 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.67181 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 12 FEDORA-2010-3381 (asterisk) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to asterisk announced via advisory FEDORA-2010-3381. Update Information: Update to 1.6.1.17 * AST-2010-003: Invalid parsing of ACL rules can compromise security * AST-2010-002: This security release is intended to raise awareness of how it is possible to insert malicious strings into dialplans, and to advise developers to read the best practices documents so that they may easily avoid these dangers. * AST-2010-001: An attacker attempting to negotiate T.38 over SIP can remotely crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain either a negative or exceptionally large value. The same crash occurs when the FaxMaxDatagram field is omitted from the SDP as well. References: [ 1 ] Bug #561332 - CVE-2010-0441 Asterisk: Remote DoS via specially-crafted FaxMaxDatagram SDP packets (AST-2010-001) https://bugzilla.redhat.com/show_bug.cgi?id=561332 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update asterisk' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2010-3381 Risk factor : Medium CVSS Score: 5.0 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-4055 BugTraq ID: 37153 http://www.securityfocus.com/bid/37153 Bugtraq: 20091130 AST-2009-010: RTP Remote Crash Vulnerability (Google Search) http://www.securityfocus.com/archive/1/508147/100/0/threaded Debian Security Information: DSA-1952 (Google Search) http://www.debian.org/security/2009/dsa-1952 http://www.redhat.com/archives/fedora-package-announce/2009-December/msg00759.html http://www.osvdb.org/60569 http://securitytracker.com/id?1023249 http://secunia.com/advisories/37530 http://secunia.com/advisories/37677 http://secunia.com/advisories/37708 http://www.vupen.com/english/advisories/2009/3368 XForce ISS Database: asterisk-rtp-comfortnoise-dos(54471) https://exchange.xforce.ibmcloud.com/vulnerabilities/54471 Common Vulnerability Exposure (CVE) ID: CVE-2010-0441 BugTraq ID: 38047 http://www.securityfocus.com/bid/38047 Bugtraq: 20100202 AST-2010-001: T.38 Remote Crash Vulnerability (Google Search) http://www.securityfocus.com/archive/1/509327/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html http://securitytracker.com/id?1023532 http://secunia.com/advisories/38395 http://secunia.com/advisories/39096 http://www.vupen.com/english/advisories/2010/0289 |
| Copyright | Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |