FreeBSD Local Security Checks : FreeBSD Ports: asterisk14

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.69996

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: asterisk14

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

asterisk14
asterisk16
asterisk18

CVE-2011-2529
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x
before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle
'\0' characters in SIP packets, which allows remote attackers to cause
a denial of service (memory corruption) or possibly have unspecified
other impact via a crafted packet.

CVE-2011-2535
chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x
before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3,
and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory
address contained in an option control frame, which allows remote
attackers to cause a denial of service (daemon crash) or possibly have
unspecified other impact via a crafted frame.

CVE-2011-2536
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x
before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4,
and Asterisk Business Edition C.3.x before C.3.7.3, disregards the
alwaysauthreject option and generates different responses for invalid
SIP requests depending on whether the user account exists, which
allows remote attackers to enumerate account names via a series of
requests.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2529
BugTraq ID: 48431
http://www.securityfocus.com/bid/48431
Debian Security Information: DSA-2276 (Google Search)
http://www.debian.org/security/2011/dsa-2276
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html
http://www.osvdb.org/73307
http://securitytracker.com/id?1025706
http://secunia.com/advisories/45048
http://secunia.com/advisories/45201
http://secunia.com/advisories/45239
XForce ISS Database: asterisk-sipsockread-dos(68203)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68203
Common Vulnerability Exposure (CVE) ID: CVE-2011-2535
http://www.osvdb.org/73309
http://securitytracker.com/id?1025708
http://secunia.com/advisories/44973
XForce ISS Database: asterisk-iax2channeldriver-dos(68205)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68205
Common Vulnerability Exposure (CVE) ID: CVE-2011-2536
http://www.securitytracker.com/id?1025734

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.69996
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: asterisk14
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: asterisk14 asterisk16 asterisk18 CVE-2011-2529 chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet. CVE-2011-2535 chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. CVE-2011-2536 chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2529 BugTraq ID: 48431 http://www.securityfocus.com/bid/48431 Debian Security Information: DSA-2276 (Google Search) http://www.debian.org/security/2011/dsa-2276 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html http://www.osvdb.org/73307 http://securitytracker.com/id?1025706 http://secunia.com/advisories/45048 http://secunia.com/advisories/45201 http://secunia.com/advisories/45239 XForce ISS Database: asterisk-sipsockread-dos(68203) https://exchange.xforce.ibmcloud.com/vulnerabilities/68203 Common Vulnerability Exposure (CVE) ID: CVE-2011-2535 http://www.osvdb.org/73309 http://securitytracker.com/id?1025708 http://secunia.com/advisories/44973 XForce ISS Database: asterisk-iax2channeldriver-dos(68205) https://exchange.xforce.ibmcloud.com/vulnerabilities/68205 Common Vulnerability Exposure (CVE) ID: CVE-2011-2536 http://www.securitytracker.com/id?1025734
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com