ID OPENVAS:69105 Type openvas Reporter Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com Modified 2017-07-07T00:00:00
Description
The remote host is missing an update to asterisk
announced via advisory DSA 2171-1.
# OpenVAS Vulnerability Test
# $Id: deb_2171_1.nasl 6613 2017-07-07 12:08:40Z cfischer $
# Description: Auto-generated from advisory DSA 2171-1 (asterisk)
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_solution = "For the oldstable distribution (lenny), this problem has been fixed in
version 1.4.21.2~dfsg-3+lenny2.
For the stable distribution (squeeze), this problem has been fixed in
version 1.6.2.9-2+squeeze1.
The unstable distribution (sid) will be fixed soon.
We recommend that you upgrade your asterisk packages.
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202171-1";
tag_insight = "Matthew Nicholson discovered a buffer overflow in the SIP channel driver
of Asterisk, an open source PBX and telephony toolkit, which could lead
to the execution of arbitrary code.";
tag_summary = "The remote host is missing an update to asterisk
announced via advisory DSA 2171-1.";
if(description)
{
script_id(69105);
script_version("$Revision: 6613 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $");
script_tag(name:"creation_date", value:"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)");
script_tag(name:"cvss_base", value:"6.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
script_cve_id("CVE-2011-0495");
script_name("Debian Security Advisory DSA 2171-1 (asterisk)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "summary" , value : tag_summary);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-deb.inc");
res = "";
report = "";
if ((res = isdpkgvuln(pkg:"asterisk", ver:"1.4.21.2~dfsg-3+lenny2", rls:"DEB5.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"asterisk-config", ver:"1.4.21.2~dfsg-3+lenny2", rls:"DEB5.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"asterisk-dbg", ver:"1.4.21.2~dfsg-3+lenny2", rls:"DEB5.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"asterisk-dev", ver:"1.4.21.2~dfsg-3+lenny2", rls:"DEB5.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"asterisk-doc", ver:"1.4.21.2~dfsg-3+lenny2", rls:"DEB5.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"asterisk-h323", ver:"1.4.21.2~dfsg-3+lenny2", rls:"DEB5.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"asterisk-sounds-main", ver:"1.4.21.2~dfsg-3+lenny2", rls:"DEB5.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"asterisk", ver:"1.6.2.9-2+squeeze1", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"asterisk-config", ver:"1.6.2.9-2+squeeze1", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"asterisk-dbg", ver:"1.6.2.9-2+squeeze1", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"asterisk-dev", ver:"1.6.2.9-2+squeeze1", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"asterisk-doc", ver:"1.6.2.9-2+squeeze1", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"asterisk-h323", ver:"1.6.2.9-2+squeeze1", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"asterisk-sounds-main", ver:"1.6.2.9-2+squeeze1", rls:"DEB6.0")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:69105", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 2171-1 (asterisk)", "description": "The remote host is missing an update to asterisk\nannounced via advisory DSA 2171-1.", "published": "2011-03-09T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=69105", "reporter": "Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2011-0495"], "lastseen": "2017-07-24T12:55:31", "viewCount": 0, "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2017-07-24T12:55:31", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-0495"]}, {"type": "openvas", "idList": ["OPENVAS:862835", "OPENVAS:136141256231069105", "OPENVAS:862836", "OPENVAS:1361412562310862835", "OPENVAS:136141256231068814", "OPENVAS:1361412562310862836"]}, {"type": "nessus", "idList": ["ASTERISK_AST_2011_001.NASL", "DEBIAN_DSA-2171.NASL", "FEDORA_2011-0794.NASL", "FEDORA_2011-0774.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2171-1:578AC"]}], "modified": "2017-07-24T12:55:31", "rev": 2}, "vulnersScore": 6.2}, "pluginID": "69105", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2171_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2171-1 (asterisk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.21.2~dfsg-3+lenny2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.2.9-2+squeeze1.\n\nThe unstable distribution (sid) will be fixed soon.\n\nWe recommend that you upgrade your asterisk packages.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=DSA%202171-1\";\n\ntag_insight = \"Matthew Nicholson discovered a buffer overflow in the SIP channel driver\nof Asterisk, an open source PBX and telephony toolkit, which could lead\nto the execution of arbitrary code.\";\ntag_summary = \"The remote host is missing an update to asterisk\nannounced via advisory DSA 2171-1.\";\n\n\n\n\nif(description)\n{\n script_id(69105);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-0495\");\n script_name(\"Debian Security Advisory DSA 2171-1 (asterisk)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1.4.21.2~dfsg-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1.4.21.2~dfsg-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1.4.21.2~dfsg-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1.4.21.2~dfsg-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1.4.21.2~dfsg-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-h323\", ver:\"1.4.21.2~dfsg-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-sounds-main\", ver:\"1.4.21.2~dfsg-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1.6.2.9-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1.6.2.9-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1.6.2.9-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1.6.2.9-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1.6.2.9-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-h323\", ver:\"1.6.2.9-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"asterisk-sounds-main\", ver:\"1.6.2.9-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}
{"cve": [{"lastseen": "2020-12-09T19:39:04", "description": "Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.", "edition": 6, "cvss3": {}, "published": "2011-01-20T19:00:00", "title": "CVE-2011-0495", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0495"], "modified": "2020-07-15T13:40:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/a:digium:asterisk:1.2.40", "cpe:/a:digium:asterisknow:1.5", "cpe:/o:fedoraproject:fedora:13", "cpe:/o:digium:s800i_firmware:1.2.0", "cpe:/o:fedoraproject:fedora:14"], "id": "CVE-2011-0495", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0495", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*", "cpe:2.3:o:digium:s800i_firmware:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisknow:1.5:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "cpe:2.3:a:digium:asterisk:1.2.40:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-25T10:55:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0495"], "description": "Check for the Version of asterisk", "modified": "2017-07-10T00:00:00", "published": "2011-02-04T00:00:00", "id": "OPENVAS:862836", "href": "http://plugins.openvas.org/nasl.php?oid=862836", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2011-0794", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2011-0794\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"asterisk on Fedora 13\";\ntag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\n all of the features you would expect from a PBX and more. Asterisk\n does voice over IP in three protocols, and can interoperate with\n almost all standards-based telephony equipment using relatively\n inexpensive hardware.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html\");\n script_id(862836);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-04 14:19:53 +0100 (Fri, 04 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-0794\");\n script_cve_id(\"CVE-2011-0495\");\n script_name(\"Fedora Update for asterisk FEDORA-2011-0794\");\n\n script_summary(\"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~1.6.2.16.1~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0495"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-02-04T00:00:00", "id": "OPENVAS:1361412562310862836", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862836", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2011-0794", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2011-0794\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862836\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-04 14:19:53 +0100 (Fri, 04 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-0794\");\n script_cve_id(\"CVE-2011-0495\");\n script_name(\"Fedora Update for asterisk FEDORA-2011-0794\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'asterisk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"asterisk on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~1.6.2.16.1~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0495"], "description": "Check for the Version of asterisk", "modified": "2017-07-10T00:00:00", "published": "2011-02-04T00:00:00", "id": "OPENVAS:862835", "href": "http://plugins.openvas.org/nasl.php?oid=862835", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2011-0774", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2011-0774\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"asterisk on Fedora 14\";\ntag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\n all of the features you would expect from a PBX and more. Asterisk\n does voice over IP in three protocols, and can interoperate with\n almost all standards-based telephony equipment using relatively\n inexpensive hardware.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html\");\n script_id(862835);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-04 14:19:53 +0100 (Fri, 04 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-0774\");\n script_cve_id(\"CVE-2011-0495\");\n script_name(\"Fedora Update for asterisk FEDORA-2011-0774\");\n\n script_summary(\"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~1.6.2.16.1~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0495"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-02-04T00:00:00", "id": "OPENVAS:1361412562310862835", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862835", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2011-0774", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2011-0774\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862835\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-04 14:19:53 +0100 (Fri, 04 Feb 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-0774\");\n script_cve_id(\"CVE-2011-0495\");\n script_name(\"Fedora Update for asterisk FEDORA-2011-0774\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'asterisk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"asterisk on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~1.6.2.16.1~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0495"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2011-01-24T00:00:00", "id": "OPENVAS:136141256231068814", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068814", "type": "openvas", "title": "FreeBSD Ports: asterisk14", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_asterisk14.nasl 11768 2018-10-05 14:07:38Z cfischer $\n#\n# Auto generated from VID 5ab9fb2a-23a5-11e0-a835-0003ba02bf30\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68814\");\n script_version(\"$Revision: 11768 $\");\n script_cve_id(\"CVE-2011-0495\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 16:07:38 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 17:55:59 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: asterisk14\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n asterisk14\n\n asterisk16\n asterisk18\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://downloads.asterisk.org/pub/security/AST-2011-001.pdf\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/5ab9fb2a-23a5-11e0-a835-0003ba02bf30.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"asterisk14\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4\")>0 && revcomp(a:bver, b:\"1.4.39.1\")<0) {\n txt += 'Package asterisk14 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"asterisk16\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6\")>0 && revcomp(a:bver, b:\"1.6.2.16.1\")<0) {\n txt += 'Package asterisk16 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"asterisk18\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8\")>0 && revcomp(a:bver, b:\"1.8.2.2\")<0) {\n txt += 'Package asterisk18 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0495"], "description": "The remote host is missing an update to asterisk\nannounced via advisory DSA 2171-1.", "modified": "2019-03-18T00:00:00", "published": "2011-03-09T00:00:00", "id": "OPENVAS:136141256231069105", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069105", "type": "openvas", "title": "Debian Security Advisory DSA 2171-1 (asterisk)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2171_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2171-1 (asterisk)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69105\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-0495\");\n script_name(\"Debian Security Advisory DSA 2171-1 (asterisk)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_tag(name:\"insight\", value:\"Matthew Nicholson discovered a buffer overflow in the SIP channel driver\nof Asterisk, an open source PBX and telephony toolkit, which could lead\nto the execution of arbitrary code.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to asterisk\nannounced via advisory DSA 2171-1.\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.21.2~dfsg-3+lenny2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.2.9-2+squeeze1.\n\nThe unstable distribution (sid) will be fixed soon.\n\nWe recommend that you upgrade your asterisk packages.\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202171-1\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1.4.21.2~dfsg-3+lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1.4.21.2~dfsg-3+lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1.4.21.2~dfsg-3+lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1.4.21.2~dfsg-3+lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1.4.21.2~dfsg-3+lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-h323\", ver:\"1.4.21.2~dfsg-3+lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-sounds-main\", ver:\"1.4.21.2~dfsg-3+lenny2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk\", ver:\"1.6.2.9-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-config\", ver:\"1.6.2.9-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dbg\", ver:\"1.6.2.9-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-dev\", ver:\"1.6.2.9-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-doc\", ver:\"1.6.2.9-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-h323\", ver:\"1.6.2.9-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"asterisk-sounds-main\", ver:\"1.6.2.9-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:17:09", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0495"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2171-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 21, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : asterisk\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-0495\nDebian Bug : 610487\n\nMatthew Nicholson discovered a buffer overflow in the SIP channel driver\nof Asterisk, an open source PBX and telephony toolkit, which could lead\nto the execution of arbitrary code.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.21.2~dfsg-3+lenny2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.2.9-2+squeeze1.\n\nThe unstable distribution (sid) will be fixed soon.\n\nWe recommend that you upgrade your asterisk packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2011-02-21T18:27:13", "published": "2011-02-21T18:27:13", "id": "DEBIAN:DSA-2171-1:578AC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00037.html", "title": "[SECURITY] [DSA 2171-1] asterisk security update", "type": "debian", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:46:17", "description": "Matthew Nicholson discovered a buffer overflow in the SIP channel\ndriver of Asterisk, an open source PBX and telephony toolkit, which\ncould lead to the execution of arbitrary code.", "edition": 15, "published": "2011-02-22T00:00:00", "title": "Debian DSA-2171-1 : asterisk - buffer overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0495"], "modified": "2011-02-22T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:asterisk"], "id": "DEBIAN_DSA-2171.NASL", "href": "https://www.tenable.com/plugins/nessus/52055", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2171. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52055);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-0495\");\n script_bugtraq_id(45839);\n script_xref(name:\"DSA\", value:\"2171\");\n\n script_name(english:\"Debian DSA-2171-1 : asterisk - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Matthew Nicholson discovered a buffer overflow in the SIP channel\ndriver of Asterisk, an open source PBX and telephony toolkit, which\ncould lead to the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/asterisk\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2171\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the asterisk packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.21.2~dfsg-3+lenny2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.2.9-2+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"asterisk\", reference:\"1.4.21.2~dfsg-3+lenny2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk\", reference:\"1.6.2.9-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-config\", reference:\"1.6.2.9-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-dbg\", reference:\"1.6.2.9-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-dev\", reference:\"1.6.2.9-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-doc\", reference:\"1.6.2.9-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-h323\", reference:\"1.6.2.9-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"asterisk-sounds-main\", reference:\"1.6.2.9-2+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:00", "description": "Update to 1.6.2.16.1 to fix CVE-2011-0495\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-02-04T00:00:00", "title": "Fedora 14 : asterisk-1.6.2.16.1-1.fc14 (2011-0774)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0495"], "modified": "2011-02-04T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:asterisk"], "id": "FEDORA_2011-0774.NASL", "href": "https://www.tenable.com/plugins/nessus/51863", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-0774.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51863);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0495\");\n script_xref(name:\"FEDORA\", value:\"2011-0774\");\n\n script_name(english:\"Fedora 14 : asterisk-1.6.2.16.1-1.fc14 (2011-0774)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.6.2.16.1 to fix CVE-2011-0495\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=670777\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-February/053689.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6358f93f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"asterisk-1.6.2.16.1-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:00", "description": "Update to 1.6.2.16.1 to fix CVE-2011-0495.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-02-04T00:00:00", "title": "Fedora 13 : asterisk-1.6.2.16.1-1.fc13 (2011-0794)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0495"], "modified": "2011-02-04T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:asterisk"], "id": "FEDORA_2011-0794.NASL", "href": "https://www.tenable.com/plugins/nessus/51864", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-0794.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51864);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-0495\");\n script_xref(name:\"FEDORA\", value:\"2011-0794\");\n\n script_name(english:\"Fedora 13 : asterisk-1.6.2.16.1-1.fc13 (2011-0794)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.6.2.16.1 to fix CVE-2011-0495.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=670777\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-February/053713.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3527088b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"asterisk-1.6.2.16.1-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:21:44", "description": "Using a specially crafted caller ID string, an authenticated user\nplacing an outgoing call through the remote Asterisk server can cause\na buffer overflow leading to an application crash or execution of\narbitrary code.\n\nSuccessful exploitation may require that the SIP channel driver is\nconfigured with the 'pedantic' option enabled.", "edition": 24, "published": "2011-01-21T00:00:00", "title": "Asterisk main/utils.c ast_uri_encode() CallerID Information Overflow (AST-2011-001)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0495"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:digium:asterisk"], "id": "ASTERISK_AST_2011_001.NASL", "href": "https://www.tenable.com/plugins/nessus/51644", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51644);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/06/27 18:42:25\");\n\n script_cve_id(\"CVE-2011-0495\");\n script_bugtraq_id(45839);\n script_xref(name:\"Secunia\", value:\"42935\");\n\n script_name(english:\"Asterisk main/utils.c ast_uri_encode() CallerID Information Overflow (AST-2011-001)\");\n script_summary(english:\"Checks version in SIP banner\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by a\nbuffer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Using a specially crafted caller ID string, an authenticated user\nplacing an outgoing call through the remote Asterisk server can cause\na buffer overflow leading to an application crash or execution of\narbitrary code.\n\nSuccessful exploitation may require that the SIP channel driver is\nconfigured with the 'pedantic' option enabled.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2011-001.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk 1.4.38.1 / 1.4.39.1 / 1.6.1.21 / 1.6.2.15.1 /\n1.6.2.16.1 / 1.8.1.2 / 1.8.2.2, Asterisk Business Edition C.3.6.2 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/21\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gain a shell remotely\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\n# see if we were able to get version info from the Asterisk SIP services\nasterisk_kbs = get_kb_list(\"sip/asterisk/*/version\");\nif (isnull(asterisk_kbs)) exit(1, \"Could not obtain any version information from the Asterisk SIP instance(s).\");\n\n# Prevent potential false positives.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from kb name: \"+kb_name);\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port);\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing; log error\n # and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing\");\n banner = 'unknown';\n }\n\n if (version =~ '^1\\\\.2([^0-9]|$)')\n {\n # No longer supported by vendor.\n fixed = \"The 1.2 branch is no longer supported.\";\n vulnerable = -1;\n }\n else if (version =~ '^1\\\\.4([^0-9]|$)')\n {\n if (version =~ '^1\\\\.4\\\\.38([^0-9]|$)')\n {\n fixed = \"1.4.38.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n else if (version =~ '^1\\\\.4\\\\.39([^0-9]|$)')\n {\n fixed = \"1.4.39.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n else\n {\n # Recommend lowest patched version in the 1.4 branch.\n fixed = \"1.4.38.1\";\n vulnerable = ver_compare(ver:version, fix:\"1.4.40\", app:\"asterisk\");\n }\n }\n else if (version =~ '^1\\\\.6([^0-9]|$)')\n {\n if (version =~ '^1\\\\.6\\\\.1([^0-9]|$)')\n {\n fixed = \"1.6.1.21\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n else if (version =~ '^1\\\\.6\\\\.2([^0-9]|$)')\n {\n if (version =~ '^1\\\\.6\\\\.2\\\\.15([^0-9]|$)')\n {\n fixed = \"1.6.2.15.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n else if (version =~ '^1\\\\.6\\\\.2\\\\.16([^0-9]|$)')\n {\n fixed = \"1.6.2.16.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n else\n {\n # Recommend lowest patched version in the 1.6.2 branch.\n fixed = \"1.6.2.15.1\";\n vulnerable = ver_compare(ver:version, fix:\"1.6.2.17\", app:\"asterisk\");\n }\n }\n else\n {\n # Recommend lowest patched version in the 1.6 branch.\n fixed = \"1.6.1.21\";\n vulnerable = ver_compare(ver:version, fix:\"1.6.3\", app:\"asterisk\");\n }\n }\n else if (version =~ '^1\\\\.8([^0-9]|$)')\n {\n if (version =~ '^1\\\\.8\\\\.1([^0-9]|$)')\n {\n fixed = \"1.8.1.2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n else if (version =~ '^1\\\\.8\\\\.2([^0-9]|$)')\n {\n fixed = \"1.8.2.2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n else\n {\n # Recommend lowest patched version in the 1.8 branch.\n fixed = \"1.8.1.2\";\n vulnerable = ver_compare(ver:version, fix:\"1.8.3\", app:\"asterisk\");\n }\n }\n else if (version =~ '^[A-Z]')\n {\n fixed = \"C.3.6.2\";\n\n if (version[0] <= \"B\")\n {\n vulnerable = -1;\n }\n else if (version[0] > \"C\")\n {\n vulnerable = 1;\n }\n else\n {\n tmp_fixed = substr(fixed, 2);\n tmp_version = substr(version, 2);\n vulnerable = ver_compare(ver:tmp_version, fix:tmp_fixed, app:\"asterisk\");\n }\n }\n\n if (vulnerable < 0)\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed + '\\n';\n security_warning(port:port, proto:proto, extra:report);\n }\n else security_warning(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln)\n exit(0);\n else\n audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk \" + not_vuln_installs[0]);\n else exit(0, \"The Asterisk installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0495"], "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "modified": "2011-02-03T20:19:31", "published": "2011-02-03T20:19:31", "id": "FEDORA:84BB110F944", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: asterisk-1.6.2.16.1-1.fc14", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0495"], "description": "Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. ", "modified": "2011-02-03T20:24:13", "published": "2011-02-03T20:24:13", "id": "FEDORA:37953111118", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: asterisk-1.6.2.16.1-1.fc13", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}]}
