Lucene search
Copyright (C) 2011 Greenbone AGOPENVAS:136141256231069105HistoryMar 09, 2011 - 12:00 a.m.
Debian: Security Advisory (DSA-2171-1)
2011-03-0900:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
8
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.032 Low
EPSS
Percentile
91.3%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.69105");
script_cve_id("CVE-2011-0495");
script_tag(name:"creation_date", value:"2011-03-09 04:54:11 +0000 (Wed, 09 Mar 2011)");
script_version("2024-02-01T14:37:10+0000");
script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
script_tag(name:"cvss_base", value:"6.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
script_name("Debian: Security Advisory (DSA-2171-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2011 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB(5|6)");
script_xref(name:"Advisory-ID", value:"DSA-2171-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2011/DSA-2171-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-2171");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'asterisk' package(s) announced via the DSA-2171-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Matthew Nicholson discovered a buffer overflow in the SIP channel driver of Asterisk, an open source PBX and telephony toolkit, which could lead to the execution of arbitrary code.
For the oldstable distribution (lenny), this problem has been fixed in version 1.4.21.2~dfsg-3+lenny2.
For the stable distribution (squeeze), this problem has been fixed in version 1.6.2.9-2+squeeze1.
The unstable distribution (sid) will be fixed soon.
We recommend that you upgrade your asterisk packages.");
script_tag(name:"affected", value:"'asterisk' package(s) on Debian 5, Debian 6.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB5") {
if(!isnull(res = isdpkgvuln(pkg:"asterisk", ver:"1:1.4.21.2~dfsg-3+lenny2", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"asterisk-config", ver:"1:1.4.21.2~dfsg-3+lenny2", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"asterisk-dbg", ver:"1:1.4.21.2~dfsg-3+lenny2", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"asterisk-dev", ver:"1:1.4.21.2~dfsg-3+lenny2", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"asterisk-doc", ver:"1:1.4.21.2~dfsg-3+lenny2", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"asterisk-h323", ver:"1:1.4.21.2~dfsg-3+lenny2", rls:"DEB5"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"asterisk-sounds-main", ver:"1:1.4.21.2~dfsg-3+lenny2", rls:"DEB5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "DEB6") {
if(!isnull(res = isdpkgvuln(pkg:"asterisk", ver:"1:1.6.2.9-2+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"asterisk-config", ver:"1:1.6.2.9-2+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"asterisk-dbg", ver:"1:1.6.2.9-2+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"asterisk-dev", ver:"1:1.6.2.9-2+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"asterisk-doc", ver:"1:1.6.2.9-2+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"asterisk-h323", ver:"1:1.6.2.9-2+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"asterisk-sounds-main", ver:"1:1.6.2.9-2+squeeze1", rls:"DEB6"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
openvas
openvas
Fedora Update for asterisk FEDORA-2011-0774
2011-02-04 00:00:00
Fedora Update for asterisk FEDORA-2011-0794
2011-02-04 00:00:00
Fedora Update for asterisk FEDORA-2011-0774
2011-02-04 00:00:00
nessus
nessus
Fedora 13 : asterisk-1.6.2.16.1-1.fc13 (2011-0794)
2011-02-04 00:00:00
Debian DSA-2171-1 : asterisk - buffer overflow
2011-02-22 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: asterisk-1.6.2.16.1-1.fc14
2011-02-03 20:19:31
[SECURITY] Fedora 13 Update: asterisk-1.6.2.16.1-1.fc13
2011-02-03 20:24:13
debiancve
debiancve
CVE-2011-0495
2011-01-20 19:00:08
altlinux
altlinux
cvelist
cvelist
CVE-2011-0495
2011-01-20 18:00:00
prion
prion
Stack overflow
2011-01-20 19:00:00
debian
debian
[SECURITY] [DSA 2171-1] asterisk security update
2011-02-21 18:27:22
cve
cve
CVE-2011-0495
2011-01-20 19:00:08
nvd
nvd
CVE-2011-0495
2011-01-20 19:00:08
ubuntucve
ubuntucve
CVE-2011-0495
2011-01-20 00:00:00
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.032 Low
EPSS
Percentile
91.3%
Related for OPENVAS:136141256231069105