{"openvas": [{"lastseen": "2018-10-29T12:38:56", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201405-05", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121180", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121180", "title": "Gentoo Security Advisory GLSA 201405-05", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201405-05.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121180\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:07 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201405-05\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201405-05\");\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\", \"CVE-2014-2288\", \"CVE-2014-2289\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201405-05\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-misc/asterisk\", unaffected: make_list(\"ge 11.8.1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/asterisk\", unaffected: make_list(\"ge 1.8.26.1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"net-misc/asterisk\", unaffected: make_list(), vulnerable: make_list(\"lt 11.8.1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:18", "bulletinFamily": "scanner", "description": "Check for the Version of asterisk", "modified": "2017-07-10T00:00:00", "published": "2014-03-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867628", "id": "OPENVAS:867628", "title": "Fedora Update for asterisk FEDORA-2014-3762", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2014-3762\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867628);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-25 10:19:01 +0530 (Tue, 25 Mar 2014)\");\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2014-3762\");\n\n tag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\nall of the features you would expect from a PBX and more. Asterisk\ndoes voice over IP in three protocols, and can interoperate with\nalmost all standards-based telephony equipment using relatively\ninexpensive hardware.\n\";\n\n tag_affected = \"asterisk on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-3762\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html\");\n script_summary(\"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.8.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:34", "bulletinFamily": "scanner", "description": "Check for the Version of asterisk", "modified": "2017-07-10T00:00:00", "published": "2014-03-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867624", "id": "OPENVAS:867624", "title": "Fedora Update for asterisk FEDORA-2014-3779", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2014-3779\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867624);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-25 10:18:48 +0530 (Tue, 25 Mar 2014)\");\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2014-3779\");\n\n tag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\nall of the features you would expect from a PBX and more. Asterisk\ndoes voice over IP in three protocols, and can interoperate with\nalmost all standards-based telephony equipment using relatively\ninexpensive hardware.\n\";\n\n tag_affected = \"asterisk on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-3779\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html\");\n script_summary(\"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.8.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:09", "bulletinFamily": "scanner", "description": "Check for the Version of asterisk", "modified": "2018-04-06T00:00:00", "published": "2014-03-25T00:00:00", "id": "OPENVAS:1361412562310867624", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867624", "title": "Fedora Update for asterisk FEDORA-2014-3779", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2014-3779\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867624\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-25 10:18:48 +0530 (Tue, 25 Mar 2014)\");\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2014-3779\");\n\n tag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\nall of the features you would expect from a PBX and more. Asterisk\ndoes voice over IP in three protocols, and can interoperate with\nalmost all standards-based telephony equipment using relatively\ninexpensive hardware.\n\";\n\n tag_affected = \"asterisk on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-3779\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.8.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:28", "bulletinFamily": "scanner", "description": "Check for the Version of asterisk", "modified": "2018-04-06T00:00:00", "published": "2014-03-25T00:00:00", "id": "OPENVAS:1361412562310867628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867628", "title": "Fedora Update for asterisk FEDORA-2014-3762", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for asterisk FEDORA-2014-3762\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867628\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-25 10:19:01 +0530 (Tue, 25 Mar 2014)\");\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for asterisk FEDORA-2014-3762\");\n\n tag_insight = \"Asterisk is a complete PBX in software. It runs on Linux and provides\nall of the features you would expect from a PBX and more. Asterisk\ndoes voice over IP in three protocols, and can interoperate with\nalmost all standards-based telephony equipment using relatively\ninexpensive hardware.\n\";\n\n tag_affected = \"asterisk on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-3762\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of asterisk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"asterisk\", rpm:\"asterisk~11.8.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:20:58", "bulletinFamily": "scanner", "description": "The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security releases are released as versions 1.8.15-cert5, 11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.\n\nThese releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - AST-2014-001: Stack overflow in HTTP processing of Cookie headers.\n\n Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack.\n\n Another vulnerability along similar lines is any HTTP request with a ridiculous number of headers in the request could exhaust system memory.\n\n - AST-2014-002: chan_sip: Exit early on bad session timers request\n\n This change allows chan_sip to avoid creation of the channel and consumption of associated file descriptors altogether if the inbound request is going to be rejected anyway.\n\nAdditionally, the release of 12.1.1 resolves the following issue :\n\n - AST-2014-003: res_pjsip: When handling 401/407 responses don't assume a request will have an endpoint.\n\n This change removes the assumption that an outgoing request will always have an endpoint and makes the authenticate_qualify option work once again.\n\nFinally, a security advisory, AST-2014-004, was released for a vulnerability fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are encouraged to upgrade to 12.1.1 to resolve both vulnerabilities.\n\nThese issues and their resolutions are described in the security advisories.\n\nFor more information about the details of these vulnerabilities, please read security advisories AST-2014-001, AST-2014-002, AST-2014-003, and AST-2014-004, which were released at the same time as this announcement.\n\nFor a full list of changes in the current releases, please see the ChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-1.8.15-cert5 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8.26.1 http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-11.6-cert2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-11.8.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-12.1.1\n\nThe security advisories are available at :\n\n - http://downloads.asterisk.org/pub/security/AST-2014-001.\n pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 2.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 3.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 4.pdf The Asterisk Development Team has announced the release of Asterisk 11.8.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 11.8.0 resolves several issues reported by the community and would have not been possible without your participation.\nThank you!\n\nThe following are the issues resolved in this release :\n\nBugs fixed in this release :\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-24T00:00:00", "id": "FEDORA_2014-3762.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73141", "published": "2014-03-22T00:00:00", "title": "Fedora 20 : asterisk-11.8.1-1.fc20 (2014-3762)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3762.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73141);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\", \"CVE-2014-2288\", \"CVE-2014-2289\");\n script_bugtraq_id(66093, 66094);\n script_xref(name:\"FEDORA\", value:\"2014-3762\");\n\n script_name(english:\"Fedora 20 : asterisk-11.8.1-1.fc20 (2014-3762)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk Development Team has announced security releases for\nCertified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The\navailable security releases are released as versions 1.8.15-cert5,\n11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.\n\nThese releases are available for immediate download at\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - AST-2014-001: Stack overflow in HTTP processing of\n Cookie headers.\n\n Sending a HTTP request that is handled by Asterisk with\n a large number of Cookie headers could overflow the\n stack.\n\n Another vulnerability along similar lines is any HTTP\n request with a ridiculous number of headers in the\n request could exhaust system memory.\n\n - AST-2014-002: chan_sip: Exit early on bad session timers\n request\n\n This change allows chan_sip to avoid creation of the\n channel and consumption of associated file descriptors\n altogether if the inbound request is going to be\n rejected anyway.\n\nAdditionally, the release of 12.1.1 resolves the following issue :\n\n - AST-2014-003: res_pjsip: When handling 401/407 responses\n don't assume a request will have an endpoint.\n\n This change removes the assumption that an outgoing\n request will always have an endpoint and makes the\n authenticate_qualify option work once again.\n\nFinally, a security advisory, AST-2014-004, was released for a\nvulnerability fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are\nencouraged to upgrade to 12.1.1 to resolve both vulnerabilities.\n\nThese issues and their resolutions are described in the security\nadvisories.\n\nFor more information about the details of these vulnerabilities,\nplease read security advisories AST-2014-001, AST-2014-002,\nAST-2014-003, and AST-2014-004, which were released at the same time\nas this announcement.\n\nFor a full list of changes in the current releases, please see the\nChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release\ns/ChangeLog-1.8.15-cert5\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-1.8.26.1\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release\ns/ChangeLog-11.6-cert2\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-11.8.1\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-12.1.1\n\nThe security advisories are available at :\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-001.\n pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 2.pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 3.pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 4.pdf The Asterisk Development Team has announced the\n release of Asterisk 11.8.0. This release is available\n for immediate download at\n http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 11.8.0 resolves several issues reported by the\ncommunity and would have not been possible without your participation.\nThank you!\n\nThe following are the issues resolved in this release :\n\nBugs fixed in this release :\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-001.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-002.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-003.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-004.pdf\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/releases/\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.26.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68336dff\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.8.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cbb290c2\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.1.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a9e33d8\"\n );\n # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d221303\"\n );\n # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd1dec6c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1074825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1074827\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?52b913c8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"asterisk-11.8.1-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:08", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201405-05 (Asterisk: Denial of Service)\n\n Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details.\n Impact :\n\n A remote attacker could possibly cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-07-12T00:00:00", "id": "GENTOO_GLSA-201405-05.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73861", "published": "2014-05-05T00:00:00", "title": "GLSA-201405-05 : Asterisk: Denial of Service", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201405-05.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73861);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\", \"CVE-2014-2288\", \"CVE-2014-2289\");\n script_bugtraq_id(66093, 66094, 66096, 66104);\n script_xref(name:\"GLSA\", value:\"201405-05\");\n\n script_name(english:\"GLSA-201405-05 : Asterisk: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201405-05\n(Asterisk: Denial of Service)\n\n Multiple vulnerabilities have been discovered in Asterisk. Please review\n the CVE identifiers and Asterisk Project Security Advisories referenced\n below for details.\n \nImpact :\n\n A remote attacker could possibly cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://downloads.asterisk.org/pub/security/AST-2014-001.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://downloads.asterisk.org/pub/security/AST-2014-002.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://downloads.asterisk.org/pub/security/AST-2014-003.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://downloads.asterisk.org/pub/security/AST-2014-004.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201405-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Asterisk 11.* users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/asterisk-11.8.1'\n All Asterisk 1.8.* users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.8.26.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/asterisk\", unaffected:make_list(\"ge 11.8.1\", \"rge 1.8.26.1\"), vulnerable:make_list(\"lt 11.8.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Asterisk\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:58", "bulletinFamily": "scanner", "description": "The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security releases are released as versions 1.8.15-cert5, 11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.\n\nThese releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - AST-2014-001: Stack overflow in HTTP processing of Cookie headers.\n\n Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack.\n\n Another vulnerability along similar lines is any HTTP request with a ridiculous number of headers in the request could exhaust system memory.\n\n - AST-2014-002: chan_sip: Exit early on bad session timers request\n\n This change allows chan_sip to avoid creation of the channel and consumption of associated file descriptors altogether if the inbound request is going to be rejected anyway.\n\nAdditionally, the release of 12.1.1 resolves the following issue :\n\n - AST-2014-003: res_pjsip: When handling 401/407 responses don't assume a request will have an endpoint.\n\n This change removes the assumption that an outgoing request will always have an endpoint and makes the authenticate_qualify option work once again.\n\nFinally, a security advisory, AST-2014-004, was released for a vulnerability fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are encouraged to upgrade to 12.1.1 to resolve both vulnerabilities.\n\nThese issues and their resolutions are described in the security advisories.\n\nFor more information about the details of these vulnerabilities, please read security advisories AST-2014-001, AST-2014-002, AST-2014-003, and AST-2014-004, which were released at the same time as this announcement.\n\nFor a full list of changes in the current releases, please see the ChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-1.8.15-cert5 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8.26.1 http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-11.6-cert2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-11.8.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-12.1.1\n\nThe security advisories are available at :\n\n - http://downloads.asterisk.org/pub/security/AST-2014-001.\n pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 2.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 3.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 4.pdf The Asterisk Development Team has announced the release of Asterisk 11.8.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 11.8.0 resolves several issues reported by the community and would have not been possible without your participation.\nThank you!\n\nThe following are the issues resolved in this release :\n\nBugs fixed in this release :\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-24T00:00:00", "id": "FEDORA_2014-3779.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73142", "published": "2014-03-22T00:00:00", "title": "Fedora 19 : asterisk-11.8.1-1.fc19 (2014-3779)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3779.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73142);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\", \"CVE-2014-2288\", \"CVE-2014-2289\");\n script_bugtraq_id(66093, 66094);\n script_xref(name:\"FEDORA\", value:\"2014-3779\");\n\n script_name(english:\"Fedora 19 : asterisk-11.8.1-1.fc19 (2014-3779)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk Development Team has announced security releases for\nCertified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The\navailable security releases are released as versions 1.8.15-cert5,\n11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.\n\nThese releases are available for immediate download at\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - AST-2014-001: Stack overflow in HTTP processing of\n Cookie headers.\n\n Sending a HTTP request that is handled by Asterisk with\n a large number of Cookie headers could overflow the\n stack.\n\n Another vulnerability along similar lines is any HTTP\n request with a ridiculous number of headers in the\n request could exhaust system memory.\n\n - AST-2014-002: chan_sip: Exit early on bad session timers\n request\n\n This change allows chan_sip to avoid creation of the\n channel and consumption of associated file descriptors\n altogether if the inbound request is going to be\n rejected anyway.\n\nAdditionally, the release of 12.1.1 resolves the following issue :\n\n - AST-2014-003: res_pjsip: When handling 401/407 responses\n don't assume a request will have an endpoint.\n\n This change removes the assumption that an outgoing\n request will always have an endpoint and makes the\n authenticate_qualify option work once again.\n\nFinally, a security advisory, AST-2014-004, was released for a\nvulnerability fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are\nencouraged to upgrade to 12.1.1 to resolve both vulnerabilities.\n\nThese issues and their resolutions are described in the security\nadvisories.\n\nFor more information about the details of these vulnerabilities,\nplease read security advisories AST-2014-001, AST-2014-002,\nAST-2014-003, and AST-2014-004, which were released at the same time\nas this announcement.\n\nFor a full list of changes in the current releases, please see the\nChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release\ns/ChangeLog-1.8.15-cert5\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-1.8.26.1\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release\ns/ChangeLog-11.6-cert2\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-11.8.1\nhttp://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo\ng-12.1.1\n\nThe security advisories are available at :\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-001.\n pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 2.pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 3.pdf\n\n -\n http://downloads.asterisk.org/pub/security/AST-2014-00\n 4.pdf The Asterisk Development Team has announced the\n release of Asterisk 11.8.0. This release is available\n for immediate download at\n http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 11.8.0 resolves several issues reported by the\ncommunity and would have not been possible without your participation.\nThank you!\n\nThe following are the issues resolved in this release :\n\nBugs fixed in this release :\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-001.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-002.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-003.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-004.pdf\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/telephony/asterisk/releases/\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.26.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68336dff\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.8.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cbb290c2\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.1.1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a9e33d8\"\n );\n # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert5\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d221303\"\n );\n # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd1dec6c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1074825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1074827\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7456a7c2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected asterisk package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"asterisk-11.8.1-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"asterisk\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:54", "bulletinFamily": "scanner", "description": "The Asterisk project reports :\n\nStack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request.\n\nDenial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers. An attacker can use all available file descriptors using SIP INVITE requests. Asterisk will respond with code 400, 420, or 422 for INVITEs meeting this criteria. Each INVITE meeting these conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly.\n\nRemote Crash Vulnerability in PJSIP channel driver. A remotely exploitable crash vulnerability exists in the PJSIP channel driver if the 'qualify_frequency' configuration option is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request. The response handling code wrongly assumes that a PJSIP endpoint will always be associated with an outgoing request which is incorrect.", "modified": "2018-12-19T00:00:00", "id": "FREEBSD_PKG_03159886A8A311E38F360025905A4771.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72953", "published": "2014-03-12T00:00:00", "title": "FreeBSD : asterisk -- multiple vulnerabilities (03159886-a8a3-11e3-8f36-0025905a4771)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72953);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\", \"CVE-2014-2288\");\n\n script_name(english:\"FreeBSD : asterisk -- multiple vulnerabilities (03159886-a8a3-11e3-8f36-0025905a4771)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Asterisk project reports :\n\nStack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP\nrequest that is handled by Asterisk with a large number of Cookie\nheaders could overflow the stack. You could even exhaust memory if you\nsent an unlimited number of headers in the request.\n\nDenial of Service Through File Descriptor Exhaustion with chan_sip\nSession-Timers. An attacker can use all available file descriptors\nusing SIP INVITE requests. Asterisk will respond with code 400, 420,\nor 422 for INVITEs meeting this criteria. Each INVITE meeting these\nconditions will leak a channel and several file descriptors. The file\ndescriptors cannot be released without restarting Asterisk which may\nallow intrusion detection systems to be bypassed by sending the\nrequests slowly.\n\nRemote Crash Vulnerability in PJSIP channel driver. A remotely\nexploitable crash vulnerability exists in the PJSIP channel driver if\nthe 'qualify_frequency' configuration option is enabled on an AOR and\nthe remote SIP server challenges for authentication of the resulting\nOPTIONS request. The response handling code wrongly assumes that a\nPJSIP endpoint will always be associated with an outgoing request\nwhich is incorrect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-001.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-002.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-003.pdf\"\n );\n # https://www.asterisk.org/security\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.asterisk.org/downloads/security-advisories\"\n );\n # https://vuxml.freebsd.org/freebsd/03159886-a8a3-11e3-8f36-0025905a4771.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43eb0eef\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:asterisk18\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"asterisk11<11.8.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"asterisk18<1.8.26.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:21:04", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been discovered and corrected in asterisk :\n\nSending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request (CVE-2014-2286).\n\nAn attacker can use all available file descriptors using SIP INVITE requests. Asterisk will respond with code 400, 420, or 422 for INVITEs meeting this criteria. Each INVITE meeting these conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly (CVE-2014-2287).\n\nThe updated packages has been upgraded to the 11.8.1 version which is not vulnerable to these issues.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2014-078.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73582", "published": "2014-04-17T00:00:00", "title": "Mandriva Linux Security Advisory : asterisk (MDVSA-2014:078)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:078. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73582);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2014-2286\", \"CVE-2014-2287\");\n script_bugtraq_id(66093, 66094);\n script_xref(name:\"MDVSA\", value:\"2014:078\");\n\n script_name(english:\"Mandriva Linux Security Advisory : asterisk (MDVSA-2014:078)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in \nasterisk :\n\nSending a HTTP request that is handled by Asterisk with a large number\nof Cookie headers could overflow the stack. You could even exhaust\nmemory if you sent an unlimited number of headers in the request\n(CVE-2014-2286).\n\nAn attacker can use all available file descriptors using SIP INVITE\nrequests. Asterisk will respond with code 400, 420, or 422 for INVITEs\nmeeting this criteria. Each INVITE meeting these conditions will leak\na channel and several file descriptors. The file descriptors cannot be\nreleased without restarting Asterisk which may allow intrusion\ndetection systems to be bypassed by sending the requests slowly\n(CVE-2014-2287).\n\nThe updated packages has been upgraded to the 11.8.1 version which is\nnot vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://downloads.asterisk.org/pub/security/AST-2014-002.html\"\n );\n # http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.8.1-summary.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?14c01017\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-cel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-corosync\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-dahdi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-fax\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-festival\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ices\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-jabber\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-jack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-minivm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mobile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mp3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-ooh323\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-osp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-oss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-pktccops\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-portaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-saycountpl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-skinny\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-speex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-tds\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-unistim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-plain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64asteriskssl1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-addons-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-devel-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-firmware-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-gui-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-alsa-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-calendar-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-cel-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-corosync-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-curl-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-dahdi-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-fax-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-festival-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ices-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-jabber-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-jack-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ldap-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-lua-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-minivm-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mobile-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mp3-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-mysql-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-ooh323-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-osp-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-oss-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-pgsql-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-pktccops-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-portaudio-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-radius-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-saycountpl-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-skinny-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-snmp-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-speex-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-sqlite-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-tds-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-unistim-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-imap-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"asterisk-plugins-voicemail-plain-11.8.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64asteriskssl1-11.8.1-1.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:55", "bulletinFamily": "scanner", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. \n\nA flaw exists in the PJSIP channel driver when handling 'SUBSCRIBE' requests. When Asterisk receives a 'SUBSCRIBE' request for a presence Event, with no Accept headers, it will try to access an invalid pointer to that header location. A remote attacker could exploit this flaw by sending a specially crafted request to cause the program to crash.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "modified": "2018-11-15T00:00:00", "id": "ASTERISK_AST_2014_004.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73022", "published": "2014-03-14T00:00:00", "title": "Asterisk PJSIP Channel Driver Subscription DoS (AST-2014-004)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73022);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2014-2289\");\n script_bugtraq_id(66096);\n\n script_name(english:\"Asterisk PJSIP Channel Driver Subscription DoS (AST-2014-004)\");\n script_summary(english:\"Checks version in SIP banner.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by a\ndenial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version in its SIP banner, the version of Asterisk\nrunning on the remote host is potentially affected by a denial of\nservice vulnerability. \n\nA flaw exists in the PJSIP channel driver when handling 'SUBSCRIBE'\nrequests. When Asterisk receives a 'SUBSCRIBE' request for a presence\nEvent, with no Accept headers, it will try to access an invalid\npointer to that header location. A remote attacker could exploit this\nflaw by sending a specially crafted request to cause the program to\ncrash.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk 12.1.0 or apply the appropriate patch listed in\nthe Asterisk advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n # https://www.asterisk.org/downloads/asterisk-news/security-release-asterisk-1815-cert5-18261-116-cert2-1181-1211-now-available\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9933e282\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2014-004.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-23139\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/14\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\n# see if we were able to get version info from the Asterisk SIP services\nasterisk_kbs = get_kb_list(\"sip/asterisk/*/version\");\nif (isnull(asterisk_kbs)) exit(1, \"Could not obtain any version information from the Asterisk SIP instance(s).\");\n\n# Prevent potential false positives.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from '\"+kb_name+\"'.\");\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port + \".\");\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing; log error\n # and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing.\");\n banner = 'unknown';\n }\n\n # Open Source 12.x < 12.1.0\n fixed = \"12.1.0\";\n\n if (\n version =~ \"^12\" &&\n (vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\") == -1) &&\n \"cert\" >!< tolower(version)\n )\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed + '\\n';\n security_warning(port:port, proto:proto, extra:report);\n }\n else security_warning(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln)\n exit(0);\n else\n audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk \" + not_vuln_installs[0]);\n else exit(0, \"The Asterisk installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:55", "bulletinFamily": "scanner", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. \n\nA flaw exists in the PJSIP channel driver when the 'quality_frequency' configuration is enabled on an AOR when the SIP server's challenges for authentication challenges of the 'OPTIONS' request. A remote attacker could use a specially crafted request to crash the program. \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "modified": "2018-11-15T00:00:00", "id": "ASTERISK_AST_2014_003.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73021", "published": "2014-03-14T00:00:00", "title": "Asterisk PJSIP Channel Driver Options DoS (AST-2014-003)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73021);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2014-2288\");\n script_bugtraq_id(66104);\n\n script_name(english:\"Asterisk PJSIP Channel Driver Options DoS (AST-2014-003)\");\n script_summary(english:\"Checks version in SIP banner\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by a\ndenial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version in its SIP banner, the version of Asterisk\nrunning on the remote host is potentially affected by a denial of\nservice vulnerability. \n\nA flaw exists in the PJSIP channel driver when the 'quality_frequency'\nconfiguration is enabled on an AOR when the SIP server's challenges for\nauthentication challenges of the 'OPTIONS' request. A remote attacker\ncould use a specially crafted request to crash the program. \n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk 12.1.1 or apply the appropriate patch listed in\nthe Asterisk advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n # https://www.asterisk.org/downloads/asterisk-news/security-release-asterisk-1815-cert5-18261-116-cert2-1181-1211-now-available\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9933e282\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2014-003.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-23210\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/14\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\n# see if we were able to get version info from the Asterisk SIP services\nasterisk_kbs = get_kb_list(\"sip/asterisk/*/version\");\nif (isnull(asterisk_kbs)) exit(1, \"Could not obtain any version information from the Asterisk SIP instance(s).\");\n\n# Prevent potential false positives.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from '\"+kb_name+\"'.\");\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port + \".\");\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing; log error\n # and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing.\");\n banner = 'unknown';\n }\n\n # Open Source 12.x < 12.1.1\n fixed = \"12.1.1\";\n\n if (\n version =~ \"^12\" &&\n (ver_compare(ver:version, fix:fixed, app:\"asterisk\") == -1) &&\n \"cert\" >!< tolower(version)\n )\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed + '\\n';\n security_warning(port:port, proto:proto, extra:report);\n }\n else security_warning(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln)\n exit(0);\n else\n audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk \" + not_vuln_installs[0]);\n else exit(0, \"The Asterisk installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:29:03", "bulletinFamily": "scanner", "description": "Brad Barnett found that the recent security update of Asterisk could cause immediate SIP termination due to an incomplete fix for CVE-2014-2287.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1:1.8.13.1~dfsg1-3+deb7u6.\n\nWe recommend that you upgrade your asterisk packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-07-09T00:00:00", "id": "DEBIAN_DLA-781.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=96459", "published": "2017-01-13T00:00:00", "title": "Debian DLA-781-2 : asterisk regression update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-781-2. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96459);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/07/09 14:30:26\");\n\n script_cve_id(\"CVE-2014-2287\");\n script_bugtraq_id(66094);\n\n script_name(english:\"Debian DLA-781-2 : asterisk regression update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Brad Barnett found that the recent security update of Asterisk could\ncause immediate SIP termination due to an incomplete fix for\nCVE-2014-2287.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1:1.8.13.1~dfsg1-3+deb7u6.\n\nWe recommend that you upgrade your asterisk packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/01/msg00039.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/asterisk\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-dahdi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-mobile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-mp3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-ooh323\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-voicemail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-voicemail-imapstorage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:asterisk-voicemail-odbcstorage\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"asterisk\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-config\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-dahdi\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-dbg\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-dev\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-doc\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-mobile\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-modules\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-mp3\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-mysql\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-ooh323\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-voicemail\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-voicemail-imapstorage\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"asterisk-voicemail-odbcstorage\", reference:\"1:1.8.13.1~dfsg1-3+deb7u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:55", "bulletinFamily": "scanner", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. \n\nA denial of service flaw exists with the SIP INVITE request handling. It is possible for a remote attacker to use all available file descriptors using SIP INVITE requests. These file descriptors cannot be released without restarting Asterisk, which could allow an attacker to bypass intrusion detection systems. \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "modified": "2018-11-15T00:00:00", "id": "ASTERISK_AST_2014_002.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73020", "published": "2014-03-14T00:00:00", "title": "Asterisk SIP File Descriptor Exhaustion with chan_sip Session-Timers DoS (AST-2014-002)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73020);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2014-2287\");\n script_bugtraq_id(66094);\n\n script_name(english:\"Asterisk SIP File Descriptor Exhaustion with chan_sip Session-Timers DoS (AST-2014-002)\");\n script_summary(english:\"Checks version in SIP banner\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by a\ndenial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version in its SIP banner, the version of Asterisk\nrunning on the remote host is potentially affected by a denial of\nservice vulnerability. \n\nA denial of service flaw exists with the SIP INVITE request handling. \nIt is possible for a remote attacker to use all available file\ndescriptors using SIP INVITE requests. These file descriptors cannot be\nreleased without restarting Asterisk, which could allow an attacker to\nbypass intrusion detection systems. \n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk 1.8.26.1 / 11.8.1 / 12.1.1 / Certified Asterisk\n1.8.15-cert5 / 11.6-cert2, or apply the appropriate patch listed in\nthe Asterisk advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n # https://www.asterisk.org/downloads/asterisk-news/security-release-asterisk-1815-cert5-18261-116-cert2-1181-1211-now-available\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9933e282\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2014-002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-23373\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/14\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\n# see if we were able to get version info from the Asterisk SIP services\nasterisk_kbs = get_kb_list(\"sip/asterisk/*/version\");\nif (isnull(asterisk_kbs)) exit(1, \"Could not obtain any version information from the Asterisk SIP instance(s).\");\n\n# Prevent potential false positives.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from '\"+kb_name+\"'.\");\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port + \".\");\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing; log error\n # and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing.\");\n banner = 'unknown';\n }\n\n # Open Source 1.8.x < 1.8.26.1\n if (version =~ \"^1\\.8([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"1.8.26.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 11.x < 11.8.1\n if (version =~ \"^11([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"11.8.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");;\n }\n\n # Open Source 12.x < 12.1.1\n if (version =~ \"^12([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"12.1.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");;\n }\n\n # Asterisk Certified 1.8.15-certx < 1.8.15-cert5\n if (version =~ \"^1\\.8\\.15([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"1.8.15-cert5\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Asterisk Certified 11.6-certx < 11.6-cert2\n if (version =~ \"^11\\.6([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"11.6-cert2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n if (vulnerable < 0)\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed + '\\n';\n security_warning(port:port, proto:proto, extra:report);\n }\n else security_warning(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln)\n exit(0);\n else\n audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk \" + not_vuln_installs[0]);\n else exit(0, \"The Asterisk installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:20:55", "bulletinFamily": "scanner", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. \n\nA stack overflow flaw exists when an HTTP request with a large number of cookie headers isn't properly validated. A remote attacker could potentially cause a denial of service if a request has an unlimited number of cookie headers in the request. \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "modified": "2018-11-15T00:00:00", "id": "ASTERISK_AST_2014_001.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73019", "published": "2014-03-14T00:00:00", "title": "Asterisk main/http.c DoS (AST-2014-001)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73019);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\"CVE-2014-2286\");\n script_bugtraq_id(66093);\n\n script_name(english:\"Asterisk main/http.c DoS (AST-2014-001)\");\n script_summary(english:\"Checks version in SIP banner\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A telephony application running on the remote host is affected by a\nstack overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version in its SIP banner, the version of Asterisk\nrunning on the remote host is potentially affected by a denial of\nservice vulnerability. \n\nA stack overflow flaw exists when an HTTP request with a large number of\ncookie headers isn't properly validated. A remote attacker could\npotentially cause a denial of service if a request has an unlimited\nnumber of cookie headers in the request. \n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Asterisk 1.8.26.1 / 11.8.1 / 12.1.1 / Certified Asterisk\n1.8.15-cert5 / 11.6-cert2, or apply the appropriate patch listed in the\nAsterisk advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n # https://www.asterisk.org/downloads/asterisk-news/security-release-asterisk-1815-cert5-18261-116-cert2-1181-1211-now-available\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9933e282\");\n script_set_attribute(attribute:\"see_also\", value:\"http://downloads.asterisk.org/pub/security/AST-2014-001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://issues.asterisk.org/jira/browse/ASTERISK-23340\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/14\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:digium:asterisk\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"asterisk_detection.nasl\");\n script_require_keys(\"asterisk/sip_detected\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"asterisk/sip_detected\");\n\n# see if we were able to get version info from the Asterisk SIP services\nasterisk_kbs = get_kb_list(\"sip/asterisk/*/version\");\nif (isnull(asterisk_kbs)) exit(1, \"Could not obtain any version information from the Asterisk SIP instance(s).\");\n\n# Prevent potential false positives.\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nis_vuln = FALSE;\nnot_vuln_installs = make_list();\nerrors = make_list();\n\nforeach kb_name (keys(asterisk_kbs))\n{\n vulnerable = 0;\n\n matches = eregmatch(pattern:\"/(udp|tcp)/([0-9]+)/version\", string:kb_name);\n if (isnull(matches))\n {\n errors = make_list(errors, \"Unexpected error parsing port number from '\"+kb_name+\"'.\");\n continue;\n }\n\n proto = matches[1];\n port = matches[2];\n version = asterisk_kbs[kb_name];\n\n if (version == 'unknown')\n {\n errors = make_list(errors, \"Unable to obtain version of install on \" + proto + \"/\" + port + \".\");\n continue;\n }\n\n banner = get_kb_item(\"sip/asterisk/\" + proto + \"/\" + port + \"/source\");\n if (!banner)\n {\n # We have version but banner is missing; log error\n # and use in version-check though.\n errors = make_list(errors, \"KB item 'sip/asterisk/\" + proto + \"/\" + port + \"/source' is missing.\");\n banner = 'unknown';\n }\n\n # Open Source 1.8.x < 1.8.26.1\n if (version =~ \"^1\\.8([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"1.8.26.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Open Source 11.x < 11.8.1\n if (version =~ \"^11([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"11.8.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");;\n }\n\n # Open Source 12.x < 12.1.1\n if (version =~ \"^12([^0-9]|$)\" && \"cert\" >!< tolower(version))\n {\n fixed = \"12.1.1\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");;\n }\n\n # Asterisk Certified 1.8.x-certx < 1.8.15-cert5\n if (version =~ \"^1\\.8([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"1.8.15-cert5\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n # Asterisk Certified 11.x-certx < 11.6-cert2\n if (version =~ \"^11([^0-9])\" && \"cert\" >< tolower(version))\n {\n fixed = \"11.6-cert2\";\n vulnerable = ver_compare(ver:version, fix:fixed, app:\"asterisk\");\n }\n\n if (vulnerable < 0)\n {\n is_vuln = TRUE;\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + banner +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed + '\\n';\n security_hole(port:port, proto:proto, extra:report);\n }\n else security_hole(port:port, proto:proto);\n }\n else not_vuln_installs = make_list(not_vuln_installs, version + \" on port \" + proto + \"/\" + port);\n}\n\nif (max_index(errors))\n{\n if (max_index(errors) == 1) errmsg = errors[0];\n else errmsg = 'Errors were encountered verifying installs : \\n ' + join(errors, sep:'\\n ');\n\n exit(1, errmsg);\n}\nelse\n{\n installs = max_index(not_vuln_installs);\n if (installs == 0)\n {\n if (is_vuln)\n exit(0);\n else\n audit(AUDIT_NOT_INST, \"Asterisk\");\n }\n else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, \"Asterisk \" + not_vuln_installs[0]);\n else exit(0, \"The Asterisk installs (\" + join(not_vuln_installs, sep:\", \") + \") are not affected.\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:54", "bulletinFamily": "unix", "description": "### Background\n\nAsterisk is an open source telephony engine and toolkit.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details. \n\n### Impact\n\nA remote attacker could possibly cause a Denial of Service condition.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Asterisk 11.* users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/asterisk-11.8.1\"\n \n\nAll Asterisk 1.8.* users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/asterisk-1.8.26.1\"", "modified": "2014-05-03T00:00:00", "published": "2014-05-03T00:00:00", "id": "GLSA-201405-05", "href": "https://security.gentoo.org/glsa/201405-05", "type": "gentoo", "title": "Asterisk: Denial of Service", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2016-09-03T20:12:56", "bulletinFamily": "NVD", "description": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.", "modified": "2014-04-21T13:37:29", "published": "2014-04-18T18:14:38", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2287", "id": "CVE-2014-2287", "title": "CVE-2014-2287", "type": "cve", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T20:12:59", "bulletinFamily": "NVD", "description": "res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.", "modified": "2014-04-21T13:50:19", "published": "2014-04-18T18:14:38", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2289", "id": "CVE-2014-2289", "title": "CVE-2014-2289", "type": "cve", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T20:12:57", "bulletinFamily": "NVD", "description": "The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency \"is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request,\" allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.", "modified": "2014-04-21T13:50:16", "published": "2014-04-18T18:14:38", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2288", "id": "CVE-2014-2288", "title": "CVE-2014-2288", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T20:12:55", "bulletinFamily": "NVD", "description": "main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.", "modified": "2014-04-21T13:20:45", "published": "2014-04-18T18:14:37", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2286", "id": "CVE-2014-2286", "title": "CVE-2014-2286", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:51", "bulletinFamily": "unix", "description": "\nThe Asterisk project reports:\n\nStack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP\n\t request that is handled by Asterisk with a large number of Cookie\n\t headers could overflow the stack. You could even exhaust memory if you\n\t sent an unlimited number of headers in the request.\nDenial of Service Through File Descriptor Exhaustion with chan_sip\n\t Session-Timers. An attacker can use all available file descriptors\n\t using SIP INVITE requests. Asterisk will respond with code 400, 420,\n\t or 422 for INVITEs meeting this criteria.\n\t Each INVITE meeting these conditions will leak a channel and several\n\t file descriptors. The file descriptors cannot be released without\n\t restarting Asterisk which may allow intrusion detection systems to be\n\t bypassed by sending the requests slowly.\nRemote Crash Vulnerability in PJSIP channel driver. A remotely\n\t exploitable crash vulnerability exists in the PJSIP channel driver if\n\t the \"qualify_frequency\" configuration option is enabled on an AOR and\n\t the remote SIP server challenges for authentication of the resulting\n\t OPTIONS request. The response handling code wrongly assumes that a\n\t PJSIP endpoint will always be associated with an outgoing request which\n\t is incorrect.\n\n", "modified": "2014-03-10T00:00:00", "published": "2014-03-10T00:00:00", "id": "03159886-A8A3-11E3-8F36-0025905A4771", "href": "https://vuxml.freebsd.org/freebsd/03159886-a8a3-11e3-8f36-0025905a4771.html", "title": "asterisk -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "description": "\r\n\r\n Asterisk Project Security Advisory - AST-2014-004\r\n\r\n Product Asterisk \r\n Summary Remote Crash Vulnerability in PJSIP Channel Driver \r\n Subscription Handling \r\n Nature of Advisory Denial of Service \r\n Susceptibility Remote Authenticated Sessions \r\n Severity Moderate \r\n Exploits Known No \r\n Reported On January 14th, 2014 \r\n Reported By Mark Michelson \r\n Posted On March 10, 2014 \r\n Last Updated On March 10, 2014 \r\n Advisory Contact Matt Jordan <mjordan AT digium DOT com> \r\n CVE Name CVE-2014-2289 \r\n\r\n Description A remotely exploitable crash vulnerability exists in the \r\n PJSIP channel driver's handling of SUBSCRIBE requests. If a \r\n SUBSCRIBE request is received for the presence Event, and \r\n that request has no Accept headers, Asterisk will attempt \r\n to access an invalid pointer to the header location. \r\n \r\n Note that this issue was fixed during a re-architecture of \r\n the res_pjsip_pubsub module in Asterisk 12.1.0. As such, \r\n this issue has already been resolved in a released version \r\n of Asterisk. This notification is being released for users \r\n of Asterisk 12.0.0. \r\n\r\n Resolution Upgrade to Asterisk 12.1.0, or apply the patch noted below \r\n to Asterisk 12.0.0. \r\n\r\n Affected Versions\r\n Product Release Series \r\n Asterisk Open Source 12.x 12.0.0 \r\n\r\n Corrected In \r\n Product Release \r\n Asterisk Open Source 12.1.0 \r\n\r\n Patches \r\n SVN URL Revision \r\n http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff Asterisk \r\n 12 \r\n\r\n Links https://issues.asterisk.org/jira/browse/ASTERISK-23139 \r\n\r\n Asterisk Project Security Advisories are posted at \r\n http://www.asterisk.org/security \r\n \r\n This document may be superseded by later versions; if so, the latest \r\n version will be posted at \r\n http://downloads.digium.com/pub/security/AST-2014-004.pdf and \r\n http://downloads.digium.com/pub/security/AST-2014-004.html \r\n\r\n Revision History\r\n Date Editor Revisions Made \r\n 03/05/14 Matt Jordan Initial Revision \r\n\r\n Asterisk Project Security Advisory - AST-2014-004\r\n Copyright (c) 2014 Digium, Inc. All Rights Reserved.\r\n Permission is hereby granted to distribute and publish this advisory in its\r\n original, unaltered form.\r\n", "modified": "2014-03-13T00:00:00", "published": "2014-03-13T00:00:00", "id": "SECURITYVULNS:DOC:30356", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30356", "title": "AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling", "type": "securityvulns", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "description": "\r\n\r\n Asterisk Project Security Advisory - AST-2014-003\r\n\r\n Product Asterisk \r\n Summary Remote Crash Vulnerability in PJSIP channel driver \r\n Nature of Advisory Denial of Service \r\n Susceptibility Remote Unauthenticated Sessions \r\n Severity Moderate \r\n Exploits Known No \r\n Reported On January 29, 2014 \r\n Reported By Joshua Colp <jcolp AT digium DOT com> \r\n Posted On March 10, 2014 \r\n Last Updated On March 10, 2014 \r\n Advisory Contact Joshua Colp <jcolp AT digium DOT com> \r\n CVE Name CVE-2014-2288 \r\n\r\n Description A remotely exploitable crash vulnerability exists in the \r\n PJSIP channel driver if the "qualify_frequency" \r\n configuration option is enabled on an AOR and the remote \r\n SIP server challenges for authentication of the resulting \r\n OPTIONS request. The response handling code wrongly assumes \r\n that a PJSIP endpoint will always be associated with an \r\n outgoing request which is incorrect. \r\n\r\n Resolution This patch adds a check when handling responses challenging \r\n for authentication. If no endpoint is associated with the \r\n request no retry with authentication will occur. \r\n\r\n Affected Versions\r\n Product Release Series \r\n Asterisk Open Source 12.x All \r\n\r\n Corrected In \r\n Product Release \r\n Asterisk Open Source 12.x 12.1.1 \r\n\r\n Patches \r\n SVN URL Revision \r\n http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff Asterisk \r\n 12 \r\n\r\n Links https://issues.asterisk.org/jira/browse/ASTERISK-23210 \r\n\r\n Asterisk Project Security Advisories are posted at \r\n http://www.asterisk.org/security \r\n \r\n This document may be superseded by later versions; if so, the latest \r\n version will be posted at \r\n http://downloads.digium.com/pub/security/AST-2014-003.pdf and \r\n http://downloads.digium.com/pub/security/AST-2014-003.html \r\n\r\n Revision History\r\n Date Editor Revisions Made \r\n 03/05/14 Joshua Colp Document Creation \r\n\r\n Asterisk Project Security Advisory - AST-2014-003\r\n Copyright (c) 2014 Digium, Inc. All Rights Reserved.\r\n Permission is hereby granted to distribute and publish this advisory in its\r\n original, unaltered form.\r\n", "modified": "2014-03-13T00:00:00", "published": "2014-03-13T00:00:00", "id": "SECURITYVULNS:DOC:30355", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30355", "title": "AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "description": "\r\n\r\n Asterisk Project Security Advisory - AST-2014-001\r\n\r\n Product Asterisk \r\n Summary Stack Overflow in HTTP Processing of Cookie Headers. \r\n Nature of Advisory Denial Of Service \r\n Susceptibility Remote Unauthenticated Sessions \r\n Severity Moderate \r\n Exploits Known No \r\n Reported On February 21, 2014 \r\n Reported By Lucas Molas, researcher at Programa STIC, Fundacion \r\n \r\n Dr. Manuel Sadosky, Buenos Aires, Argentina \r\n Posted On March 10, 2014 \r\n Last Updated On March 10, 2014 \r\n Advisory Contact Richard Mudgett <rmudgett AT digium DOT com> \r\n CVE Name CVE-2014-2286 \r\n\r\n Description Sending a HTTP request that is handled by Asterisk with a \r\n large number of Cookie headers could overflow the stack. \r\n You could even exhaust memory if you sent an unlimited \r\n number of headers in the request. \r\n\r\n Resolution The patched versions now handle headers in a fashion that \r\n prevents a stack overflow. Users should upgrade to a \r\n corrected version, apply the released patches, or disable \r\n HTTP support. \r\n\r\n Affected Versions\r\n Product Release Series \r\n Asterisk Open Source 1.8.x All versions \r\n Asterisk Open Source 11.x All versions \r\n Asterisk Open Source 12.x All versions \r\n Certified Asterisk 1.8.x All versions \r\n Certified Asterisk 11.x All versions \r\n\r\n Corrected In\r\n Product Release \r\n Asterisk Open Source 1.8.26.1, 11.8.1, 12.1.1 \r\n Certified Asterisk 1.8.15-cert5, 11.6-cert2 \r\n\r\n Patches \r\n SVN URL Revision \r\n http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff Asterisk \r\n 1.8 \r\n http://downloads.asterisk.org/pub/security/AST-2014-001-11.diff Asterisk \r\n 11 \r\n http://downloads.asterisk.org/pub/security/AST-2014-001-12.diff Asterisk \r\n 12 \r\n http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.15.diff Certified \r\n Asterisk \r\n 1.8.15 \r\n http://downloads.asterisk.org/pub/security/AST-2014-001-11.6.diff Certified \r\n Asterisk \r\n 11.6 \r\n\r\n Links https://issues.asterisk.org/jira/browse/ASTERISK-23340 \r\n\r\n Asterisk Project Security Advisories are posted at \r\n http://www.asterisk.org/security \r\n \r\n This document may be superseded by later versions; if so, the latest \r\n version will be posted at \r\n http://downloads.digium.com/pub/security/AST-2014-001.pdf and \r\n http://downloads.digium.com/pub/security/AST-2014-001.html \r\n\r\n Revision History\r\n Date Editor Revisions Made \r\n 03/10/14 Richard Mudgett Initial Revision. \r\n\r\n Asterisk Project Security Advisory - AST-2014-001\r\n Copyright (c) 2014 Digium, Inc. All Rights Reserved.\r\n Permission is hereby granted to distribute and publish this advisory in its\r\n original, unaltered form.\r\n", "modified": "2014-03-13T00:00:00", "published": "2014-03-13T00:00:00", "id": "SECURITYVULNS:DOC:30353", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30353", "title": "AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "description": "\r\n\r\n Asterisk Project Security Advisory - AST-2014-002\r\n\r\n Product Asterisk \r\n Summary Denial of Service Through File Descriptor Exhaustion \r\n with chan_sip Session-Timers \r\n Nature of Advisory Denial of Service \r\n Susceptibility Remote Authenticated or Anonymous Sessions \r\n Severity Moderate \r\n Exploits Known No \r\n Reported On 2014/02/25 \r\n Reported By Corey Farrell \r\n Posted On March 10, 2014 \r\n Last Updated On March 10, 2014 \r\n Advisory Contact Kinsey Moore <kmoore AT digium DOT com> \r\n CVE Name CVE-2014-2287 \r\n\r\n Description An attacker can use all available file descriptors using \r\n SIP INVITE requests. \r\n \r\n Knowledge required to achieve the attack: \r\n \r\n * Valid account credentials or anonymous dial in \r\n \r\n * A valid extension that can be dialed from the SIP account \r\n \r\n Trigger conditions: \r\n \r\n * chan_sip configured with "session-timers" set to \r\n "originate" or "accept" \r\n \r\n ** The INVITE request must contain either a Session-Expires \r\n or a Min-SE header with malformed values or values \r\n disallowed by the system's configuration. \r\n \r\n * chan_sip configured with "session-timers" set to "refuse" \r\n \r\n ** The INVITE request must offer "timer" in the "Supported" \r\n header \r\n \r\n Asterisk will respond with code 400, 420, or 422 for \r\n INVITEs meeting this criteria. Each INVITE meeting these \r\n conditions will leak a channel and several file \r\n descriptors. The file descriptors cannot be released \r\n without restarting Asterisk which may allow intrusion \r\n detection systems to be bypassed by sending the requests \r\n slowly. \r\n\r\n Resolution Upgrade to a version with the patch integrated or apply the \r\n appropriate patch. \r\n\r\n Affected Versions\r\n Product Release Series \r\n Asterisk Open Source 1.8.x All \r\n Asterisk Open Source 11.x All \r\n Asterisk Open Source 12.x All \r\n Certified Asterisk 1.8.15 All \r\n Certified Asterisk 11.6 All \r\n\r\n Corrected In \r\n Product Release \r\n Asterisk Open Source 1.8.x 1.8.26.1 \r\n Asterisk Open Source 11.x 11.8.1 \r\n Asterisk Open Source 12.x 12.1.1 \r\n Certified Asterisk 1.8.15 1.8.15-cert5 \r\n Certified Asterisk 11.6 11.6-cert2 \r\n\r\n Patches \r\n SVN URL Revision \r\n http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff Asterisk \r\n 1.8 \r\n http://downloads.asterisk.org/pub/security/AST-2014-002-11.diff Asterisk \r\n 11 \r\n http://downloads.asterisk.org/pub/security/AST-2014-002-12.diff Asterisk \r\n 12 \r\n http://downloads.asterisk.org/pub/security/AST-2014-002-11.6.diff Asterisk \r\n 11.6 \r\n Certified \r\n http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.15.diff Asterisk \r\n 1.8.15 \r\n Certified \r\n\r\n Links https://issues.asterisk.org/jira/browse/ASTERISK-23373 \r\n\r\n Asterisk Project Security Advisories are posted at \r\n http://www.asterisk.org/security \r\n \r\n This document may be superseded by later versions; if so, the latest \r\n version will be posted at \r\n http://downloads.digium.com/pub/security/AST-2014-002.pdf and \r\n http://downloads.digium.com/pub/security/AST-2014-002.html \r\n\r\n Revision History\r\n Date Editor Revisions Made \r\n 2014/03/04 Kinsey Moore Document Creation \r\n 2014/03/06 Kinsey Moore Corrections and Wording Clarification \r\n 2014/03/10 Kinsey Moore Added missing patch links \r\n\r\n Asterisk Project Security Advisory - AST-2014-002\r\n Copyright (c) 2014 Digium, Inc. All Rights Reserved.\r\n Permission is hereby granted to distribute and publish this advisory in its\r\n original, unaltered form.\r\n", "modified": "2014-03-13T00:00:00", "published": "2014-03-13T00:00:00", "id": "SECURITYVULNS:DOC:30354", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30354", "title": "AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers", "type": "securityvulns", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:49:47", "bulletinFamily": "unix", "description": "Package : asterisk\nVersion : 1:1.8.13.1~dfsg1-3+deb7u6\nCVE ID : CVE-2014-2287\n\nBrad Barnett found that the recent security update of Asterisk could\ncause immediate SIP termination due to an incomplete fix for\nCVE-2014-2287.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1:1.8.13.1~dfsg1-3+deb7u6.\n\nWe recommend that you upgrade your asterisk packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2017-01-27T12:19:38", "published": "2017-01-27T12:19:38", "id": "DEBIAN:DLA-781-2:535E8", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201701/msg00039.html", "title": "[SECURITY] [DLA 781-2] asterisk regression update", "type": "debian", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:48:46", "bulletinFamily": "unix", "description": "Package : asterisk\nVersion : 1:1.8.13.1~dfsg1-3+deb7u5\nCVE ID : CVE-2014-2287 CVE-2016-7551\nDebian Bug : 838832 741313\n\nTwo security vulnerabilities were discovered in Asterisk, an Open\nSource PBX and telephony toolkit.\n\nCVE-2014-2287\n\n channels/chan_sip.c in Asterisk when chan_sip has a certain\n configuration, allows remote authenticated users to cause a denial\n of service (channel and file descriptor consumption) via an INVITE\n request with a (1) Session-Expires or (2) Min-SE header with a\n malformed or invalid value.\n\nCVE-2016-7551\n\n The overlap dialing feature in chan_sip allows chan_sip to report\n to a device that the number that has been dialed is incomplete and\n more digits are required. If this functionality is used with a\n device that has performed username/password authentication RTP\n resources are leaked. This occurs because the code fails to release\n the old RTP resources before allocating new ones in this scenario.\n If all resources are used then RTP port exhaustion will occur and\n no RTP sessions are able to be set up.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1:1.8.13.1~dfsg1-3+deb7u5.\n\nWe recommend that you upgrade your asterisk packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2017-01-13T00:32:46", "published": "2017-01-13T00:32:46", "id": "DEBIAN:DLA-781-1:85351", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201701/msg00013.html", "title": "[SECURITY] [DLA 781-1] asterisk security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:49:48", "bulletinFamily": "unix", "description": "Package : asterisk\nVersion : 1:1.8.13.1~dfsg1-3+deb7u4\nCVE ID : CVE-2014-2286 CVE-2014-4046 CVE-2014-6610 CVE-2014-8412\n CVE-2014-8418 CVE-2015-3008\nDebian Bug : 741313 762164 771463 782411\n\n\nCVE-2014-6610\n Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1\n and Certified Asterisk 11.6 before 11.6-cert6, when using the\n res_fax_spandsp module, allows remote authenticated users to\n cause a denial of service (crash) via an out of call message,\n which is not properly handled in the ReceiveFax dialplan\n application.\n\nCVE-2014-4046\n Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1\n and Certified Asterisk 11.6 before 11.6-cert3 allows remote\n authenticated Manager users to execute arbitrary shell commands\n via a MixMonitor action.\n\nCVE-2014-2286\n main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x\n before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk\n 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote\n attackers to cause a denial of service (stack consumption) and\n possibly execute arbitrary code via an HTTP request with a large\n number of Cookie headers.\n\nCVE-2014-8412\n The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager\n Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1,\n 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1\n and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before\n 11.6-cert8 allows remote attackers to bypass the ACL restrictions\n via a packet with a source IP that does not share the address family\n as the first ACL entry.\n\nCVE-2014-8418\n The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32,\n 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and\n Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8\n allows remote authenticated users to gain privileges via a call from\n an external protocol, as demonstrated by the AMI protocol.\n\nCVE-2015-3008\n Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x\n before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28\n before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before\n 13.1-cert2, when registering a SIP TLS device, does not properly\n handle a null byte in a domain name in the subject's Common Name (CN)\n field of an X.509 certificate, which allows man-in-the-middle attackers\n to spoof arbitrary SSL servers via a crafted certificate issued by a\n legitimate Certification Authority.\n", "modified": "2016-05-03T20:35:22", "published": "2016-05-03T20:35:22", "id": "DEBIAN:DLA-455-1:8DCEA", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201605/msg00005.html", "title": "[SECURITY] [DLA 455-1] asterisk security update", "type": "debian", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:31:11", "bulletinFamily": "exploit", "description": "CVE ID:CVE-2014-2286\r\n\r\nAsterisk\u662f\u4e00\u6b3e\u5b9e\u73b0\u7535\u8bdd\u7528\u6237\u4ea4\u6362\u673a\uff08PBX\uff09\u529f\u80fd\u7684\u81ea\u7531\u8f6f\u4ef6\u3001\u5f00\u6e90\u8f6f\u4ef6\u3002\r\n\r\nAsterisk\u5728\u5904\u7406\u5305\u542b\u5927\u91cf\u8d85\u5927cookie\u5934\u7684\u8bf7\u6c42\u65f6\u5b58\u5728\u4e00\u4e2a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u6076\u610f\u8bf7\u6c42\u89e6\u53d1\u57fa\u4e8e\u6808\u7684\u6ea2\u51fa\uff0c\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\n0\nAsterisk Open Source 1.8.26.0\r\nAsterisk Open Source 11.8.0\r\nAsterisk Open Source 12.1.0\r\nCertified Asterisk 1.8.15-cert4\r\nCertified Asterisk 11.6-cert1\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nAsterisk\r\n-----\r\nAsterisk Open Source 1.8.26.1, 11.8.1, 12.1.1\u548cCertified Asterisk1.8.15-cert4\uff0c11.6-cert1\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.asterisk.org/", "modified": "2014-03-13T00:00:00", "published": "2014-03-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61785", "id": "SSV:61785", "title": "Asterisk\u7279\u5236HTTP Cookie\u5904\u7406\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:31:02", "bulletinFamily": "exploit", "description": "CVE ID:CVE-2014-2287\r\n\r\nAsterisk\u662f\u4e00\u6b3e\u5b9e\u73b0\u7535\u8bdd\u7528\u6237\u4ea4\u6362\u673a\uff08PBX\uff09\u529f\u80fd\u7684\u81ea\u7531\u8f6f\u4ef6\u3001\u5f00\u6e90\u8f6f\u4ef6\u3002\r\n\r\nAsterisk\u5904\u7406\u7279\u5236\u7684SIP INVITE\u8bf7\u6c42\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u7531\u4e8e\u6ca1\u6709\u6b63\u786e\u91ca\u653e\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u6076\u610f\u8bf7\u6c42\u6d88\u8017\u5b8c\u6240\u6709\u53ef\u7528\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\n0\nAsterisk Open Source 1.8.26.0\r\nAsterisk Open Source 11.8.0\r\nAsterisk Open Source 12.1.0\r\nCertified Asterisk 1.8.15-cert4\r\nCertified Asterisk 11.6-cert1\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nAsterisk\r\n-----\r\nAsterisk Open Source 1.8.26.1, 11.8.1, 12.1.1\u548cCertified Asterisk1.8.15-cert4\uff0c11.6-cert1\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.asterisk.org/", "modified": "2014-03-13T00:00:00", "published": "2014-03-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61784", "id": "SSV:61784", "title": "Asterisk SIP INVITE\u8bf7\u6c42\u5904\u7406\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}]}
