NASLDB: Debian DSA-2367-1 : asterisk - several vulnerabilities
General
ID: 57507
Name: Debian DSA-2367-1 : asterisk – several vulnerabilities
Summary: Checks dpkg output for the updated package
Credits: –
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Temporal Vector: –
Port: 0
Family: Debian Local Security Checks
Type: Local
Description
Several vulnerabilities have been discovered in Asterisk, an Open
Source PBX and telephony toolkit :
– CVE-2011-4597
Ben Williams discovered that it was possible to
enumerate SIP user names in some configurations. Please
see the upstream advisory for details.
This update only modifies the sample sip.conf configuration file.
Please see README.Debian for more information on how to update your
installation.
– CVE-2011-4598
Kristijan Vrban discovered that Asterisk can be crashed
with malformed SIP packets if the ‘automon’ feature is
enabled.
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: CVE-2011-4597
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: 2011/12/19
Plugin Release: 2012/01/12
Plugin
Version: 1.1
Filename: debian_DSA-2367.nasl
Filesize: 3665 bytes
MD5 Hash: 15b09843cf44b8f5a0c74a7bf4be49ca
Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"
Copyright: This script is© 2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack