Detections
Analytics

Debian dla-3696 : asterisk - security update

critical Nessus Plugin ID 214468

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3696 advisory.

 ------------------------------------------------------------------------- Debian LTS Advisory DLA-3696-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 28, 2023 https://wiki.debian.org/LTS
 -------------------------------------------------------------------------

 Package : asterisk Version : 1:16.28.0~dfsg-0+deb10u4 CVE ID : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786 Debian Bug : 1059303 1059032 1059033

 Multiple security vulnerabilities have been discovered in Asterisk, an Open Source Private Branch Exchange.

 CVE-2023-37457

 The 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur.

 CVE-2023-38703

 PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce a use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerabilitys impact may range from unexpected application termination to control flow hijack/memory corruption.

 CVE-2023-49294

 It is possible to read any arbitrary file even when the `live_dangerously` option is not enabled.

 CVE-2023-49786

 Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP.

 For Debian 10 buster, these problems have been fixed in version 1:16.28.0~dfsg-0+deb10u4.

 We recommend that you upgrade your asterisk packages.

 For the detailed security status of asterisk please refer to its security tracker page at:
 https://security-tracker.debian.org/tracker/asterisk

 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Attachment:
 signature.asc Description: This is a digitally signed message part

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the asterisk packages.

See Also

https://security-tracker.debian.org/tracker/source-package/asterisk

https://packages.debian.org/source/buster/asterisk

https://security-tracker.debian.org/tracker/CVE-2023-37457

https://security-tracker.debian.org/tracker/CVE-2023-38703

https://security-tracker.debian.org/tracker/CVE-2023-49294

https://security-tracker.debian.org/tracker/CVE-2023-49786

Plugin Details

Severity: Critical

ID: 214468

File Name: debian_DLA-3696.nasl

Version: 1.1

Type: local

Agent: unix

Published: 1/22/2025

Updated: 1/22/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-38703

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:asterisk, p-cpe:/a:debian:debian_linux:asterisk-config, p-cpe:/a:debian:debian_linux:asterisk-dahdi, p-cpe:/a:debian:debian_linux:asterisk-dev, p-cpe:/a:debian:debian_linux:asterisk-doc, p-cpe:/a:debian:debian_linux:asterisk-mobile, p-cpe:/a:debian:debian_linux:asterisk-modules, p-cpe:/a:debian:debian_linux:asterisk-mp3, p-cpe:/a:debian:debian_linux:asterisk-mysql, p-cpe:/a:debian:debian_linux:asterisk-ooh323, p-cpe:/a:debian:debian_linux:asterisk-voicemail, p-cpe:/a:debian:debian_linux:asterisk-voicemail-imapstorage, p-cpe:/a:debian:debian_linux:asterisk-voicemail-odbcstorage, p-cpe:/a:debian:debian_linux:asterisk-vpb, p-cpe:/a:debian:debian_linux:asterisk-tests

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/28/2023

Vulnerability Publication Date: 10/6/2023

Reference Information

CVE: CVE-2023-37457, CVE-2023-38703, CVE-2023-49294, CVE-2023-49786