-oss-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-pgsql-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-pktccops-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-portaudio-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-radius-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-saycountpl-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-skinny-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-snmp-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-speex-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-sqlite-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-tds-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-unistim-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-voicemail-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-voicemail-imap-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-voicemail-plain-11.14.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64asteriskssl1-11.14.1-1.mbs1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | asterisk | p-cpe:/a:mandriva:linux:asterisk |
| mandriva | linux | asterisk-addons | p-cpe:/a:mandriva:linux:asterisk-addons |
| mandriva | linux | asterisk-devel | p-cpe:/a:mandriva:linux:asterisk-devel |
| mandriva | linux | asterisk-firmware | p-cpe:/a:mandriva:linux:asterisk-firmware |
| mandriva | linux | asterisk-gui | p-cpe:/a:mandriva:linux:asterisk-gui |
| mandriva | linux | asterisk-plugins-alsa | p-cpe:/a:mandriva:linux:asterisk-plugins-alsa |
| mandriva | linux | asterisk-plugins-calendar | p-cpe:/a:mandriva:linux:asterisk-plugins-calendar |
| mandriva | linux | asterisk-plugins-cel | p-cpe:/a:mandriva:linux:asterisk-plugins-cel |
| mandriva | linux | asterisk-plugins-corosync | p-cpe:/a:mandriva:linux:asterisk-plugins-corosync |
| mandriva | linux | asterisk-plugins-curl | p-cpe:/a:mandriva:linux:asterisk-plugins-curl |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6610
downloads.asterisk.org/pub/security/AST-2014-010.html
downloads.asterisk.org/pub/security/AST-2014-011.html
downloads.asterisk.org/pub/security/AST-2014-012.html
downloads.asterisk.org/pub/security/AST-2014-014.html
downloads.asterisk.org/pub/security/AST-2014-017.html
www.nessus.org/u?8fb08e9b
Related
openvas
openvas
Gentoo Security Advisory GLSA 201411-10
2015-09-29 00:00:00
Mageia: Security Advisory (MGASA-2014-0490)
2022-01-28 00:00:00
Fedora Update for nodejs FEDORA-2014-15379
2014-12-15 00:00:00
nessus
nessus
GLSA-201411-10 : Asterisk: Multiple Vulnerabilities (POODLE)
2014-11-24 00:00:00
Asterisk ReceiveFax Dialplan Application Remote DoS (AST-2014-010)
2014-09-25 00:00:00
mageia
mageia
Updated asterisk packages fix CVE-2014-6610 and mitigate POODLE
2014-11-26 20:29:06
gentoo
gentoo
Asterisk: Multiple Vulnerabilities
2014-11-23 00:00:00
ubuntucve
ubuntucve
CVE-2014-6610
2014-11-26 00:00:00
CVE-2014-3566
2014-10-14 00:00:00
debiancve
debiancve
CVE-2014-6610
2014-11-26 15:59:02
CVE-2014-3566
2014-10-15 00:55:02
cvelist
cvelist
CVE-2014-6610
2014-11-26 15:00:00
CVE-2014-3566
2014-10-15 00:00:00
cve
cve
CVE-2014-6610
2014-11-26 15:59:02
nvd
nvd
CVE-2014-6610
2014-11-26 15:59:02
CVE-2014-3566
2014-10-15 00:55:02
prion
prion
Code injection
2014-11-26 15:59:00
cert
cert
POODLE vulnerability in SSL 3.0
2014-10-17 00:00:00
hackerone
hackerone
New Relic: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2017-03-26 19:08:23
X (Formerly Twitter): POODLE SSLv3 bug on multiple twitter smtp servers (mx3.twitter.com,199.59.148.204,199.16.156.108 and 199.59.148.204)
2017-11-09 21:44:16
Semrush: SSLv3 Poodle Attack on Ip Of semrush
2018-02-22 16:43:36
amazon
amazon
Important: openssl
2014-10-14 22:32:00
fedora
fedora
[SECURITY] Fedora 20 Update: claws-mail-plugins-3.11.1-1.fc20
2014-11-10 06:30:28
[SECURITY] Fedora 21 Update: libetpan-1.6-1.fc21
2014-11-10 06:34:14
[SECURITY] Fedora 21 Update: python-rhsm-1.13.6-1.fc21
2014-11-10 06:34:40
citrix
citrix
CVE-2014-3566 - Citrix Security Advisory for SSLv3 Protocol Flaw
2014-10-14 04:00:00
ibm
ibm
Security Bulletin: Rational Automation Framework Security Advisory (CVE-2014-3566)
2018-06-17 04:58:17
Security Bulletin: Vulnerability in SSLv3 affects IBM Security Network Intrusion Prevention System (CVE-2014-3566)
2022-02-23 19:48:26
Security Bulletin: Vulnerability in SSLv3 affects TS3310 (CVE-2014-3566)
2018-06-18 00:08:53
osv
osv
lighttpd - security update
2015-07-25 00:00:00
veracode
veracode
Information Disclosure
2017-02-07 00:05:45
POODLE Attack
2017-05-03 05:12:56
f5
f5
K15702 : SSLv3 vulnerability CVE-2014-3566
2015-09-18 00:00:00
seebug
seebug
SSL 3.0 POODLE(CVE-2014-3566)
2017-02-17 00:00:00
redhat
redhat
(RHSA-2015:1546) Important: node.js security update
2015-08-04 00:00:00
(RHSA-2014:1653) Moderate: openssl security update
2014-10-16 00:00:00
centos
centos
openssl security update
2014-10-16 15:21:39
nss security update
2014-12-03 22:45:56
suse
suse
Security update for suseRegister (important)
2015-01-05 21:04:43
cisco
cisco
SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2014-10-15 18:30:00
freebsd
freebsd
davmail -- fix potential CVE-2014-3566 vulnerability (POODLE)
2014-10-27 00:00:00
paloalto
paloalto
SSL 3.0 MITM Attack
2014-10-20 07:00:00
securityvulns
securityvulns
APPLE-SA-2014-10-16-2 Security Update 2014-005
2014-10-18 00:00:00
APPLE-SA-2014-10-16-5 OS X Server v2.2.5
2014-10-18 00:00:00
hp
hp
threatpost
threatpost
OpenSSL Releases Patch for POODLE Attack
2014-10-16 10:29:53
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
3.4 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
0.975 High
EPSS
Percentile
100.0%
Related for MANDRIVA_MDVSA-2014-218.NASL