Executive Summary
Summary | |
---|---|
Title | New Asterisk packages fix arbitrary code execution |
Informations | |||
---|---|---|---|
Name | DSA-1229 | First vendor Publication | 2006-12-06 |
Vendor | Debian | Last vendor Modification | 2006-12-06 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Adam Boileau discovered an integer overflow in the Skinny channel driver in Asterisk, an Open Source Private Branch Exchange or telephone system, as used by Cisco SCCP phones, which allows remote attackers to execute arbitrary code. For the stable distribution (sarge) this problem has been fixed in version 1.0.7.dfsg.1-2sarge4. For the unstable distribution (sid) this problem has been fixed in version 1.2.13~dfsg-1. We recommend that you upgrade your asterisk packages. |
Original Source
Url : http://www.debian.org/security/2006/dsa-1229 |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200610-15 (asterisk) File : nvt/glsa_200610_15.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1229-1 (asterisk) File : nvt/deb_1229_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
29972 | Asterisk Skinny Channel Driver (chan_skinny) get_input Function Remote Overflow A remote overflow exists in Asterisk. The function get_input in chan_skinny.c fails to check integer values resulting in a heap overflow. With a specially crafted request, an attacker can cause the service to terminate or possibly execute arbitrary code. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Digium Asterisk data length field overflow attempt RuleID : 20670 - Revision : 7 - Type : PROTOCOL-VOIP |
2014-01-10 | Digium Asterisk data length field overflow attempt RuleID : 12359 - Revision : 11 - Type : PROTOCOL-VOIP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_asterisk-2272.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_069.nasl - Type : ACT_GATHER_INFO |
2006-12-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1229.nasl - Type : ACT_GATHER_INFO |
2006-10-31 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200610-15.nasl - Type : ACT_GATHER_INFO |
2006-10-19 | Name : A telephony application running on the remote host is affected by a heap over... File : asterisk_chan_skinny_dlen_overflow.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:26:24 |
|