Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200704-01 (asterisk)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.58188

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200704-01 (asterisk)

Resumen: The remote host is missing updates announced in;advisory GLSA 200704-01.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200704-01.

Vulnerability Insight:
Asterisk is vulnerable to two Denial of Service issues in the SIP channel.

Solution:
All Asterisk users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose net-misc/asterisk

Note: Asterisk 1.0.x is no longer supported upstream so users should
consider upgrading to Asterisk 1.2.x.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-1561
BugTraq ID: 23031
http://www.securityfocus.com/bid/23031
Bugtraq: 20070321 Two new DoS Vulnerabilities in Asterisk Fixed (Google Search)
http://www.securityfocus.com/archive/1/463434/100/0/threaded
Debian Security Information: DSA-1358 (Google Search)
http://www.debian.org/security/2007/dsa-1358
http://marc.info/?l=full-disclosure&m=117432783011737&w=2
http://security.gentoo.org/glsa/glsa-200704-01.xml
http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html
http://www.osvdb.org/34479
http://www.securitytracker.com/id?1017794
http://secunia.com/advisories/24564
http://secunia.com/advisories/24719
http://secunia.com/advisories/25582
SuSE Security Announcement: SUSE-SA:2007:034 (Google Search)
http://www.novell.com/linux/security/advisories/2007_34_asterisk.html
http://www.vupen.com/english/advisories/2007/1039
XForce ISS Database: asterisk-sip-invite-dos(33068)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33068
Common Vulnerability Exposure (CVE) ID: CVE-2007-1594
BugTraq ID: 23093
http://www.securityfocus.com/bid/23093
http://bugs.digium.com/view.php?id=9313
http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907&r2=59038
http://www.securitytracker.com/id?1017809
http://secunia.com/advisories/24579
http://www.vupen.com/english/advisories/2007/1077

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.58188
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200704-01 (asterisk)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200704-01.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200704-01. Vulnerability Insight: Asterisk is vulnerable to two Denial of Service issues in the SIP channel. Solution: All Asterisk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose net-misc/asterisk Note: Asterisk 1.0.x is no longer supported upstream so users should consider upgrading to Asterisk 1.2.x. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1561 BugTraq ID: 23031 http://www.securityfocus.com/bid/23031 Bugtraq: 20070321 Two new DoS Vulnerabilities in Asterisk Fixed (Google Search) http://www.securityfocus.com/archive/1/463434/100/0/threaded Debian Security Information: DSA-1358 (Google Search) http://www.debian.org/security/2007/dsa-1358 http://marc.info/?l=full-disclosure&m=117432783011737&w=2 http://security.gentoo.org/glsa/glsa-200704-01.xml http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html http://www.osvdb.org/34479 http://www.securitytracker.com/id?1017794 http://secunia.com/advisories/24564 http://secunia.com/advisories/24719 http://secunia.com/advisories/25582 SuSE Security Announcement: SUSE-SA:2007:034 (Google Search) http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://www.vupen.com/english/advisories/2007/1039 XForce ISS Database: asterisk-sip-invite-dos(33068) https://exchange.xforce.ibmcloud.com/vulnerabilities/33068 Common Vulnerability Exposure (CVE) ID: CVE-2007-1594 BugTraq ID: 23093 http://www.securityfocus.com/bid/23093 http://bugs.digium.com/view.php?id=9313 http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907&r2=59038 http://www.securitytracker.com/id?1017809 http://secunia.com/advisories/24579 http://www.vupen.com/english/advisories/2007/1077
Copyright	Copyright (C) 2008 E-Soft Inc.