English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.69407
Category:Fedora Local Security Checks
Title:Fedora Core 14 FEDORA-2011-3942 (asterisk)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to asterisk
announced via advisory FEDORA-2011-3942.

Update Information:

The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.24, 1.6.2.17.2, and 1.8.3.2.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
** This is a re-release of Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 which
contained a bug which caused duplicate manager entries (issue #18987).
The releases of Asterisk 1.6.1.24, 1.6.2.17.2, and 1.8.3.2 resolve two issues:
* Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
* Remote crash vulnerability in TCP/TLS server (AST-2011-004)
The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.24
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.2
Security advisory AST-2011-003 and AST-2011-004 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

References:

[ 1 ] Bug #688675 - CVE-2011-1174 asterisk: resource exhaustion in Asterisk Manager Interface (AST-2011-003)
https://bugzilla.redhat.com/show_bug.cgi?id=688675
[ 2 ] Bug #688678 - CVE-2011-1175 asterisk: DoS in TCP/TLS server due to NULL ptr deref (AST-2011-004)
https://bugzilla.redhat.com/show_bug.cgi?id=688678

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update asterisk' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2011-3942

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1174
1025223
http://securitytracker.com/id?1025223
46897
http://www.securityfocus.com/bid/46897
ADV-2011-0686
http://www.vupen.com/english/advisories/2011/0686
ADV-2011-0790
http://www.vupen.com/english/advisories/2011/0790
DSA-2225
http://www.debian.org/security/2011/dsa-2225
FEDORA-2011-3942
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057163.html
FEDORA-2011-3945
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057156.html
FEDORA-2011-3958
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056945.html
[oss-security] 20110317 CVE request for Asterisk flaws
http://openwall.com/lists/oss-security/2011/03/17/5
[oss-security] 20110321 Re: CVE request for Asterisk flaws
http://openwall.com/lists/oss-security/2011/03/21/12
asterisk-writes-dos(66139)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66139
http://downloads.asterisk.org/pub/security/AST-2011-003.html
https://bugzilla.redhat.com/show_bug.cgi?id=688675
Common Vulnerability Exposure (CVE) ID: CVE-2011-1175
1025224
http://securitytracker.com/id?1025224
46898
http://www.securityfocus.com/bid/46898
asterisk-handletcptlsconnection-dos(66140)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66140
http://downloads.asterisk.org/pub/security/AST-2011-004.html
https://bugzilla.redhat.com/show_bug.cgi?id=688678
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.