FreeBSD : asterisk -- multiple vulnerabilities (0c39bafc-6771-11e3-868f-0025905a4771)

medium Nessus Plugin ID 71506

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Asterisk project reports :

A 16 bit SMS message that contains an odd message length value will cause the message decoding loop to run forever. The message buffer is not on the stack but will be overflowed resulting in corrupted memory and an immediate crash.

External control protocols, such as the Asterisk Manager Interface, often have the ability to get and set channel variables; this allows the execution of dialplan functions. Dialplan functions within Asterisk are incredibly powerful, which is wonderful for building applications using Asterisk. But during the read or write execution, certain diaplan functions do much more. For example, reading the SHELL() function can execute arbitrary commands on the system Asterisk is running on. Writing to the FILE() function can change any file that Asterisk has write access to. When these functions are executed from an external protocol, that execution could result in a privilege escalation.

Solution

Update the affected packages.

See Also

http://downloads.asterisk.org/pub/security/AST-2013-006.pdf

http://downloads.asterisk.org/pub/security/AST-2013-007.pdf

https://www.asterisk.org/downloads/security-advisories

http://www.nessus.org/u?f6d7329d

Plugin Details

Severity: Medium

ID: 71506

File Name: freebsd_pkg_0c39bafc677111e3868f0025905a4771.nasl

Version: 1.6

Type: local

Published: 12/18/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:asterisk10, p-cpe:/a:freebsd:freebsd:asterisk11, p-cpe:/a:freebsd:freebsd:asterisk18, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/17/2013

Vulnerability Publication Date: 12/16/2013

Reference Information

CVE: CVE-2013-7100