Test ID:	1.3.6.1.4.1.25623.1.0.60813
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200804-13 (asterisk)
Summary:	The remote host is missing updates announced in;advisory GLSA 200804-13.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 200804-13. Vulnerability Insight: Multiple vulnerabilities have been found in Asterisk allowing for SQL injection, session hijacking and unauthorized usage. Solution: All Asterisk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.2.27' CVSS Score: 8.8 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6170 BugTraq ID: 26647 http://www.securityfocus.com/bid/26647 Bugtraq: 20071129 AST-2007-026 - SQL Injection issue in cdr_pgsql (Google Search) http://www.securityfocus.com/archive/1/484388/100/0/threaded Debian Security Information: DSA-1417 (Google Search) http://www.debian.org/security/2007/dsa-1417 http://security.gentoo.org/glsa/glsa-200804-13.xml http://securitytracker.com/id?1019020 http://secunia.com/advisories/27827 http://secunia.com/advisories/27892 http://secunia.com/advisories/29242 http://secunia.com/advisories/29782 SuSE Security Announcement: SUSE-SR:2008:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://www.vupen.com/english/advisories/2007/4056 XForce ISS Database: asterisk-cdrpqsql-sql-injection(38765) https://exchange.xforce.ibmcloud.com/vulnerabilities/38765 Common Vulnerability Exposure (CVE) ID: CVE-2007-6430 BugTraq ID: 26928 http://www.securityfocus.com/bid/26928 Bugtraq: 20071218 AST-2007-027 - Database matching order permits host-based authentication to be ignored (Google Search) http://www.securityfocus.com/archive/1/485287/100/0/threaded Debian Security Information: DSA-1525 (Google Search) http://www.debian.org/security/2008/dsa-1525 http://www.osvdb.org/39519 http://www.securitytracker.com/id?1019110 http://secunia.com/advisories/28149 http://secunia.com/advisories/29456 http://securityreason.com/securityalert/3467 http://www.vupen.com/english/advisories/2007/4260 XForce ISS Database: asterisk-registration-security-bypass(39124) https://exchange.xforce.ibmcloud.com/vulnerabilities/39124 Common Vulnerability Exposure (CVE) ID: CVE-2008-1332 BugTraq ID: 28310 http://www.securityfocus.com/bid/28310 Bugtraq: 20080318 AST-2008-003: Unauthenticated calls allowed from SIP channel driver (Google Search) http://www.securityfocus.com/archive/1/489818/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html http://securitytracker.com/id?1019629 http://secunia.com/advisories/29426 http://secunia.com/advisories/29470 http://secunia.com/advisories/29957 SuSE Security Announcement: SUSE-SR:2008:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://www.vupen.com/english/advisories/2008/0928 XForce ISS Database: asterisk-sip-security-bypass(41308) https://exchange.xforce.ibmcloud.com/vulnerabilities/41308
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.