Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200905-01 (asterisk)

Vulnerability Search		Search 219043 CVE descriptions and 99761 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.63940
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200905-01 (asterisk)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory GLSA 200905-01. Multiple vulnerabilities have been found in Asterisk allowing for Denial of Service and username disclosure. Solution: All Asterisk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.2.32' https://secure1.securityspace.com/smysecure/catid.html?in=GLSA%20200905-01 http://bugs.gentoo.org/show_bug.cgi?id=218966 http://bugs.gentoo.org/show_bug.cgi?id=224835 http://bugs.gentoo.org/show_bug.cgi?id=232696 http://bugs.gentoo.org/show_bug.cgi?id=232698 http://bugs.gentoo.org/show_bug.cgi?id=237476 http://bugs.gentoo.org/show_bug.cgi?id=250748 http://bugs.gentoo.org/show_bug.cgi?id=254304 CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1897 BugTraq ID: 28901 http://www.securityfocus.com/bid/28901 Bugtraq: 20080422 AST-2008-006 - 3-way handshake in IAX2 incomplete (Google Search) http://www.securityfocus.com/archive/1/491220/100/0/threaded Debian Security Information: DSA-1563 (Google Search) http://www.debian.org/security/2008/dsa-1563 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00600.html http://security.gentoo.org/glsa/glsa-200905-01.xml http://www.altsci.com/concepts/page.php?s=asteri&p=2 http://www.securitytracker.com/id?1019918 http://secunia.com/advisories/29927 http://secunia.com/advisories/30010 http://secunia.com/advisories/30042 http://secunia.com/advisories/34982 http://www.vupen.com/english/advisories/2008/1324 XForce ISS Database: asterisk-iax2protocol-ack-dos(41966) https://exchange.xforce.ibmcloud.com/vulnerabilities/41966 Common Vulnerability Exposure (CVE) ID: CVE-2008-2119 Bugtraq: 20080603 AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode (Google Search) http://www.securityfocus.com/archive/1/493020/100/0/threaded https://www.exploit-db.com/exploits/5749 http://www.securitytracker.com/id?1020166 http://secunia.com/advisories/30517 http://www.vupen.com/english/advisories/2008/1731 XForce ISS Database: asterisk-asturidecode-dos(42823) https://exchange.xforce.ibmcloud.com/vulnerabilities/42823 Common Vulnerability Exposure (CVE) ID: CVE-2008-3263 BugTraq ID: 30321 http://www.securityfocus.com/bid/30321 Bugtraq: 20080722 AST-2008-010: Asterisk IAX 'POKE' resource exhaustion (Google Search) http://www.securityfocus.com/archive/1/494675/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00839.html http://downloads.securityfocus.com/vulnerabilities/exploits/30321.pl http://www.securitytracker.com/id?1020535 http://secunia.com/advisories/31178 http://secunia.com/advisories/31194 http://www.vupen.com/english/advisories/2008/2168/references XForce ISS Database: asterisk-poke-dos(43942) https://exchange.xforce.ibmcloud.com/vulnerabilities/43942 Common Vulnerability Exposure (CVE) ID: CVE-2008-3264 BugTraq ID: 30350 http://www.securityfocus.com/bid/30350 Bugtraq: 20080722 AST-2008-011: Traffic amplification in IAX2 firmware provisioning system (Google Search) http://www.securityfocus.com/archive/1/494676/100/0/threaded http://www.securitytracker.com/id?1020536 XForce ISS Database: asterisk-downloadprotocol-dos(43955) https://exchange.xforce.ibmcloud.com/vulnerabilities/43955 Common Vulnerability Exposure (CVE) ID: CVE-2008-3903 BugTraq ID: 34353 http://www.securityfocus.com/bid/34353 Debian Security Information: DSA-1952 (Google Search) http://www.debian.org/security/2009/dsa-1952 http://misel.com/?p=52 http://secunia.com/advisories/37677 http://www.vupen.com/english/advisories/2009/0933 XForce ISS Database: asterisk-username-info-disclosure(45059) https://exchange.xforce.ibmcloud.com/vulnerabilities/45059 Common Vulnerability Exposure (CVE) ID: CVE-2008-5558 BugTraq ID: 32773 http://www.securityfocus.com/bid/32773 Bugtraq: 20081210 AST-2008-012: Remote crash vulnerability in IAX2 (Google Search) http://www.securityfocus.com/archive/1/499117/100/0/threaded http://osvdb.org/50675 http://www.securitytracker.com/id?1021378 http://secunia.com/advisories/32956 http://securityreason.com/securityalert/4769 http://www.vupen.com/english/advisories/2008/3403 Common Vulnerability Exposure (CVE) ID: CVE-2009-0041 BugTraq ID: 33174 http://www.securityfocus.com/bid/33174 Bugtraq: 20090108 AST-2009-001: Information leak in IAX2 authentication (Google Search) http://www.securityfocus.com/archive/1/499884/100/0/threaded http://www.securitytracker.com/id?1021549 http://secunia.com/advisories/33453 http://securityreason.com/securityalert/4910 http://www.vupen.com/english/advisories/2009/0063
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com