Lucene search
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2460.NASLHistoryApr 26, 2012 - 12:00 a.m.
Debian DSA-2460-1 : asterisk - several vulnerabilities
2012-04-2600:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.955
Percentile
99.4%
Several vulnerabilities were discovered in the Asterisk PBX and telephony toolkit :
-
CVE-2012-1183 Russell Bryant discovered a buffer overflow in the Milliwatt application.
-
CVE-2012-2414 David Woolley discovered a privilege escalation in the Asterisk manager interface.
-
CVE-2012-2415 Russell Bryant discovered a buffer overflow in the Skinny driver.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-2460. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(58880);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2012-1183", "CVE-2012-2414", "CVE-2012-2415");
script_bugtraq_id(52523, 53206, 53210);
script_xref(name:"DSA", value:"2460");
script_name(english:"Debian DSA-2460-1 : asterisk - several vulnerabilities");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Several vulnerabilities were discovered in the Asterisk PBX and
telephony toolkit :
- CVE-2012-1183
Russell Bryant discovered a buffer overflow in the
Milliwatt application.
- CVE-2012-2414
David Woolley discovered a privilege escalation in the
Asterisk manager interface.
- CVE-2012-2415
Russell Bryant discovered a buffer overflow in the
Skinny driver."
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2012-1183"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2012-2414"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2012-2415"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/squeeze/asterisk"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2012/dsa-2460"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the asterisk packages.
For the stable distribution (squeeze), this problem has been fixed in
version 1:1.6.2.9-2+squeeze5."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
script_set_attribute(attribute:"patch_publication_date", value:"2012/04/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/26");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"6.0", prefix:"asterisk", reference:"1:1.6.2.9-2+squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"asterisk-config", reference:"1:1.6.2.9-2+squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"asterisk-dbg", reference:"1:1.6.2.9-2+squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"asterisk-dev", reference:"1:1.6.2.9-2+squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"asterisk-doc", reference:"1:1.6.2.9-2+squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"asterisk-h323", reference:"1:1.6.2.9-2+squeeze5")) flag++;
if (deb_check(release:"6.0", prefix:"asterisk-sounds-main", reference:"1:1.6.2.9-2+squeeze5")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1183
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2414
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2415
packages.debian.org/source/squeeze/asterisk
security-tracker.debian.org/tracker/CVE-2012-1183
security-tracker.debian.org/tracker/CVE-2012-2414
security-tracker.debian.org/tracker/CVE-2012-2415
www.debian.org/security/2012/dsa-2460
Related
debian
debian
[SECURITY] [DSA 2460-1] asterisk security update
2012-04-25 16:06:40
osv
osv
asterisk - several
2012-04-25 00:00:00
openvas
openvas
Debian Security Advisory DSA 2460-1 (asterisk)
2012-04-30 00:00:00
Debian: Security Advisory (DSA-2460-1)
2012-04-30 00:00:00
Fedora Update for asterisk FEDORA-2012-6612
2012-05-04 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: asterisk-1.8.11.1-1.fc16
2012-05-03 22:53:54
[SECURITY] Fedora 17 Update: asterisk-10.3.1-1.fc17
2012-05-04 22:52:14
[SECURITY] Fedora 15 Update: asterisk-1.8.11.1-1.fc15
2012-05-04 20:29:45
nessus
nessus
Fedora 16 : asterisk-1.8.11.1-1.fc16 (2012-6612)
2012-05-04 00:00:00
Fedora 17 : asterisk-10.3.1-1.fc17 (2012-6704)
2012-05-07 00:00:00
Fedora 15 : asterisk-1.8.11.1-1.fc15 (2012-6724)
2012-05-07 00:00:00
freebsd
freebsd
asterisk -- multiple vulnerabilities
2012-04-23 00:00:00
checkpoint_advisories
checkpoint_advisories
Digium Asterisk Skinny Channel Driver Heap Buffer Overflow (CVE-2012-2415)
2012-08-27 00:00:00
Digium Asterisk Manager User Shell Command Execution - Ver2 (CVE-2012-2414)
2014-12-28 00:00:00
Digium Asterisk Manager User Shell Command Execution (CVE-2012-2414)
2012-09-04 00:00:00
nvd
nvd
prion
prion
ubuntucve
ubuntucve
debiancve
debiancve
cve
cve
cvelist
cvelist
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2012-06-21 00:00:00
Asterisk: Multiple vulnerabilities
2012-03-28 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.955
Percentile
99.4%
Related for DEBIAN_DSA-2460.NASL