Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0172)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2014.0172

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2014-0172)

Zusammenfassung: The remote host is missing an update for the 'asterisk' package(s) announced via the MGASA-2014-0172 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'asterisk' package(s) announced via the MGASA-2014-0172 advisory.

Vulnerability Insight:
Updated asterisk packages fix security vulnerabilities:

In Asterisk before 11.8.1, sending a HTTP request that is handled by Asterisk
with a large number of Cookie headers could overflow the stack. You could
even exhaust memory if you sent an unlimited number of headers in the request
(CVE-2014-2286).

In Asterisk before 11.8.1, an attacker can use all available file descriptors
using SIP INVITE requests. Each INVITE meeting certain conditions will leak a
channel and several file descriptors. The file descriptors cannot be released
without restarting Asterisk which may allow intrusion detection systems to be
bypassed by sending the requests slowly (CVE-2014-2287).

Affected Software/OS:
'asterisk' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-2286
BugTraq ID: 66093
http://www.securityfocus.com/bid/66093
http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html
http://www.mandriva.com/security/advisories?name=MDVSA-2014:078
http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff
Common Vulnerability Exposure (CVE) ID: CVE-2014-2287
BugTraq ID: 66094
http://www.securityfocus.com/bid/66094
http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0172
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0172)
Zusammenfassung:	The remote host is missing an update for the 'asterisk' package(s) announced via the MGASA-2014-0172 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'asterisk' package(s) announced via the MGASA-2014-0172 advisory. Vulnerability Insight: Updated asterisk packages fix security vulnerabilities: In Asterisk before 11.8.1, sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request (CVE-2014-2286). In Asterisk before 11.8.1, an attacker can use all available file descriptors using SIP INVITE requests. Each INVITE meeting certain conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly (CVE-2014-2287). Affected Software/OS: 'asterisk' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2286 BugTraq ID: 66093 http://www.securityfocus.com/bid/66093 http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:078 http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff Common Vulnerability Exposure (CVE) ID: CVE-2014-2287 BugTraq ID: 66094 http://www.securityfocus.com/bid/66094 http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff
Copyright	Copyright (C) 2022 Greenbone AG