Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0300)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2014.0300

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2014-0300)

Zusammenfassung: The remote host is missing an update for the 'asterisk' package(s) announced via the MGASA-2014-0300 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'asterisk' package(s) announced via the MGASA-2014-0300 advisory.

Vulnerability Insight:
Updated asterisk packages fix security vulnerabilities:

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and
Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated
Manager users to execute arbitrary shell commands via a MixMonitor
action (CVE-2014-4046).

Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and
12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6
and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of
service (connection consumption) via a large number of (1) inactive or
(2) incomplete HTTP connections (CVE-2014-4047).

Affected Software/OS:
'asterisk' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-4046
Bugtraq: 20140612 AST-2014-006: Asterisk Manager User Unauthorized Shell Access (Google Search)
http://www.securityfocus.com/archive/1/532419/100/0/threaded
http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-4047
Bugtraq: 20140612 AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections (Google Search)
http://www.securityfocus.com/archive/1/532415/100/0/threaded
http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0300
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0300)
Zusammenfassung:	The remote host is missing an update for the 'asterisk' package(s) announced via the MGASA-2014-0300 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'asterisk' package(s) announced via the MGASA-2014-0300 advisory. Vulnerability Insight: Updated asterisk packages fix security vulnerabilities: Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action (CVE-2014-4046). Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections (CVE-2014-4047). Affected Software/OS: 'asterisk' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4046 Bugtraq: 20140612 AST-2014-006: Asterisk Manager User Unauthorized Shell Access (Google Search) http://www.securityfocus.com/archive/1/532419/100/0/threaded http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html Common Vulnerability Exposure (CVE) ID: CVE-2014-4047 Bugtraq: 20140612 AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections (Google Search) http://www.securityfocus.com/archive/1/532415/100/0/threaded http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html
Copyright	Copyright (C) 2022 Greenbone AG