Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.71471 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 2493-1 (asterisk) |
Zusammenfassung: | The remote host is missing an update to asterisk;announced via advisory DSA 2493-1. |
Beschreibung: | Summary: The remote host is missing an update to asterisk announced via advisory DSA 2493-1. Vulnerability Insight: Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit. CVE-2012-2947 The IAX2 channel driver allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold (when a certain mohinterpret setting is enabled). CVE-2012-2948 The Skinny channel driver allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode. In addition, it was discovered that Asterisk does not set the alwaysauthreject option by default in the SIP channel driver. This allows remote attackers to observe a difference in response behavior and check for the presence of account names. (CVE-2011-2666) System administrators concerned by this user enumerating vulnerability should enable the alwaysauthreject option in the configuration. We do not plan to change the default setting in the stable version (Asterisk 1.6) in order to preserve backwards compatibility. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6.2.9-2+squeeze6. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 1:1.8.13.0~ dfsg-1. Solution: We recommend that you upgrade your asterisk packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-2947 Bugtraq: 20120529 AST-2012-007: Remote crash vulnerability in IAX2 channel driver. (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html Debian Security Information: DSA-2493 (Google Search) http://www.debian.org/security/2012/dsa-2493 http://www.securitytracker.com/id?1027102 http://secunia.com/advisories/49303 Common Vulnerability Exposure (CVE) ID: CVE-2012-2948 BugTraq ID: 53723 http://www.securityfocus.com/bid/53723 Bugtraq: 20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html http://www.securitytracker.com/id?1027103 XForce ISS Database: asterisk-scd-dos(75937) https://exchange.xforce.ibmcloud.com/vulnerabilities/75937 Common Vulnerability Exposure (CVE) ID: CVE-2011-2666 XForce ISS Database: asterisk-sip-channel-info-disclosure(68472) https://exchange.xforce.ibmcloud.com/vulnerabilities/68472 |
Copyright | Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |