Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0300)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0300

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0300)

Resumen: The remote host is missing an update for the 'asterisk' package(s) announced via the MGASA-2014-0300 advisory.

Descripción: Summary:
The remote host is missing an update for the 'asterisk' package(s) announced via the MGASA-2014-0300 advisory.

Vulnerability Insight:
Updated asterisk packages fix security vulnerabilities:

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and
Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated
Manager users to execute arbitrary shell commands via a MixMonitor
action (CVE-2014-4046).

Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and
12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6
and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of
service (connection consumption) via a large number of (1) inactive or
(2) incomplete HTTP connections (CVE-2014-4047).

Affected Software/OS:
'asterisk' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-4046
Bugtraq: 20140612 AST-2014-006: Asterisk Manager User Unauthorized Shell Access (Google Search)
http://www.securityfocus.com/archive/1/532419/100/0/threaded
http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-4047
Bugtraq: 20140612 AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections (Google Search)
http://www.securityfocus.com/archive/1/532415/100/0/threaded
http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0300
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0300)
Resumen:	The remote host is missing an update for the 'asterisk' package(s) announced via the MGASA-2014-0300 advisory.
Descripción:	Summary: The remote host is missing an update for the 'asterisk' package(s) announced via the MGASA-2014-0300 advisory. Vulnerability Insight: Updated asterisk packages fix security vulnerabilities: Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action (CVE-2014-4046). Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections (CVE-2014-4047). Affected Software/OS: 'asterisk' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4046 Bugtraq: 20140612 AST-2014-006: Asterisk Manager User Unauthorized Shell Access (Google Search) http://www.securityfocus.com/archive/1/532419/100/0/threaded http://packetstormsecurity.com/files/127088/Asterisk-Project-Security-Advisory-AST-2014-006.html Common Vulnerability Exposure (CVE) ID: CVE-2014-4047 Bugtraq: 20140612 AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections (Google Search) http://www.securityfocus.com/archive/1/532415/100/0/threaded http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html
Copyright	Copyright (C) 2022 Greenbone AG