9 - GLSA-201110-21

Executive Summary

Summary
Title	Asterisk: Multiple vulnerabilities

Informations
Name	GLSA-201110-21	First vendor Publication	2011-10-24
Vendor	Gentoo	Last vendor Modification	2011-10-24
Severity (Vendor)	High	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score	9	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	8	Authentication	Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities in Asterisk might allow unauthenticated remote attackers to execute arbitrary code.

Background

Asterisk is an open source telephony engine and toolkit.

Description

Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details.

Impact

An unauthenticated remote attacker may execute code with the privileges of the Asterisk process or cause a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All asterisk 1.6.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.6.2.18.2"

All asterisk 1.8.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.7.1"

References

[ 1 ] CVE-2011-1147 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1147
[ 2 ] CVE-2011-1174 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1174
[ 3 ] CVE-2011-1175 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1175
[ 4 ] CVE-2011-1507 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1507
[ 5 ] CVE-2011-1599 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1599
[ 6 ] CVE-2011-2529 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2529
[ 7 ] CVE-2011-2535 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2535
[ 8 ] CVE-2011-2536 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2536
[ 9 ] CVE-2011-2665 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2665
[ 10 ] CVE-2011-2666 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2666
[ 11 ] CVE-2011-4063 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4063

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201110-21.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201110-21.xml

CWE : Common Weakness Enumeration

%	Id	Name
33 %	CWE-20	Improper Input Validation
22 %	CWE-399	Resource Management Errors
22 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
11 %	CWE-200	Information Exposure
11 %	CWE-16	Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12914

Oval ID:	oval:org.mitre.oval:def:12914
Title:	DSA-2225-1 asterisk -- several
Description:	Several vulnerabilities have been discovered in Asterisk, an Open Source PBX and telephony toolkit. CVE-2011-1147 Matthew Nicholson discovered that incorrect handling of UDPTL packets may lead to denial of service of the execution of arbitrary code. CVE-2011-1174 Blake Cornell discovered that incorrect connection handling in the manager interface may lead to denial of service. CVE-2011-1175 Blake Cornell and Chris May discovered that incorrect TCP connection handling may lead to denial of service. CVE-2011-1507 Tzafrir Cohen discovered that insufficient limitation of connection requests in several TCP based services may lead to denial of service. CVE-2011-1599 Matthew Nicholson discovered a privilege escalation vulnerability in the manager interface.
Family:	unix	Class:	patch
Reference(s):	DSA-2225-1 CVE-2011-1147 CVE-2011-1174 CVE-2011-1175 CVE-2011-1507 CVE-2011-1599	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	asterisk
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND asterisk DPKG is earlier than 1:1.4.21.2~dfsg-3+lenny2.1 OR Release section Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND Installed architecture is all AND asterisk DPKG is earlier than 1:1.6.2.9-2+squeeze2

Definition Id: oval:org.mitre.oval:def:12933

Oval ID:	oval:org.mitre.oval:def:12933
Title:	DSA-2276-2 asterisk -- multiple denial of service
Description:	DSA 2276-1 for Asterisk in the oldstable distribution introduced a functionality bug which invokes an undefined symbol.
Family:	unix	Class:	patch
Reference(s):	DSA-2276-2 CVE-2011-2529 CVE-2011-2535	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	asterisk
Definition Synopsis:
Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND asterisk DPKG is earlier than 1.4.21.2~dfsg-3+lenny5

Definition Id: oval:org.mitre.oval:def:13073

Oval ID:	oval:org.mitre.oval:def:13073
Title:	DSA-2276-1 asterisk -- multiple denial of service
Description:	Paul Belanger reported a vulnerability in Asterisk identified as AST-2011-008 through which an unauthenticated attacker may crash an Asterisk server remotely. A package containing a null char causes the SIP header parser to alter unrelated memory structures. Jared Mauch reported a vulnerability in Asterisk identified as AST-2011-009 through which an unauthenticated attacker may crash an Asterisk server remotely. If a user sends a package with a Contact header with a missing left angle bracket the server will crash. A possible workaround is to disable chan_sip. The vulnerability identified as AST-2011-010 reported about an input validation error in the IAX2 channel driver. An unauthenticated attacker may crash an Asterisk server remotely by sending a crafted option control frame.
Family:	unix	Class:	patch
Reference(s):	DSA-2276-1 CVE-2011-2529 CVE-2011-2535	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	asterisk
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND asterisk DPKG is earlier than 1.4.21.2~dfsg-3+lenny3 OR Release section Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND Installed architecture is all AND asterisk DPKG is earlier than 1.6.2.9-2+squeeze3

Definition Id: oval:org.mitre.oval:def:18445

Oval ID:	oval:org.mitre.oval:def:18445
Title:	DSA-2493-1 asterisk - denial of service
Description:	Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit.
Family:	unix	Class:	patch
Reference(s):	DSA-2493-1 CVE-2012-2947 CVE-2012-2948 CVE-2011-2666	Version:	5
Platform(s):	Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	asterisk
Definition Synopsis:
Debian 6.0 is installed GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND asterisk DPKG is earlier than 1:1.6.2.9-2+squeeze6

CPE : Common Platform Enumeration

Type	Description	Count
Application	Asterisk Open Source cpe:2.3:a:asterisk:open_source:10.0.0:::::::* cpe:2.3:a:asterisk:open_source:1.8.7:::::::*	2
Application	Digium Asterisk cpe:2.3:a:digium:asterisk:1.8.4.3:::::::* cpe:2.3:a:digium:asterisk:1.8.4.2:::::::* cpe:2.3:a:digium:asterisk:1.8.4.1:::::::* cpe:2.3:a:digium:asterisk:1.8.4:::::::* cpe:2.3:a:digium:asterisk:1.8.4:rc1:::::: cpe:2.3:a:digium:asterisk:1.8.4:rc2:::::: cpe:2.3:a:digium:asterisk:1.8.4:rc3:::::: cpe:2.3:a:digium:asterisk:1.8.3.3:::::::* cpe:2.3:a:digium:asterisk:1.8.3.2:::::::* cpe:2.3:a:digium:asterisk:1.8.3.1:::::::* cpe:2.3:a:digium:asterisk:1.8.3:rc1:::::: cpe:2.3:a:digium:asterisk:1.8.3:rc2:::::: cpe:2.3:a:digium:asterisk:1.8.3:rc3:::::: cpe:2.3:a:digium:asterisk:1.8.3:::::::* cpe:2.3:a:digium:asterisk:1.8.2.4:::::::* cpe:2.3:a:digium:asterisk:1.8.2.3:::::::* cpe:2.3:a:digium:asterisk:1.8.2.2:::::::* cpe:2.3:a:digium:asterisk:1.8.2.1:::::::* cpe:2.3:a:digium:asterisk:1.8.2:::::::* cpe:2.3:a:digium:asterisk:1.8.1.2:::::::* cpe:2.3:a:digium:asterisk:1.8.1.1:::::::* cpe:2.3:a:digium:asterisk:1.8.1:::::::* cpe:2.3:a:digium:asterisk:1.8.1:rc1:::::: cpe:2.3:a:digium:asterisk:1.8.0:beta2:::::: cpe:2.3:a:digium:asterisk:1.8.0:beta3:::::: cpe:2.3:a:digium:asterisk:1.8.0:::::::* cpe:2.3:a:digium:asterisk:1.8.0:beta1:::::: cpe:2.3:a:digium:asterisk:1.8.0:rc4:::::: cpe:2.3:a:digium:asterisk:1.8.0:rc5:::::: cpe:2.3:a:digium:asterisk:1.8.0:rc2:::::: cpe:2.3:a:digium:asterisk:1.8.0:rc3:::::: cpe:2.3:a:digium:asterisk:1.8.0:beta4:::::: cpe:2.3:a:digium:asterisk:1.8.0:beta5:::::: cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:::::: cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.2.6:::::::* cpe:2.3:a:digium:asterisk:1.6.2.5:::::::* cpe:2.3:a:digium:asterisk:1.6.2.4:::::::* cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:::::: cpe:2.3:a:digium:asterisk:1.6.2.2:::::::* cpe:2.3:a:digium:asterisk:1.6.2.18.2:::::::* cpe:2.3:a:digium:asterisk:1.6.2.18.1:::::::* cpe:2.3:a:digium:asterisk:1.6.2.18:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.2.18:::::::* cpe:2.3:a:digium:asterisk:1.6.2.17.3:::::::* cpe:2.3:a:digium:asterisk:1.6.2.17.2:::::::* cpe:2.3:a:digium:asterisk:1.6.2.17.1:::::::* cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:::::: cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:::::: cpe:2.3:a:digium:asterisk:1.6.2.17:::::::* cpe:2.3:a:digium:asterisk:1.6.2.16.2:::::::* cpe:2.3:a:digium:asterisk:1.6.2.16.1:::::::* cpe:2.3:a:digium:asterisk:1.6.2.16:::::::* cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.2.1:::::::* cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:::::: cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:::::: cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:::::: cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:::::: cpe:2.3:a:digium:asterisk:1.6.2.0:::::::* cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:::::: cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:::::: cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:::::: cpe:2.3:a:digium:asterisk:1.6.1.9:::::::* cpe:2.3:a:digium:asterisk:1.6.1.8:::::::* cpe:2.3:a:digium:asterisk:1.6.1.7:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.1.7:rc2:::::: cpe:2.3:a:digium:asterisk:1.6.1.6:::::::* cpe:2.3:a:digium:asterisk:1.6.1.5:::::::* cpe:2.3:a:digium:asterisk:1.6.1.5:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.1.4:::::::* cpe:2.3:a:digium:asterisk:1.6.1.3:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.1.24:::::::* cpe:2.3:a:digium:asterisk:1.6.1.23:::::::* cpe:2.3:a:digium:asterisk:1.6.1.22:::::::* cpe:2.3:a:digium:asterisk:1.6.1.21:::::::* cpe:2.3:a:digium:asterisk:1.6.1.20:rc2:::::: cpe:2.3:a:digium:asterisk:1.6.1.20:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.1.20:::::::* cpe:2.3:a:digium:asterisk:1.6.1.2:::::::* cpe:2.3:a:digium:asterisk:1.6.1.19:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.1.19:rc3:::::: cpe:2.3:a:digium:asterisk:1.6.1.19:rc2:::::: cpe:2.3:a:digium:asterisk:1.6.1.19:::::::* cpe:2.3:a:digium:asterisk:1.6.1.18:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.1.18:rc2:::::: cpe:2.3:a:digium:asterisk:1.6.1.18:::::::* cpe:2.3:a:digium:asterisk:1.6.1.17:::::::* cpe:2.3:a:digium:asterisk:1.6.1.16:::::::* cpe:2.3:a:digium:asterisk:1.6.1.15:rc2:::::: cpe:2.3:a:digium:asterisk:1.6.1.14:::::::* cpe:2.3:a:digium:asterisk:1.6.1.13:::::::* cpe:2.3:a:digium:asterisk:1.6.1.13:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.1.12:::::::* cpe:2.3:a:digium:asterisk:1.6.1.12:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.1.11:::::::* cpe:2.3:a:digium:asterisk:1.6.1.10:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.1.10:rc2:::::: cpe:2.3:a:digium:asterisk:1.6.1.10:rc3:::::: cpe:2.3:a:digium:asterisk:1.6.1.10:::::::* cpe:2.3:a:digium:asterisk:1.6.1.1:::::::* cpe:2.3:a:digium:asterisk:1.6.1.0:rc5:::::: cpe:2.3:a:digium:asterisk:1.6.1.0:::::::* cpe:2.3:a:digium:asterisk:1.6.1.0:rc2:::::: cpe:2.3:a:digium:asterisk:1.6.1.0:rc3:::::: cpe:2.3:a:digium:asterisk:1.6.1.0:rc4:::::: cpe:2.3:a:digium:asterisk:1.6.1:beta4:::::: cpe:2.3:a:digium:asterisk:1.6.1:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.1:::::::* cpe:2.3:a:digium:asterisk:1.6.1:beta1:::::: cpe:2.3:a:digium:asterisk:1.6.1:beta2:::::: cpe:2.3:a:digium:asterisk:1.6.1:beta3:::::: cpe:2.3:a:digium:asterisk:1.6.0.9:::::::* cpe:2.3:a:digium:asterisk:1.6.0.8:::::::* cpe:2.3:a:digium:asterisk:1.6.0.7:::::::* cpe:2.3:a:digium:asterisk:1.6.0.6:::::::* cpe:2.3:a:digium:asterisk:1.6.0.5:::::::* cpe:2.3:a:digium:asterisk:1.6.0.4:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.0.3:::::::* cpe:2.3:a:digium:asterisk:1.6.0.3:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.0.26:::::::* cpe:2.3:a:digium:asterisk:1.6.0.25:::::::* cpe:2.3:a:digium:asterisk:1.6.0.24:::::::* cpe:2.3:a:digium:asterisk:1.6.0.23:rc2:::::: cpe:2.3:a:digium:asterisk:1.6.0.22:::::::* cpe:2.3:a:digium:asterisk:1.6.0.21:::::::* cpe:2.3:a:digium:asterisk:1.6.0.21:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.0.20:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.0.2:::::::* cpe:2.3:a:digium:asterisk:1.6.0.19:::::::* cpe:2.3:a:digium:asterisk:1.6.0.18:::::::* cpe:2.3:a:digium:asterisk:1.6.0.18:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.0.18:rc2:::::: cpe:2.3:a:digium:asterisk:1.6.0.18:rc3:::::: cpe:2.3:a:digium:asterisk:1.6.0.17:::::::* cpe:2.3:a:digium:asterisk:1.6.0.16:::::::* cpe:2.3:a:digium:asterisk:1.6.0.16:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.0.16:rc2:::::: cpe:2.3:a:digium:asterisk:1.6.0.15:::::::* cpe:2.3:a:digium:asterisk:1.6.0.14:::::::* cpe:2.3:a:digium:asterisk:1.6.0.14:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.0.13:::::::* cpe:2.3:a:digium:asterisk:1.6.0.12:::::::* cpe:2.3:a:digium:asterisk:1.6.0.11:rc1:::::: cpe:2.3:a:digium:asterisk:1.6.0.11:rc2:::::: cpe:2.3:a:digium:asterisk:1.6.0.11:::::::* cpe:2.3:a:digium:asterisk:1.6.0.10:::::::* cpe:2.3:a:digium:asterisk:1.6.0.1:::::::* cpe:2.3:a:digium:asterisk:1.6.0:::::::* cpe:2.3:a:digium:asterisk:1.6.0:beta7.1:::::: cpe:2.3:a:digium:asterisk:1.6.0:beta8:::::: cpe:2.3:a:digium:asterisk:1.6.0:beta3:::::: cpe:2.3:a:digium:asterisk:1.6.0:beta4:::::: cpe:2.3:a:digium:asterisk:1.6.0:beta5:::::: cpe:2.3:a:digium:asterisk:1.6.0:rc5:::::: cpe:2.3:a:digium:asterisk:1.6.0:rc6:::::: cpe:2.3:a:digium:asterisk:1.6.0:beta1:::::: cpe:2.3:a:digium:asterisk:1.6.0:beta2:::::: cpe:2.3:a:digium:asterisk:1.6.0:beta9:::::: cpe:2.3:a:digium:asterisk:1.6.0:rc4:::::: cpe:2.3:a:digium:asterisk:1.6.0:beta6:::::: cpe:2.3:a:digium:asterisk:1.6.0:beta7:::::: cpe:2.3:a:digium:asterisk:1.4.9:::::::* cpe:2.3:a:digium:asterisk:1.4.8:::::::* cpe:2.3:a:digium:asterisk:1.4.7.1:::::::* cpe:2.3:a:digium:asterisk:1.4.7:::::::* cpe:2.3:a:digium:asterisk:1.4.6:::::::* cpe:2.3:a:digium:asterisk:1.4.5:::::::* cpe:2.3:a:digium:asterisk:1.4.41.2:::::::* cpe:2.3:a:digium:asterisk:1.4.41.1:::::::* cpe:2.3:a:digium:asterisk:1.4.41:::::::* cpe:2.3:a:digium:asterisk:1.4.41:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.40.2:::::::* cpe:2.3:a:digium:asterisk:1.4.40.1:::::::* cpe:2.3:a:digium:asterisk:1.4.40:::::::* cpe:2.3:a:digium:asterisk:1.4.40:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.40:rc2:::::: cpe:2.3:a:digium:asterisk:1.4.40:rc3:::::: cpe:2.3:a:digium:asterisk:1.4.4:::::::* cpe:2.3:a:digium:asterisk:1.4.39.2:::::::* cpe:2.3:a:digium:asterisk:1.4.39.1:::::::* cpe:2.3:a:digium:asterisk:1.4.39:::::::* cpe:2.3:a:digium:asterisk:1.4.39:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.38:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.38:::::::* cpe:2.3:a:digium:asterisk:1.4.37:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.37:::::::* cpe:2.3:a:digium:asterisk:1.4.36:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.36:::::::* cpe:2.3:a:digium:asterisk:1.4.35:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.35:::::::* cpe:2.3:a:digium:asterisk:1.4.34:::::::* cpe:2.3:a:digium:asterisk:1.4.34:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.34:rc2:::::: cpe:2.3:a:digium:asterisk:1.4.33.1:::::::* cpe:2.3:a:digium:asterisk:1.4.33:::::::* cpe:2.3:a:digium:asterisk:1.4.33:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.33:rc2:::::: cpe:2.3:a:digium:asterisk:1.4.32:::::::* cpe:2.3:a:digium:asterisk:1.4.32:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.31:::::::* cpe:2.3:a:digium:asterisk:1.4.31:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.31:rc2:::::: cpe:2.3:a:digium:asterisk:1.4.30:::::::* cpe:2.3:a:digium:asterisk:1.4.30:rc3:::::: cpe:2.3:a:digium:asterisk:1.4.30:rc2:::::: cpe:2.3:a:digium:asterisk:1.4.3:::::::* cpe:2.3:a:digium:asterisk:1.4.29.1:::::::* cpe:2.3:a:digium:asterisk:1.4.29:::::::* cpe:2.3:a:digium:asterisk:1.4.29:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.28:::::::* cpe:2.3:a:digium:asterisk:1.4.28:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.27.1:::::::* cpe:2.3:a:digium:asterisk:1.4.27:::::::* cpe:2.3:a:digium:asterisk:1.4.27:rc5:::::: cpe:2.3:a:digium:asterisk:1.4.27:rc2:::::: cpe:2.3:a:digium:asterisk:1.4.27:rc3:::::: cpe:2.3:a:digium:asterisk:1.4.27:rc4:::::: cpe:2.3:a:digium:asterisk:1.4.27:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.26.3:::::::* cpe:2.3:a:digium:asterisk:1.4.26.2:::::::* cpe:2.3:a:digium:asterisk:1.4.26.1:::::::* cpe:2.3:a:digium:asterisk:1.4.26:rc5:::::: cpe:2.3:a:digium:asterisk:1.4.26:rc6:::::: cpe:2.3:a:digium:asterisk:1.4.26:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.26:rc2:::::: cpe:2.3:a:digium:asterisk:1.4.26:rc3:::::: cpe:2.3:a:digium:asterisk:1.4.26:rc4:::::: cpe:2.3:a:digium:asterisk:1.4.26:::::::* cpe:2.3:a:digium:asterisk:1.4.25.1:::::::* cpe:2.3:a:digium:asterisk:1.4.25:::::::* cpe:2.3:a:digium:asterisk:1.4.25:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.24.1:::::::* cpe:2.3:a:digium:asterisk:1.4.24:::::::* cpe:2.3:a:digium:asterisk:1.4.24:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.23.2:::::::* cpe:2.3:a:digium:asterisk:1.4.23.1:::::::* cpe:2.3:a:digium:asterisk:1.4.23:::::::* cpe:2.3:a:digium:asterisk:1.4.23:rc2:::::: cpe:2.3:a:digium:asterisk:1.4.23:rc3:::::: cpe:2.3:a:digium:asterisk:1.4.23:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.23:rc4:::::: cpe:2.3:a:digium:asterisk:1.4.22.2:::::::* cpe:2.3:a:digium:asterisk:1.4.22.1:::::::* cpe:2.3:a:digium:asterisk:1.4.22:::::::* cpe:2.3:a:digium:asterisk:1.4.22:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.22:rc2:::::: cpe:2.3:a:digium:asterisk:1.4.22:rc5:::::: cpe:2.3:a:digium:asterisk:1.4.22:rc3:::::: cpe:2.3:a:digium:asterisk:1.4.22:rc4:::::: cpe:2.3:a:digium:asterisk:1.4.21.2:::::::* cpe:2.3:a:digium:asterisk:1.4.21.1:::::::* cpe:2.3:a:digium:asterisk:1.4.21:rc2:::::: cpe:2.3:a:digium:asterisk:1.4.21:::::::* cpe:2.3:a:digium:asterisk:1.4.21:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.20.1:::::::* cpe:2.3:a:digium:asterisk:1.4.20:rc3:::::: cpe:2.3:a:digium:asterisk:1.4.20:::::::* cpe:2.3:a:digium:asterisk:1.4.20:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.20:rc2:::::: cpe:2.3:a:digium:asterisk:1.4.2:::::::* cpe:2.3:a:digium:asterisk:1.4.19.2:::::::* cpe:2.3:a:digium:asterisk:1.4.19.1:::::::* cpe:2.3:a:digium:asterisk:1.4.19:rc3:::::: cpe:2.3:a:digium:asterisk:1.4.19:rc4:::::: cpe:2.3:a:digium:asterisk:1.4.19:::::::* cpe:2.3:a:digium:asterisk:1.4.19:rc1:::::: cpe:2.3:a:digium:asterisk:1.4.19:rc2:::::: cpe:2.3:a:digium:asterisk:1.4.18:::::::* cpe:2.3:a:digium:asterisk:1.4.17:::::::* cpe:2.3:a:digium:asterisk:1.4.16.2:::::::* cpe:2.3:a:digium:asterisk:1.4.16.1:::::::* cpe:2.3:a:digium:asterisk:1.4.16:::::::* cpe:2.3:a:digium:asterisk:1.4.15:::::::* cpe:2.3:a:digium:asterisk:1.4.14:::::::* cpe:2.3:a:digium:asterisk:1.4.13:::::::* cpe:2.3:a:digium:asterisk:1.4.12.1:::::::* cpe:2.3:a:digium:asterisk:1.4.12:::::::* cpe:2.3:a:digium:asterisk:1.4.11:::::::* cpe:2.3:a:digium:asterisk:1.4.10.1:::::::* cpe:2.3:a:digium:asterisk:1.4.10:::::::* cpe:2.3:a:digium:asterisk:1.4.1:::::::* cpe:2.3:a:digium:asterisk:1.4.0:::::::* cpe:2.3:a:digium:asterisk:1.4.0:beta1:::::: cpe:2.3:a:digium:asterisk:1.4.0:beta2:::::: cpe:2.3:a:digium:asterisk:1.4.0:beta3:::::: cpe:2.3:a:digium:asterisk:1.4.0:beta4:::::: cpe:2.3:a:digium:asterisk:c.3.6.4:-:business:::::* cpe:2.3:a:digium:asterisk:c.3.6.3:-:business:::::* cpe:2.3:a:digium:asterisk:c.3.6.2:-:business:::::* cpe:2.3:a:digium:asterisk:c.3.3.2:-:business:::::* cpe:2.3:a:digium:asterisk:c.3.2.3:-:business:::::* cpe:2.3:a:digium:asterisk:c.3.2.2:-:business:::::* cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:::::* cpe:2.3:a:digium:asterisk:c.3.1.0:-:business:::::* cpe:2.3:a:digium:asterisk:c.3.0:-:business:::::* cpe:2.3:a:digium:asterisk:c.2.3:-:business:::::* cpe:2.3:a:digium:asterisk:c.1.8.1:-:business:::::* cpe:2.3:a:digium:asterisk:c.1.8.0:-:business:::::* cpe:2.3:a:digium:asterisk:c.1.6.2:-:business:::::* cpe:2.3:a:digium:asterisk:c.1.6.1:-:business:::::* cpe:2.3:a:digium:asterisk:c.1.6:-:business:::::* cpe:2.3:a:digium:asterisk:c.1.0:beta7:business:::::* cpe:2.3:a:digium:asterisk:c.1.0:beta8:business:::::*	307
Application	Digium Asterisknow cpe:2.3:a:digium:asterisknow:1.5:::::::*	1
Hardware	Digium s800i cpe:2.3:h:digium:s800i::::::::	1

OpenVAS Exploits

Date	Description
2012-08-10	Name : Debian Security Advisory DSA 2493-1 (asterisk) File : nvt/deb_2493_1.nasl
2012-04-02	Name : Fedora Update for asterisk FEDORA-2011-14480 File : nvt/gb_fedora_2011_14480_asterisk_fc16.nasl
2012-02-12	Name : Gentoo Security Advisory GLSA 201110-21 (Asterisk) File : nvt/glsa_201110_21.nasl
2011-11-11	Name : Fedora Update for asterisk FEDORA-2011-14538 File : nvt/gb_fedora_2011_14538_asterisk_fc15.nasl
2011-08-03	Name : FreeBSD Ports: asterisk14 File : nvt/freebsd_asterisk142.nasl
2011-08-03	Name : Debian Security Advisory DSA 2276-2 (asterisk) File : nvt/deb_2276_2.nasl
2011-08-03	Name : Debian Security Advisory DSA 2276-1 (asterisk) File : nvt/deb_2276_1.nasl
2011-07-18	Name : Fedora Update for asterisk FEDORA-2011-8914 File : nvt/gb_fedora_2011_8914_asterisk_fc14.nasl
2011-05-17	Name : Fedora Update for asterisk FEDORA-2011-6225 File : nvt/gb_fedora_2011_6225_asterisk_fc14.nasl
2011-05-12	Name : FreeBSD Ports: asterisk14 File : nvt/freebsd_asterisk141.nasl
2011-05-12	Name : Debian Security Advisory DSA 2225-1 (asterisk) File : nvt/deb_2225_1.nasl
2011-05-10	Name : Fedora Update for asterisk FEDORA-2011-6208 File : nvt/gb_fedora_2011_6208_asterisk_fc13.nasl
2011-04-01	Name : Fedora Update for asterisk FEDORA-2011-3942 File : nvt/gb_fedora_2011_3942_asterisk_fc14.nasl
2011-04-01	Name : Fedora Update for asterisk FEDORA-2011-3945 File : nvt/gb_fedora_2011_3945_asterisk_fc13.nasl
2011-03-15	Name : Fedora Update for asterisk FEDORA-2011-2438 File : nvt/gb_fedora_2011_2438_asterisk_fc14.nasl
2011-03-15	Name : Fedora Update for asterisk FEDORA-2011-2558 File : nvt/gb_fedora_2011_2558_asterisk_fc13.nasl
2011-03-05	Name : FreeBSD Ports: asterisk14 File : nvt/freebsd_asterisk140.nasl
0000-00-00	Name : FreeBSD Ports: asterisk18 File : nvt/freebsd_asterisk181.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
76784	Asterisk SIP Channel Driver chan_sip.c Uninitialized Variable Request Parsing...
74352	Asterisk SIP Channel Driver Default Configuration Invalid SIP Request Usernam...
73434	Asterisk Multiple Products Manager Interface manager.c Originate Action Remot...
73433	Asterisk Multiple Products Unauthenticated Session Connection Saturation Remo...
73406	Asterisk tcptls.c TLS API TCP Session Saturation NULL Dereference Remote DoS
73405	Asterisk manager.c Manager Session Invalid Data Saturation Remote DoS
73309	Asterisk channels/chan_iax2.c iax2_setoption() Function Invalid Pointer DoS
73308	Asterisk channels/sip/reqresp_parser.c get_in_brackets_full() Function NULL D...
73307	Asterisk channels/chan_sip.c sipsock_read() Function NULL Byte Memory Corrupt...
73257	Asterisk SIP Multiple Message Response Username Enumeration
70968	Asterisk main/udptl.c Multiple Function UPDTL Packet Handling Overflow Asterisk is prone to an overflow condition. The 'decode_open_type()' and 'udptl_rx_packet()' functions in 'main/udptl.c' fail to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted UDPTL packet, a remote attacker can potentially execute arbitrary code.

Snort® IPS/IDS

Date	Description
2014-01-10	Digium Asterisk channel driver denial of service attempt RuleID : 21103 - Revision : 4 - Type : PROTOCOL-VOIP
2014-01-10	Digium Asterisk channel driver denial of service attempt RuleID : 21102 - Revision : 4 - Type : PROTOCOL-VOIP
2014-01-10	Digium Asterisk channel driver denial of service attempt RuleID : 21101 - Revision : 7 - Type : PROTOCOL-VOIP
2014-01-10	Digium Asterisk UDPTL processing overflow attempt RuleID : 19167 - Revision : 10 - Type : PROTOCOL-VOIP

Nessus® Vulnerability Scanner

Date	Description
2012-06-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2493.nasl - Type : ACT_GATHER_INFO
2011-11-22	Name : A telephony application running on the remote host is affected by an informat... File : asterisk_ast_2011_011.nasl - Type : ACT_GATHER_INFO
2011-11-22	Name : A telephony application running on the remote host is affected by a denial of... File : asterisk_ast_2011_012.nasl - Type : ACT_GATHER_INFO
2011-11-14	Name : The remote Fedora host is missing a security update. File : fedora_2011-14538.nasl - Type : ACT_GATHER_INFO
2011-11-14	Name : The remote Fedora host is missing a security update. File : fedora_2011-14480.nasl - Type : ACT_GATHER_INFO
2011-10-25	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-21.nasl - Type : ACT_GATHER_INFO
2011-10-18	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a95092a6f8f111e0a7ea00215c6a37bb.nasl - Type : ACT_GATHER_INFO
2011-07-13	Name : The remote Fedora host is missing a security update. File : fedora_2011-8914.nasl - Type : ACT_GATHER_INFO
2011-07-12	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2276.nasl - Type : ACT_GATHER_INFO
2011-06-29	Name : A telephony application running on the remote host is affected by multiple de... File : asterisk_ast_2011_010.nasl - Type : ACT_GATHER_INFO
2011-06-27	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_40544e8c9f7b11e09bec6c626dd55a41.nasl - Type : ACT_GATHER_INFO
2011-05-17	Name : The remote Fedora host is missing a security update. File : fedora_2011-6225.nasl - Type : ACT_GATHER_INFO
2011-05-09	Name : The remote Fedora host is missing a security update. File : fedora_2011-6208.nasl - Type : ACT_GATHER_INFO
2011-04-27	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2225.nasl - Type : ACT_GATHER_INFO
2011-04-27	Name : The remote Fedora host is missing a security update. File : fedora_2011-5835.nasl - Type : ACT_GATHER_INFO
2011-04-25	Name : A telephony application running on the remote host is affected by multiple de... File : asterisk_ast_2011_006.nasl - Type : ACT_GATHER_INFO
2011-04-22	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3c7d565a6c6411e0813a6c626dd55a41.nasl - Type : ACT_GATHER_INFO
2011-04-01	Name : The remote Fedora host is missing a security update. File : fedora_2011-3942.nasl - Type : ACT_GATHER_INFO
2011-04-01	Name : The remote Fedora host is missing a security update. File : fedora_2011-3945.nasl - Type : ACT_GATHER_INFO
2011-03-29	Name : The remote Fedora host is missing a security update. File : fedora_2011-3958.nasl - Type : ACT_GATHER_INFO
2011-03-18	Name : A telephony application running on the remote host is affected by multiple de... File : asterisk_ast_2011_003.nasl - Type : ACT_GATHER_INFO
2011-03-14	Name : The remote Fedora host is missing a security update. File : fedora_2011-2558.nasl - Type : ACT_GATHER_INFO
2011-03-10	Name : The remote Fedora host is missing a security update. File : fedora_2011-2438.nasl - Type : ACT_GATHER_INFO
2011-03-07	Name : The remote Fedora host is missing a security update. File : fedora_2011-2360.nasl - Type : ACT_GATHER_INFO
2011-02-23	Name : A telephony application running on the remote host is affected by multiple bu... File : asterisk_ast_2011_002.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:37:03	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	9
Oval ID(s)	4
CPE ID(s)	311
osvdb(s)	11
Openvas Exploit(s)	18
Snort® Rule(s)	4
Nessus® Exploit(s)	25

	Related
9	CVE-2011-1599
6.8	CVE-2011-4063
6.8	CVE-2011-1147
5	CVE-2011-2666
5	CVE-2011-2665
5	CVE-2011-2536
5	CVE-2011-2535
5	CVE-2011-2529
5	CVE-2011-1507
5	CVE-2011-1175
5	CVE-2011-1174
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 11 more Alert(s)

9 - GLSA-201110-21

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU