Vulnerabilities > CVE-2008-3263 - Resource Management Errors vulnerability in Asterisk

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
asterisk
CWE-399
nessus
exploit available

Summary

The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.

Vulnerable Configurations

Part Description Count
Application
Asterisk
108

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionAsterisk 1.6 IAX 'POKE' Requests Remote Denial of Service Vulnerability. CVE-2008-3263,CVE-47253. Dos exploit for linux platform
idEDB-ID:32095
last seen2016-02-03
modified2008-07-21
published2008-07-21
reporterBlake Cornell
sourcehttps://www.exploit-db.com/download/32095/
titleAsterisk <= 1.6 IAX 'POKE' Requests Remote Denial of Service Vulnerability

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-6676.NASL
    descriptionUpdate to 1.4.21.2 to fix CVE-2008-3263 / AST-2008-010 and CVE-2008-3264 / AST-2008-011. AST-2008-010: Asterisk IAX
    last seen2020-06-01
    modified2020-06-02
    plugin id33569
    published2008-07-24
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33569
    titleFedora 8 : asterisk-1.4.21.2-1.fc8 (2008-6676)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2008-6676.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33569);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:28");
    
      script_cve_id("CVE-2008-3263", "CVE-2008-3264");
      script_xref(name:"FEDORA", value:"2008-6676");
    
      script_name(english:"Fedora 8 : asterisk-1.4.21.2-1.fc8 (2008-6676)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 1.4.21.2 to fix CVE-2008-3263 / AST-2008-010 and
    CVE-2008-3264 / AST-2008-011. AST-2008-010: Asterisk IAX 'POKE'
    resource exhaustion -
    http://downloads.digium.com/pub/security/AST-2008-010.html
    AST-2008-011: Traffic amplification in IAX2 firmware provisioning
    system - http://downloads.digium.com/pub/security/AST-2008-011.html
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://downloads.digium.com/pub/security/AST-2008-010.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://downloads.digium.com/pub/security/AST-2008-010.html"
      );
      # http://downloads.digium.com/pub/security/AST-2008-011.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://downloads.digium.com/pub/security/AST-2008-011.html"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-July/012719.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?36e87fce"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected asterisk package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_cwe_id(287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/07/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC8", reference:"asterisk-1.4.21.2-1.fc8")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "asterisk");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-6853.NASL
    descriptionSecurity fixes for CVE-2008-3263 / AST-2008-010 and CVE-2008-3264 / AST-2008-011: AST-2008-010: Asterisk IAX
    last seen2020-06-01
    modified2020-06-02
    plugin id33768
    published2008-07-31
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33768
    titleFedora 9 : asterisk-1.6.0-0.19.beta9.fc9 (2008-6853)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2008-6853.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33768);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:28");
    
      script_xref(name:"FEDORA", value:"2008-6853");
    
      script_name(english:"Fedora 9 : asterisk-1.6.0-0.19.beta9.fc9 (2008-6853)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security fixes for CVE-2008-3263 / AST-2008-010 and CVE-2008-3264 /
    AST-2008-011: AST-2008-010: Asterisk IAX 'POKE' resource exhaustion -
    http://downloads.digium.com/pub/security/AST-2008-010.html
    AST-2008-011: Traffic amplification in IAX2 firmware provisioning
    system - http://downloads.digium.com/pub/security/AST-2008-011.html
    Bugfixes: - Add patch SVN patch for asterisk crash when used with LDAP
    backend (#442011)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://downloads.digium.com/pub/security/AST-2008-010.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://downloads.digium.com/pub/security/AST-2008-010.html"
      );
      # http://downloads.digium.com/pub/security/AST-2008-011.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://downloads.digium.com/pub/security/AST-2008-011.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=442011"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-July/013178.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?43fe37e3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected asterisk package."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/07/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC9", reference:"asterisk-1.6.0-0.19.beta9.fc9")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "asterisk");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200905-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200905-01 (Asterisk: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IAX2 channel driver when performing the 3-way handshake (CVE-2008-1897), when handling a large number of POKE requests (CVE-2008-3263), when handling authentication attempts (CVE-2008-5558) and when handling firmware download (FWDOWNL) requests (CVE-2008-3264). Asterisk does also not correctly handle SIP INVITE messages that lack a
    last seen2020-06-01
    modified2020-06-02
    plugin id38677
    published2009-05-04
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38677
    titleGLSA-200905-01 : Asterisk: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200905-01.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(38677);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:45");
    
      script_cve_id("CVE-2008-1897", "CVE-2008-2119", "CVE-2008-3263", "CVE-2008-3264", "CVE-2008-3903", "CVE-2008-5558", "CVE-2009-0041");
      script_bugtraq_id(28901, 33174);
      script_xref(name:"GLSA", value:"200905-01");
    
      script_name(english:"GLSA-200905-01 : Asterisk: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200905-01
    (Asterisk: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in the IAX2 channel
        driver when performing the 3-way handshake (CVE-2008-1897), when
        handling a large number of POKE requests (CVE-2008-3263), when handling
        authentication attempts (CVE-2008-5558) and when handling firmware
        download (FWDOWNL) requests (CVE-2008-3264). Asterisk does also not
        correctly handle SIP INVITE messages that lack a 'From' header
        (CVE-2008-2119), and responds differently to a failed login attempt
        depending on whether the user account exists (CVE-2008-3903,
        CVE-2009-0041).
      
    Impact :
    
        Remote unauthenticated attackers could send specially crafted data to
        Asterisk, possibly resulting in a Denial of Service via a daemon crash,
        call-number exhaustion, CPU or traffic consumption. Remote
        unauthenticated attackers could furthermore enumerate valid usernames
        to facilitate brute-force login attempts.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200905-01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Asterisk users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.2.32'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 200, 287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:asterisk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/05/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/05/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-misc/asterisk", unaffected:make_list("ge 1.2.32"), vulnerable:make_list("lt 1.2.32"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Asterisk");
    }
    
  • NASL familyDenial of Service
    NASL idASTERISK_IAX2_POKE_EXHAUST.NASL
    descriptionThe version of Asterisk running on the remote host consumes an IAX2 call number while waiting for an ACK packet in response to a PONG packet. By flooding the affected service with POKE requests, an unauthenticated, remote attacker can leverage this issue to exhaust all available call numbers and prevent legitimate IAX2 calls from getting through.
    last seen2020-06-01
    modified2020-06-02
    plugin id33576
    published2008-07-25
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33576
    titleAsterisk IAX2 (IAX) POKE Request Saturation Resource Exhaustion Remote DoS
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33576);
      script_version("1.19");
      script_cvs_date("Date: 2018/11/15 20:50:21");
    
      script_cve_id("CVE-2008-3263");
      script_bugtraq_id(30321);
      script_xref(name:"Secunia", value:"31178");
    
      script_name(english:"Asterisk IAX2 (IAX) POKE Request Saturation Resource Exhaustion Remote DoS");
      script_summary(english:"Sends a POKE and examines src callno in the PONG");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VoIP service is susceptible to a remote denial of service
    attack.");
      script_set_attribute(attribute:"description", value:
    "The version of Asterisk running on the remote host consumes an IAX2
    call number while waiting for an ACK packet in response to a PONG
    packet.  By flooding the affected service with POKE requests, an
    unauthenticated, remote attacker can leverage this issue to exhaust all
    available call numbers and prevent legitimate IAX2 calls from getting
    through.");
      script_set_attribute(attribute:"see_also", value:"http://downloads.digium.com/pub/security/AST-2008-010.html");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/494675/30/0/threaded");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Asterisk Open Source 1.4.21.2 / 1.2.30, Asterisk Business
    Edition C.2.0.3 / C.1.10.3 / B.2.5.4, s800i (Asterisk Appliance) 1.2.0.1
    or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/07/22");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe",value:"cpe:/a:asterisk:asterisk");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Denial of Service");
    
      script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
    
      script_dependencies("iax2_detection.nasl");
      script_require_keys("Services/udp/iax2");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("byte_func.inc");
    
    
    port = get_kb_item("Services/udp/iax2");
    if (!port) port = 4569;
    if (!get_udp_port_state(port)) audit(AUDIT_PORT_CLOSED, port, "UDP");
    
    for (iter=0; iter<2; iter++)
    {
      soc = open_sock_udp(port);
      if (!soc) audit(AUDIT_SOCK_FAIL, port, "UDP");
    
      # Send a POKE.
      src_call = rand() % 0xff;
    
      poke =
        mkword((1 << 15) | src_call) +     # 'F' bit + source call number
        mkword(0) +                        # 'R' bit + dest call number
        mkdword(0) +                       # timestamp
        mkbyte(0) +                        # OSeqno
        mkbyte(0) +                        # ISeqno
        mkbyte(6) +                        # frametype, 6 => IAX frame
        mkbyte(0x1e);                      # 'C' bit + subclass, 0x1e => POKE request
      send(socket:soc, data:poke);
      pong = recv(socket:soc, length:128);
      if (strlen(pong) == 0) exit(0);
    
      # If we get a PONG...
      if (
        getword(blob:pong, pos:0) > 0x8000 &&
        getword(blob:pong, pos:2) & 0x7fff == src_call &&
        getbyte(blob:pong, pos:10) == 6 &&
        getbyte(blob:pong, pos:11) == 3
      )
      {
        # Send an ACK so the call number doesn't remain allocated.
        callid = getword(blob:pong, pos:0) ^ 0x8000;
        seqo = getbyte(blob:pong, pos:8);
        seqi = getbyte(blob:pong, pos:9);
        ts = getdword(blob:pong, pos:4);
    
        ack =
          mkword((1 << 15) | src_call) +   # 'F' bit + source call number
          mkword(callid) +                 # 'R' bit + dest call number
          mkdword(ts) +                    # timestamp
          mkbyte(seqo) +                   # OSeqno
          mkbyte(seqi) +                   # ISeqno
          mkbyte(6) +                      # frametype, 6 => IAX frame
          mkbyte(4);                       # 'C' bit + subclass, 4 => ACK
        send(socket:soc, data:ack);
    
        # There's a problem if the source call id is not 1.
        if (callid != 1)
        {
          security_warning(port:port, proto:"udp");
          exit(0);
        }
      }
      # Exit because it doesn't seem to support IAX2.
      else exit(0);
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_ASTERISK-5524.NASL
    descriptionThis security update fixes multiple security vulnerabilities in asterisk (CVE-2008-1897, CVE-2008-2119, CVE-2008-3263, CVE-2008-3264).
    last seen2020-06-01
    modified2020-06-02
    plugin id33894
    published2008-08-15
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33894
    titleopenSUSE 10 Security Update : asterisk (asterisk-5524)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update asterisk-5524.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33894);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:32");
    
      script_cve_id("CVE-2008-1897", "CVE-2008-2119", "CVE-2008-3263", "CVE-2008-3264");
    
      script_name(english:"openSUSE 10 Security Update : asterisk (asterisk-5524)");
      script_summary(english:"Check for the asterisk-5524 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This security update fixes multiple security vulnerabilities in
    asterisk (CVE-2008-1897, CVE-2008-2119, CVE-2008-3263, CVE-2008-3264)."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected asterisk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_cwe_id(20, 287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:asterisk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:asterisk-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:asterisk-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:asterisk-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:asterisk-spandsp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:asterisk-zaptel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/08/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.2", reference:"asterisk-1.2.13-31") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"asterisk-alsa-1.2.13-31") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"asterisk-odbc-1.2.13-31") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"asterisk-pgsql-1.2.13-31") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"asterisk-spandsp-1.2.13-31") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"asterisk-zaptel-1.2.13-31") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "asterisk / asterisk-alsa / asterisk-odbc / asterisk-pgsql / etc");
    }