Executive Summary

Summary
Titleasterisk security update
Informations
NameDSA-2460First vendor Publication2012-04-25
VendorDebianLast vendor Modification2012-04-25
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Cvss Base Score6.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities were discovered in the Asterisk PBX and telephony toolkit:

CVE-2012-1183

Russell Bryant discovered a buffer overflow in the Milliwatt application.

CVE-2012-2414

David Woolley discovered a privilege escalation in the Asterisk manager interface.

CVE-2012-2415

Russell Bryant discovered a buffer overflow in the Skinny driver.

For the stable distribution (squeeze), this problem has been fixed in version 1:1.6.2.9-2+squeeze5.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your asterisk packages.

Original Source

Url : http://www.debian.org/security/2012/dsa-2460

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-287Improper Authentication

CPE : Common Platform Enumeration

TypeDescriptionCount
Application153
Application349

OpenVAS Exploits

DateDescription
2012-08-30Name : Fedora Update for asterisk FEDORA-2012-4230
File : nvt/gb_fedora_2012_4230_asterisk_fc17.nasl
2012-08-30Name : Fedora Update for asterisk FEDORA-2012-6704
File : nvt/gb_fedora_2012_6704_asterisk_fc17.nasl
2012-08-10Name : Gentoo Security Advisory GLSA 201206-05 (Asterisk)
File : nvt/glsa_201206_05.nasl
2012-05-08Name : Fedora Update for asterisk FEDORA-2012-6724
File : nvt/gb_fedora_2012_6724_asterisk_fc15.nasl
2012-05-04Name : Fedora Update for asterisk FEDORA-2012-6612
File : nvt/gb_fedora_2012_6612_asterisk_fc16.nasl
2012-04-30Name : FreeBSD Ports: asterisk16
File : nvt/freebsd_asterisk160.nasl
2012-04-30Name : Gentoo Security Advisory GLSA 201203-21 (Asterisk)
File : nvt/glsa_201203_21.nasl
2012-04-30Name : Debian Security Advisory DSA 2460-1 (asterisk)
File : nvt/deb_2460_1.nasl
2012-04-02Name : Fedora Update for asterisk FEDORA-2012-4259
File : nvt/gb_fedora_2012_4259_asterisk_fc15.nasl
2012-04-02Name : Fedora Update for asterisk FEDORA-2012-4318
File : nvt/gb_fedora_2012_4318_asterisk_fc16.nasl

Snort® IPS/IDS

DateDescription
2014-01-10Digium Asterisk SCCP keypad button message denial of service attempt
RuleID : 24720 - Revision : 2 - Type : PROTOCOL-VOIP
2014-01-10Digium Asterisk SCCP call state message offhook
RuleID : 24719 - Revision : 3 - Type : PROTOCOL-VOIP
2014-01-10Digium Asterisk Manager command shell execution attempt
RuleID : 23210 - Revision : 5 - Type : PROTOCOL-VOIP
2014-01-10Digium Asterisk Manager command shell execution attempt
RuleID : 23209 - Revision : 5 - Type : PROTOCOL-VOIP

Nessus® Vulnerability Scanner

DateDescription
2012-06-21Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201203-21.nasl - Type : ACT_GATHER_INFO
2012-06-21Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-05.nasl - Type : ACT_GATHER_INFO
2012-05-07Name : The remote Fedora host is missing a security update.
File : fedora_2012-6704.nasl - Type : ACT_GATHER_INFO
2012-05-07Name : The remote Fedora host is missing a security update.
File : fedora_2012-6724.nasl - Type : ACT_GATHER_INFO
2012-05-04Name : The remote Fedora host is missing a security update.
File : fedora_2012-6612.nasl - Type : ACT_GATHER_INFO
2012-04-27Name : The version of Asterisk installed on the remote host may be affected by a pri...
File : asterisk_ast_2012_004.nasl - Type : ACT_GATHER_INFO
2012-04-27Name : The version of Asterisk installed on the remote host may be affected by a hea...
File : asterisk_ast_2012_005.nasl - Type : ACT_GATHER_INFO
2012-04-26Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2460.nasl - Type : ACT_GATHER_INFO
2012-04-24Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_1c5abbe28d7f11e1a37414dae9ebcf89.nasl - Type : ACT_GATHER_INFO
2012-04-12Name : The remote Fedora host is missing a security update.
File : fedora_2012-4230.nasl - Type : ACT_GATHER_INFO
2012-04-02Name : The remote Fedora host is missing a security update.
File : fedora_2012-4259.nasl - Type : ACT_GATHER_INFO
2012-04-02Name : The remote Fedora host is missing a security update.
File : fedora_2012-4318.nasl - Type : ACT_GATHER_INFO
2012-03-22Name : The version of Asterisk installed on the remote host may be affected by a den...
File : asterisk_ast_2012_002.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:31:02
  • Multiple Updates