FreeBSD Local Security Checks : FreeBSD Ports: asterisk14

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.69996

Kategorie: FreeBSD Local Security Checks

Titel: FreeBSD Ports: asterisk14

Zusammenfassung: The remote host is missing an update to the system; as announced in the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

asterisk14
asterisk16
asterisk18

CVE-2011-2529
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x
before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle
'\0' characters in SIP packets, which allows remote attackers to cause
a denial of service (memory corruption) or possibly have unspecified
other impact via a crafted packet.

CVE-2011-2535
chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x
before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3,
and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory
address contained in an option control frame, which allows remote
attackers to cause a denial of service (daemon crash) or possibly have
unspecified other impact via a crafted frame.

CVE-2011-2536
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x
before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4,
and Asterisk Business Edition C.3.x before C.3.7.3, disregards the
alwaysauthreject option and generates different responses for invalid
SIP requests depending on whether the user account exists, which
allows remote attackers to enumerate account names via a series of
requests.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-2529
BugTraq ID: 48431
http://www.securityfocus.com/bid/48431
Debian Security Information: DSA-2276 (Google Search)
http://www.debian.org/security/2011/dsa-2276
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html
http://www.osvdb.org/73307
http://securitytracker.com/id?1025706
http://secunia.com/advisories/45048
http://secunia.com/advisories/45201
http://secunia.com/advisories/45239
XForce ISS Database: asterisk-sipsockread-dos(68203)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68203
Common Vulnerability Exposure (CVE) ID: CVE-2011-2535
http://www.osvdb.org/73309
http://securitytracker.com/id?1025708
http://secunia.com/advisories/44973
XForce ISS Database: asterisk-iax2channeldriver-dos(68205)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68205
Common Vulnerability Exposure (CVE) ID: CVE-2011-2536
http://www.securitytracker.com/id?1025734

Copyright Copyright (C) 2011 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.69996
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: asterisk14
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: asterisk14 asterisk16 asterisk18 CVE-2011-2529 chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet. CVE-2011-2535 chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. CVE-2011-2536 chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2529 BugTraq ID: 48431 http://www.securityfocus.com/bid/48431 Debian Security Information: DSA-2276 (Google Search) http://www.debian.org/security/2011/dsa-2276 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html http://www.osvdb.org/73307 http://securitytracker.com/id?1025706 http://secunia.com/advisories/45048 http://secunia.com/advisories/45201 http://secunia.com/advisories/45239 XForce ISS Database: asterisk-sipsockread-dos(68203) https://exchange.xforce.ibmcloud.com/vulnerabilities/68203 Common Vulnerability Exposure (CVE) ID: CVE-2011-2535 http://www.osvdb.org/73309 http://securitytracker.com/id?1025708 http://secunia.com/advisories/44973 XForce ISS Database: asterisk-iax2channeldriver-dos(68205) https://exchange.xforce.ibmcloud.com/vulnerabilities/68205 Common Vulnerability Exposure (CVE) ID: CVE-2011-2536 http://www.securitytracker.com/id?1025734
Copyright	Copyright (C) 2011 E-Soft Inc.