Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DLA-455-1
HistoryMay 03, 2016 - 12:00 a.m.

asterisk - security update

2016-05-0300:00:00
Google
osv.dev
9

0.892 High

EPSS

Percentile

98.8%

JSON
  • CVE-2014-6610
    Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1
    and Certified Asterisk 11.6 before 11.6-cert6, when using the
    res_fax_spandsp module, allows remote authenticated users to
    cause a denial of service (crash) via an out of call message,
    which is not properly handled in the ReceiveFax dialplan
    application.
  • CVE-2014-4046
    Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1
    and Certified Asterisk 11.6 before 11.6-cert3 allows remote
    authenticated Manager users to execute arbitrary shell commands
    via a MixMonitor action.
  • CVE-2014-2286
    main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x
    before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk
    1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote
    attackers to cause a denial of service (stack consumption) and
    possibly execute arbitrary code via an HTTP request with a large
    number of Cookie headers.
  • CVE-2014-8412
    The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager
    Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1,
    11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1
    and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before
    11.6-cert8 allows remote attackers to bypass the ACL restrictions
    via a packet with a source IP that does not share the address family
    as the first ACL entry.
  • CVE-2014-8418
    The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32,
    11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and
    Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8
    allows remote authenticated users to gain privileges via a call from
    an external protocol, as demonstrated by the AMI protocol.
  • CVE-2015-3008
    Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x
    before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28
    before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before
    13.1-cert2, when registering a SIP TLS device, does not properly
    handle a null byte in a domain name in the subject’s Common Name (CN)
    field of an X.509 certificate, which allows man-in-the-middle attackers
    to spoof arbitrary SSL servers via a crafted certificate issued by a
    legitimate Certification Authority.

For Debian 7 Wheezy, these issues have been fixed in asterisk version 1:1.8.13.1~dfsg1-3+deb7u4

Related

nessus 22
openvas 18
debian 2
freebsd 4
cve 6
nvd 6
ubuntucve 6
debiancve 6
mageia 5
cvelist 6
gentoo 4
prion 6
securityvulns 6
checkpoint_advisories 2
seebug 1
fedora 3
nessus
nessus
Debian DLA-455-1 : asterisk security update
2016-05-04 00:00:00
Asterisk Multiple Vulnerabilities (AST-2014-012 / AST-2014-018)
2014-11-25 00:00:00
FreeBSD : asterisk -- Multiple vulnerabilities (a92ed304-716c-11e4-b008-001999f8d30b)
2014-11-24 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-455-1)
2023-03-08 00:00:00
Asterisk TLS Certificate Common Name NULL Byte Vulnerability (AST-2015-003)
2016-08-08 00:00:00
Gentoo Security Advisory GLSA 201412-51
2015-09-29 00:00:00
debian
debian
[SECURITY] [DLA 455-1] asterisk security update
2016-05-03 20:31:18
[SECURITY] [DSA 3700-1] asterisk security update
2016-10-25 20:48:34
freebsd
freebsd
asterisk -- Multiple vulnerabilities
2014-11-21 00:00:00
asterisk -- TLS Certificate Common name NULL byte exploit
2015-04-04 00:00:00
asterisk -- multiple vulnerabilities
2014-06-12 00:00:00
cve
cve
CVE-2014-8418
2014-11-24 15:59:10
CVE-2015-3008
2015-04-10 15:00:10
CVE-2014-2286
2014-04-18 22:14:37
nvd
nvd
CVE-2014-8418
2014-11-24 15:59:10
CVE-2015-3008
2015-04-10 15:00:10
CVE-2014-6610
2014-11-26 15:59:02
ubuntucve
ubuntucve
CVE-2014-8418
2014-11-24 00:00:00
CVE-2015-3008
2015-04-10 00:00:00
CVE-2014-6610
2014-11-26 00:00:00
debiancve
debiancve
CVE-2014-8418
2014-11-24 15:59:10
CVE-2015-3008
2015-04-10 15:00:10
CVE-2014-6610
2014-11-26 15:59:02
mageia
mageia
Updated asterisk packages fix CVE-2015-3008
2015-04-15 12:01:28
Updated asterisk packages fix security vulnerabilities
2014-04-15 22:22:45
Updated asterisk packages fix CVE-2014-6610 and mitigate POODLE
2014-11-26 20:29:06
cvelist
cvelist
CVE-2015-3008
2015-04-10 14:00:00
CVE-2014-8418
2014-11-24 15:00:00
CVE-2014-2286
2014-04-18 19:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2014-12-28 00:00:00
Asterisk: Multiple Vulnerabilities
2014-11-23 00:00:00
Asterisk: Multiple vulnerabilities
2014-06-25 00:00:00
prion
prion
Design/Logic Flaw
2015-04-10 15:00:00
Code injection
2014-11-26 15:59:00
Design/Logic Flaw
2014-11-24 15:59:00
securityvulns
securityvulns
Asterisk certificate validation bypass
2015-04-13 00:00:00
AST-2015-003: TLS Certificate Common name NULL byte exploit
2015-04-13 00:00:00
AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.
2014-03-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Digium Asterisk Cookie Stack Overflow (CVE-2014-2286)
2014-04-13 00:00:00
Multiple Vendors TLS Certificate Common Name NULL Byte Input Validation Error (CVE-2015-3008; CVE-2015-3455)
2015-05-21 00:00:00
seebug
seebug
Asteriskη‰ΉεˆΆHTTP Cookieε€„η†ζ‹’η»ζœεŠ‘ζΌζ΄ž
2014-03-13 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: asterisk-13.3.2-1.fc22
2015-07-21 08:17:44
[SECURITY] Fedora 19 Update: asterisk-11.8.1-1.fc19
2014-03-21 09:29:33
[SECURITY] Fedora 20 Update: asterisk-11.8.1-1.fc20
2014-03-21 09:36:05

0.892 High

EPSS

Percentile

98.8%

JSON
Related for OSV:DLA-455-1
nessus22openvas18debian2freebsd4cve6nvd6ubuntucve6debiancve6mageia5cvelist6gentoo4prion6securityvulns6checkpoint_advisories2seebug1fedora3