 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2014.0171 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2014-0171) |
| Zusammenfassung: | The remote host is missing an update for the 'asterisk' package(s) announced via the MGASA-2014-0171 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'asterisk' package(s) announced via the MGASA-2014-0171 advisory. Vulnerability Insight: Updated asterisk packages fix security vulnerabilities: In Asterisk before 11.6.1, a 16 bit SMS message that contains an odd message length value will cause the message decoding loop to run forever. The message buffer is not on the stack but will be overflowed resulting in corrupted memory and an immediate crash (CVE-2013-7100). In Asterisk before 11.6.1, external control protocols, such as the Asterisk Manager Interface, often have the ability to get and set channel variables, this allows the execution of dialplan functions. Reading the SHELL() function can execute arbitrary commands on the system Asterisk is running on. Writing to the FILE() function can change any file that Asterisk has write access to. When these functions are executed from an external protocol, that execution could result in a privilege escalation (AST-2013-007). In Asterisk before 11.8.1, sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request (CVE-2014-2286). In Asterisk before 11.8.1, an attacker can use all available file descriptors using SIP INVITE requests. Each INVITE meeting certain conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly (CVE-2014-2287). Affected Software/OS: 'asterisk' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-7100 BugTraq ID: 64364 http://www.securityfocus.com/bid/64364 Bugtraq: 20131216 AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message (Google Search) http://archives.neohapsis.com/archives/bugtraq/2013-12/0089.html Debian Security Information: DSA-2835 (Google Search) http://www.debian.org/security/2014/dsa-2835 http://www.mandriva.com/security/advisories?name=MDVSA-2013:300 http://osvdb.org/101100 http://www.securitytracker.com/id/1029499 http://secunia.com/advisories/56294 XForce ISS Database: asterisk-sms-message-dos(89825) https://exchange.xforce.ibmcloud.com/vulnerabilities/89825 Common Vulnerability Exposure (CVE) ID: CVE-2014-2286 BugTraq ID: 66093 http://www.securityfocus.com/bid/66093 http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:078 http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff Common Vulnerability Exposure (CVE) ID: CVE-2014-2287 BugTraq ID: 66094 http://www.securityfocus.com/bid/66094 http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |