Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-3964-1:27F1C
HistorySep 04, 2017 - 9:32 p.m.

[SECURITY] [DSA 3964-1] asterisk security update

2017-09-0421:32:18
lists.debian.org
13

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.961

Percentile

99.5%

JSON

Debian Security Advisory DSA-3964-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
September 04, 2017 https://www.debian.org/security/faq

Package : asterisk
CVE ID : CVE-2017-14099 CVE-2017-14100

Multiple vulnerabilities have been discovered in Asterisk, an open source
PBX and telephony toolkit, which may result in disclosure of RTP
connections or the execution of arbitrary shell commands.

For additional information please refer to the upstream advisories:
http://downloads.asterisk.org/pub/security/AST-2017-005.html
http://downloads.asterisk.org/pub/security/AST-2017-006.html

For the oldstable distribution (jessie), these problems have been fixed
in version 1:11.13.1~dfsg-2+deb8u3.

For the stable distribution (stretch), these problems have been fixed in
version 1:13.14.1~dfsg-2+deb9u1.

We recommend that you upgrade your asterisk packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9mipselasterisk-mobile-dbgsym< 1:13.14.1~dfsg-2+deb9u1asterisk-mobile-dbgsym_1:13.14.1~dfsg-2+deb9u1_mipsel.deb
Debian9amd64asterisk-mysql-dbgsym< 1:13.14.1~dfsg-2+deb9u1asterisk-mysql-dbgsym_1:13.14.1~dfsg-2+deb9u1_amd64.deb
Debian8armhfasterisk-dahdi< 1:11.13.1~dfsg-2+deb8u3asterisk-dahdi_1:11.13.1~dfsg-2+deb8u3_armhf.deb
Debian8mipselasterisk-vpb< 1:11.13.1~dfsg-2+deb8u3asterisk-vpb_1:11.13.1~dfsg-2+deb8u3_mipsel.deb
Debian8kfreebsd-i386asterisk< 1:11.13.1~dfsg-2+deb8u3asterisk_1:11.13.1~dfsg-2+deb8u3_kfreebsd-i386.deb
Debian9i386asterisk< 1:13.14.1~dfsg-2+deb9u1asterisk_1:13.14.1~dfsg-2+deb9u1_i386.deb
Debian9mipsasterisk-ooh323< 1:13.14.1~dfsg-2+deb9u1asterisk-ooh323_1:13.14.1~dfsg-2+deb9u1_mips.deb
Debian8kfreebsd-i386asterisk-mysql< 1:11.13.1~dfsg-2+deb8u3asterisk-mysql_1:11.13.1~dfsg-2+deb8u3_kfreebsd-i386.deb
Debian8amd64asterisk-dbg< 1:11.13.1~dfsg-2+deb8u3asterisk-dbg_1:11.13.1~dfsg-2+deb8u3_amd64.deb
Debian8armelasterisk-mobile< 1:11.13.1~dfsg-2+deb8u3asterisk-mobile_1:11.13.1~dfsg-2+deb8u3_armel.deb
Rows per page:
1-10 of 4141

Related

osv 4
openvas 4
freebsd 2
nessus 7
gentoo 1
cve 2
ubuntucve 2
debiancve 2
prion 2
debian 1
cvelist 2
checkpoint_advisories 2
nvd 2
osv
osv
asterisk - security update
2017-09-04 00:00:00
asterisk - security update
2017-10-05 00:00:00
CVE-2017-14100
2017-09-02 16:29:00
openvas
openvas
Debian: Security Advisory (DSA-3964-1)
2017-09-03 00:00:00
Asterisk Multiple Vulnerabilities (Aug 2017)
2017-09-01 00:00:00
Debian: Security Advisory (DLA-1122-1)
2018-02-06 00:00:00
freebsd
freebsd
asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm
2017-08-31 00:00:00
asterisk -- RTP/RTCP information leak
2017-09-01 00:00:00
nessus
nessus
FreeBSD : asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm (c599f95c-8ee5-11e7-8be8-001999f8d30b)
2017-09-05 00:00:00
Debian DSA-3964-1 : asterisk - security update
2017-09-05 00:00:00
Asterisk 11.x < 11.25.2 / 11.6 < 11.6-cert17 / 13.x < 13.17.1 / 14.x < 14.6.1 / 13.13 < 13.13-cert5 Multiple Vulnerabilities (AST-2017-005 - AST-2017-007)
2017-09-05 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2017-10-29 00:00:00
cve
cve
CVE-2017-14100
2017-09-02 16:29:00
CVE-2017-14099
2017-09-02 16:29:00
ubuntucve
ubuntucve
CVE-2017-14099
2017-09-02 00:00:00
CVE-2017-14100
2017-09-02 00:00:00
debiancve
debiancve
CVE-2017-14099
2017-09-02 16:29:00
CVE-2017-14100
2017-09-02 16:29:00
prion
prion
Design/Logic Flaw
2017-09-02 16:29:00
Command injection
2017-09-02 16:29:00
debian
debian
[SECURITY] [DLA 1122-1] asterisk security update
2017-10-05 13:03:23
cvelist
cvelist
CVE-2017-14100
2017-09-02 16:00:00
CVE-2017-14099
2017-09-02 16:00:00
checkpoint_advisories
checkpoint_advisories
Digium Asterisk app_minivm Caller-ID Command Execution (CVE-2017-14100)
2017-10-08 00:00:00
Digium Asterisk RTP Stack Information Disclosure (CVE-2017-14099)
2017-09-28 00:00:00
nvd
nvd
CVE-2017-14100
2017-09-02 16:29:00
CVE-2017-14099
2017-09-02 16:29:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.961

Percentile

99.5%

JSON
Related for DEBIAN:DSA-3964-1:27F1C
osv4openvas4freebsd2nessus7gentoo1cve2ubuntucve2debiancve2prion2debian1cvelist2checkpoint_advisories2nvd2