oval:org.mitre.oval:def:6950

Definition Id: oval:org.mitre.oval:def:6950

Oval ID:	oval:org.mitre.oval:def:6950
Title:	DSA-1952 asterisk -- several vulnerabilities, end-of-life announcement in oldstable
Description:	Several vulnerabilities have been discovered in asterisk, an Open Source PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems: It is possible to determine valid login names via probing, due to the IAX2 response from asterisk. It is possible to determine a valid SIP username, when Digest authentication and authalwaysreject are enabled. It is possible to determine a valid SIP username via multiple crafted REGISTER messages. It was discovered that asterisk contains an obsolete copy of the Prototype JavaScript framework, which is vulnerable to several security issues. This copy is unused and now removed from asterisk. It was discovered that it is possible to perform a denial of service attack via RTP comfort noise payload with a long data length. The current version in oldstable is not supported by upstream anymore and is affected by several security issues. Backporting fixes for these and any future issues has become unfeasible and therefore we need to drop our security support for the version in oldstable. We recommend that all asterisk users upgrade to the stable distribution.
Family:	unix	Class:	patch
Reference(s):	DSA-1952 CVE-2009-0041 CVE-2008-3903 CVE-2009-3727 CVE-2008-7220 CVE-2009-4055 CVE-2007-2383	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):	asterisk
Definition Synopsis:
Debian GNU/Linux 5.0 is installed Architecture section Architecture independent section Installed architecture is all AND Packages section asterisk-doc is earlier than 1:1.4.21.2~dfsg-3+lenny1 AND asterisk-dev is earlier than 1:1.4.21.2~dfsg-3+lenny1 AND asterisk-config is earlier than 1:1.4.21.2~dfsg-3+lenny1 AND asterisk-sounds-main is earlier than 1:1.4.21.2~dfsg-3+lenny1 AND asterisk-h323 is earlier than 1:1.4.21.2~dfsg-3+lenny1 AND asterisk is earlier than 1:1.4.21.2~dfsg-3+lenny1 AND asterisk-dbg is earlier than 1:1.4.21.2~dfsg-3+lenny1

Definition Id: oval:org.mitre.oval:def:6513

Oval ID:	oval:org.mitre.oval:def:6513
Title:	Debian GNU/Linux 5.0 is installed
Description:	Debian GNU/Linux 5.0 (lenny) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:5.0	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 5.0 is installed
Referenced By:
oval:org.mitre.oval:def:6950

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0225s

Facebook rss twitter linkedin mail