The remote host is affected by the vulnerability described in GLSA-201206-05 (Asterisk: Multiple vulnerabilities)

    Multiple vulnerabilities have been found in Asterisk:
      An error in manager.c allows shell access through the MixMonitor         application, GetVar, or Status (CVE-2012-2414).
      An error in chan_skinny.c could cause a heap-based buffer overflow         (CVE-2012-2415).
      An error in chan_sip.c prevents Asterisk from checking if a channel         exists before connected line updates (CVE-2012-2416).
      An error in chan_iax2.c may cause an invalid pointer to be called         (CVE-2012-2947).
      chan_skinny.c contains a NULL pointer dereference (CVE-2012-2948).
  Impact :

    A remote attacker could execute arbitrary code with the privileges of       the process or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Several vulnerabilities were discovered in the Asterisk PBX and telephony toolkit :

  - CVE-2012-1183     Russell Bryant discovered a buffer overflow in the     Milliwatt application.

  - CVE-2012-2414     David Woolley discovered a privilege escalation in the     Asterisk manager interface.

  - CVE-2012-2415     Russell Bryant discovered a buffer overflow in the     Skinny driver.

The Asterisk Development Team has announced security releases for Asterisk 1.6.2, 1.8, and 10. The available security releases are released as versions 1.6.2.24, 1.8.11.1, and 10.3.1.

These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.6.2.24, 1.8.11.1, and 10.3.1 resolve the following two issues :

  - A permission escalation vulnerability in Asterisk     Manager Interface. This would potentially allow remote     authenticated users the ability to execute commands on     the system shell with the privileges of the user running     the Asterisk application.

  - A heap overflow vulnerability in the Skinny Channel     driver. The keypad button message event failed to check     the length of a fixed length buffer before appending a     received digit to the end of that buffer. A remote     authenticated user could send sufficient keypad button     message events that the buffer would be overrun.

In addition, the release of Asterisk 1.8.11.1 and 10.3.1 resolve the following issue :

  - A remote crash vulnerability in the SIP channel driver     when processing UPDATE requests. If a SIP UPDATE request     was received indicating a connected line update after a     channel was terminated but before the final destruction     of the associated SIP dialog, Asterisk would attempt a     connected line update on a non-existing channel, causing     a crash.

These issues and their resolution are described in the security advisories.

For more information about the details of these vulnerabilities, please read security advisories AST-2012-004, AST-2012-005, and AST-2012-006, which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs :

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.6.2.24 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8.11.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-10.3.1

The security advisories are available at :

  -     http://downloads.asterisk.org/pub/security/AST-2012-004.
    pdf

    -       http://downloads.asterisk.org/pub/security/AST-2012-00       5.pdf

    -       http://downloads.asterisk.org/pub/security/AST-2012-00       6.pdf

Update to 1.8.11.0 Update to 1.8.10.1, which fixes 2 security vulnerabilities.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Asterisk project reports :

Remote Crash Vulnerability in SIP Channel Driver

Heap Buffer Overflow in Skinny Channel Driver

Asterisk Manager User Unauthorized Shell Access

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server, or possibly inject arbitrary code by sending repeated KEYPAD_BUTTON_MESSAGE events over a Skinny channel to overflow a buffer.

The Asterisk Development Team has announced security releases for Asterisk 1.6.2, 1.8, and 10. The available security releases are released as versions 1.6.2.24, 1.8.11.1, and 10.3.1.

These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.6.2.24, 1.8.11.1, and 10.3.1 resolve the following two issues :

  - A permission escalation vulnerability in Asterisk     Manager Interface. This would potentially allow remote     authenticated users the ability to execute commands on     the system shell with the privileges of the user running     the Asterisk application.

  - A heap overflow vulnerability in the Skinny Channel     driver. The keypad button message event failed to check     the length of a fixed length buffer before appending a     received digit to the end of that buffer. A remote     authenticated user could send sufficient keypad button     message events that the buffer would be overrun.

In addition, the release of Asterisk 1.8.11.1 and 10.3.1 resolve the following issue :

  - A remote crash vulnerability in the SIP channel driver     when processing UPDATE requests. If a SIP UPDATE request     was received indicating a connected line update after a     channel was terminated but before the final destruction     of the associated SIP dialog, Asterisk would attempt a     connected line update on a non-existing channel, causing     a crash.

These issues and their resolution are described in the security advisories.

For more information about the details of these vulnerabilities, please read security advisories AST-2012-004, AST-2012-005, and AST-2012-006, which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs :

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.6.2.24 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8.11.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-10.3.1

The security advisories are available at :

  -     http://downloads.asterisk.org/pub/security/AST-2012-004.
    pdf

    -       http://downloads.asterisk.org/pub/security/AST-2012-00       5.pdf

    -       http://downloads.asterisk.org/pub/security/AST-2012-00       6.pdf

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Published	Updated	Severity
59633	GLSA-201206-05 : Asterisk: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	6/21/2012	1/6/2021	medium
58880	Debian DSA-2460-1 : asterisk - several vulnerabilities	Nessus	Debian Local Security Checks	4/26/2012	1/11/2021	medium
58981	Fedora 16 : asterisk-1.8.11.1-1.fc16 (2012-6612)	Nessus	Fedora Local Security Checks	5/4/2012	1/11/2021	high
58837	FreeBSD : asterisk -- multiple vulnerabilities (1c5abbe2-8d7f-11e1-a374-14dae9ebcf89)	Nessus	FreeBSD Local Security Checks	4/24/2012	1/6/2021	medium
58905	Asterisk Heap-Based Buffer Overflow in Skinny Channel Driver (AST-2012-005)	Nessus	Misc.	4/27/2012	4/11/2022	high
59002	Fedora 17 : asterisk-10.3.1-1.fc17 (2012-6704)	Nessus	Fedora Local Security Checks	5/7/2012	1/11/2021	high
59003	Fedora 15 : asterisk-1.8.11.1-1.fc15 (2012-6724)	Nessus	Fedora Local Security Checks	5/7/2012	1/11/2021	medium

Detections

Analytics

Plugins Search

medium

medium

high

medium

high

high

medium