Test Kennung:	1.3.6.1.4.1.25623.1.0.60813
Kategorie:	Gentoo Local Security Checks
Titel:	Gentoo Security Advisory GLSA 200804-13 (asterisk)
Zusammenfassung:	The remote host is missing updates announced in;advisory GLSA 200804-13.
Beschreibung:	Summary: The remote host is missing updates announced in advisory GLSA 200804-13. Vulnerability Insight: Multiple vulnerabilities have been found in Asterisk allowing for SQL injection, session hijacking and unauthorized usage. Solution: All Asterisk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.2.27' CVSS Score: 8.8 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6170 BugTraq ID: 26647 http://www.securityfocus.com/bid/26647 Bugtraq: 20071129 AST-2007-026 - SQL Injection issue in cdr_pgsql (Google Search) http://www.securityfocus.com/archive/1/484388/100/0/threaded Debian Security Information: DSA-1417 (Google Search) http://www.debian.org/security/2007/dsa-1417 http://security.gentoo.org/glsa/glsa-200804-13.xml http://securitytracker.com/id?1019020 http://secunia.com/advisories/27827 http://secunia.com/advisories/27892 http://secunia.com/advisories/29242 http://secunia.com/advisories/29782 SuSE Security Announcement: SUSE-SR:2008:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://www.vupen.com/english/advisories/2007/4056 XForce ISS Database: asterisk-cdrpqsql-sql-injection(38765) https://exchange.xforce.ibmcloud.com/vulnerabilities/38765 Common Vulnerability Exposure (CVE) ID: CVE-2007-6430 BugTraq ID: 26928 http://www.securityfocus.com/bid/26928 Bugtraq: 20071218 AST-2007-027 - Database matching order permits host-based authentication to be ignored (Google Search) http://www.securityfocus.com/archive/1/485287/100/0/threaded Debian Security Information: DSA-1525 (Google Search) http://www.debian.org/security/2008/dsa-1525 http://www.osvdb.org/39519 http://www.securitytracker.com/id?1019110 http://secunia.com/advisories/28149 http://secunia.com/advisories/29456 http://securityreason.com/securityalert/3467 http://www.vupen.com/english/advisories/2007/4260 XForce ISS Database: asterisk-registration-security-bypass(39124) https://exchange.xforce.ibmcloud.com/vulnerabilities/39124 Common Vulnerability Exposure (CVE) ID: CVE-2008-1332 BugTraq ID: 28310 http://www.securityfocus.com/bid/28310 Bugtraq: 20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver (Google Search) http://www.securityfocus.com/archive/1/489818/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html http://securitytracker.com/id?1019629 http://secunia.com/advisories/29426 http://secunia.com/advisories/29470 http://secunia.com/advisories/29957 SuSE Security Announcement: SUSE-SR:2008:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://www.vupen.com/english/advisories/2008/0928 XForce ISS Database: asterisk-sip-security-bypass(41308) https://exchange.xforce.ibmcloud.com/vulnerabilities/41308
Copyright	Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.