scip AG

NASLDB: Fedora 17 : asterisk-10.5.2-1.fc17 (2012-10324)

General

ID: 60069
Name: Fedora 17 : asterisk-10.5.2-1.fc17 (2012-10324)

Summary: Checks rpm output for the updated package

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS Temporal Vector: –

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.11 and Asterisk 1.8 and 10. The available
security releases are released as versions 1.8.11-cert4, 1.8.13.1,
10.5.2, and 10.5.2-digiumphones.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, and
10.5.2-digiumphones resolve the following two issues :

– If Asterisk sends a re-invite and an endpoint responds
to the re-invite with a provisional response but never
sends a final response, then the SIP dialog structure is
never freed and the RTP ports for the call are never
released. If an attacker has the ability to place a
call, they could create a denial of service by using all
available RTP ports.

– If a single voicemail account is manipulated by two
parties simultaneously, a condition can occur where
memory is freed twice causing a crash.

These issues and their resolution are described in the security
advisories.

For more information about the details of these vulnerabilities,
please read security advisories AST-2012-010 and AST-2012-011, which
were released at the same time as this announcement.

For a full list of changes in the current releases, please see the
ChangeLogs :

http://downloads.asterisk.org/pub/telephony/certified-asterisk/release
s/ChangeLog-1.8.11-cert4
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo
g-1.8.13.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo
g-10.5.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo
g-10.5.2-digiumphones

The security advisories are available at :

–
http://downloads.asterisk.org/pub/security/AST-2012-010.
pdf

–
http://downloads.asterisk.org/pub/security/AST-2012-01
1.pdf

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-3812
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/07/06
Plugin Release: 2012/07/20

Plugin

Version: 1.2
Filename: fedora_2012-10324.nasl
Filesize: 5847 bytes
MD5 Hash: ed05f4910b5dcaeb2ff6c987dc27fa8b

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.

Letzte Plugins

• Letzte Plugins
  • USN-1611-1 : thunderbird vulnerabilities
  • USN-1610-1 : linux vulnerability
  • USN-1609-1 : linux-ti-omap4 vulnerability
  • SuSE 10 Security Update : PostgreSQL
  • RHSA-2012-1364: bind97
  • RHSA-2012-1363: bind
  • RHSA-2012-1362: thunderbird
  • RHSA-2012-1361: xulrunner
  • Mandriva Linux Security Advisory : graphicsmagick
  • FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack

• Archiv
• scip VulDB
• Syndication
  • RSS
  • Twitter