 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.69530 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 15 FEDORA-2011-5835 (asterisk) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to asterisk announced via advisory FEDORA-2011-5835. Update Information: The Asterisk Development Team has announced security releases for Asterisk branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two issues: * File Descriptor Resource Exhaustion (AST-2011-005) * Asterisk Manager User Shell Access (AST-2011-006) The issues and resolutions are described in the AST-2011-005 and AST-2011-006 security advisories. For more information about the details of these vulnerabilities, please read the security advisories AST-2011-005 and AST-2011-006, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.40.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.25 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3 Security advisory AST-2011-005 and AST-2011-006 are available at: http://downloads.asterisk.org/pub/security/AST-2011-005.pdf http://downloads.asterisk.org/pub/security/AST-2011-006.pdf References: [ 1 ] Bug #698916 - CVE-2011-1507 Asterisk: file descriptor resource exhaustion (AST-2011-005) https://bugzilla.redhat.com/show_bug.cgi?id=698916 [ 2 ] Bug #698917 - CVE-2011-1599 Asterisk: Shell command execution via manager Originate action (AST-2011-006) https://bugzilla.redhat.com/show_bug.cgi?id=698917 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update asterisk' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2011-5835 Risk factor : Critical CVSS Score: 9.0 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-1507 Debian Security Information: DSA-2225 (Google Search) http://www.debian.org/security/2011/dsa-2225 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html http://securitytracker.com/id?1025432 http://secunia.com/advisories/44197 http://secunia.com/advisories/44529 http://www.vupen.com/english/advisories/2011/1086 http://www.vupen.com/english/advisories/2011/1107 http://www.vupen.com/english/advisories/2011/1188 Common Vulnerability Exposure (CVE) ID: CVE-2011-1599 1025433 http://securitytracker.com/id?1025433 44197 44529 47537 http://www.securityfocus.com/bid/47537 ADV-2011-1086 ADV-2011-1107 ADV-2011-1188 DSA-2225 FEDORA-2011-5835 FEDORA-2011-6208 [oss-security] 20110422 Re: CVE Request -- Asterisk Security Vulnerability http://openwall.com/lists/oss-security/2011/04/22/6 http://downloads.digium.com/pub/security/AST-2011-006.html |
| Copyright | Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |