Vulnerabilities > CVE-2012-2948 - Resource Management Errors vulnerability in Asterisk Certified Asterisk and Open Source
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Misc. NASL id ASTERISK_AST_2012_008.NASL description According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server. This issue could be exploited when the attacker has a valid SCCP (Skinny) ID and closes a connection when in certain call states. A NULL pointer is left behind and can cause the server to crash when the pointer is later dereferenced. last seen 2020-06-01 modified 2020-06-02 plugin id 59504 published 2012-06-14 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59504 title Asterisk Remote Crash Vulnerability in Skinny Channel Driver (AST-2012-008) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(59504); script_version("1.12"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2012-2948"); script_bugtraq_id(53723); script_name(english:"Asterisk Remote Crash Vulnerability in Skinny Channel Driver (AST-2012-008)"); script_summary(english:"Checks version in SIP banner"); script_set_attribute(attribute:"synopsis", value: "A telephony application running on the remote host is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server. This issue could be exploited when the attacker has a valid SCCP (Skinny) ID and closes a connection when in certain call states. A NULL pointer is left behind and can cause the server to crash when the pointer is later dereferenced."); script_set_attribute(attribute:"see_also", value:"https://issues.asterisk.org/jira/browse/ASTERISK-19905"); script_set_attribute(attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2012-008.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Asterisk 1.8.12.1 / 10.4.1 / 1.8.11-cert-2 or apply the patches listed in the Asterisk advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-2948"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/29"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/14"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:digium:asterisk"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("asterisk_detection.nasl"); script_require_keys("asterisk/sip_detected", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); get_kb_item_or_exit("asterisk/sip_detected"); # see if we were able to get version info from the Asterisk SIP services asterisk_kbs = get_kb_list("sip/asterisk/*/version"); if (isnull(asterisk_kbs)) exit(1, "Could not obtain any version information from the Asterisk SIP instance(s)."); # Prevent potential false positives. if (report_paranoia < 2) audit(AUDIT_PARANOID); is_vuln = FALSE; not_vuln_installs = make_list(); errors = make_list(); foreach kb_name (keys(asterisk_kbs)) { vulnerable = 0; matches = eregmatch(pattern:"/(udp|tcp)/([0-9]+)/version", string:kb_name); if (isnull(matches)) { errors = make_list(errors, "Unexpected error parsing port number from kb name: "+kb_name); continue; } proto = matches[1]; port = matches[2]; version = asterisk_kbs[kb_name]; if (version == 'unknown') { errors = make_list(errors, "Unable to obtain version of install on " + proto + "/" + port); continue; } banner = get_kb_item("sip/asterisk/" + proto + "/" + port + "/source"); if (!banner) { # We have version but banner is missing; log error # and use in version-check though. errors = make_list(errors, "KB item 'sip/asterisk/" + proto + "/" + port + "/source' is missing"); banner = 'unknown'; } if (version =~ "^1\.8([^0-9]|$)" && "cert" >!< tolower(version)) { fixed = "1.8.12.1"; vulnerable = ver_compare(ver:version, fix:fixed, app:"asterisk"); } else if (version =~ "^1\.8\.11-cert1([^0-9]|$)") { fixed = "1.8.11-cert2"; vulnerable = -1; } else if (version =~ "^10([^0-9]|$)") { fixed = "10.4.1"; vulnerable = ver_compare(ver:version, fix:fixed, app:"asterisk"); } if (vulnerable < 0) { is_vuln = TRUE; if (report_verbosity > 0) { report = '\n Version source : ' + banner + '\n Installed version : ' + version + '\n Fixed version : ' + fixed + '\n'; security_warning(port:port, proto:proto, extra:report); } else security_warning(port:port, proto:proto); } else not_vuln_installs = make_list(not_vuln_installs, version + " on port " + proto + "/" + port); } if (max_index(errors)) { if (max_index(errors) == 1) errmsg = errors[0]; else errmsg = 'Errors were encountered verifying installs : \n ' + join(errors, sep:'\n '); exit(1, errmsg); } else { installs = max_index(not_vuln_installs); if (installs == 0) { if (is_vuln) exit(0); else audit(AUDIT_NOT_INST, "Asterisk"); } else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, "Asterisk " + not_vuln_installs[0]); else exit(0, "The Asterisk installs (" + join(not_vuln_installs, sep:", ") + ") are not affected."); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_359F615DA9E111E18A6614DAE9EBCF89.NASL description Asterisk project reports : Remote crash vulnerability in IAX2 channel driver. Skinny Channel Driver Remote Crash Vulnerability last seen 2020-06-01 modified 2020-06-02 plugin id 59302 published 2012-05-30 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59302 title FreeBSD : asterisk -- multiple vulnerabilities (359f615d-a9e1-11e1-8a66-14dae9ebcf89) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(59302); script_version("1.8"); script_cvs_date("Date: 2018/12/19 13:21:18"); script_cve_id("CVE-2012-2947", "CVE-2012-2948"); script_name(english:"FreeBSD : asterisk -- multiple vulnerabilities (359f615d-a9e1-11e1-8a66-14dae9ebcf89)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Asterisk project reports : Remote crash vulnerability in IAX2 channel driver. Skinny Channel Driver Remote Crash Vulnerability" ); # http://downloads.digium.com/pub/security/AST-2012-007.html script_set_attribute( attribute:"see_also", value:"https://downloads.digium.com/pub/security/AST-2012-007.html" ); # http://downloads.digium.com/pub/security/AST-2012-008.html script_set_attribute( attribute:"see_also", value:"https://downloads.digium.com/pub/security/AST-2012-008.html" ); # https://www.asterisk.org/security script_set_attribute( attribute:"see_also", value:"https://www.asterisk.org/downloads/security-advisories" ); # https://vuxml.freebsd.org/freebsd/359f615d-a9e1-11e1-8a66-14dae9ebcf89.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?57bdeb4f" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:asterisk10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:asterisk16"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:asterisk18"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/29"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"asterisk16>1.6.*<=1.6.2.24")) flag++; if (pkg_test(save_report:TRUE, pkg:"asterisk18>1.8.*<1.8.12.1")) flag++; if (pkg_test(save_report:TRUE, pkg:"asterisk10>10.*<10.4.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2493.NASL description Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit. - CVE-2012-2947 The IAX2 channel driver allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold (when a certain mohinterpret setting is enabled). - CVE-2012-2948 The Skinny channel driver allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode. In addition, it was discovered that Asterisk does not set the alwaysauthreject option by default in the SIP channel driver. This allows remote attackers to observe a difference in response behavior and check for the presence of account names. (CVE-2011-2666 ) System administrators concerned by this user enumerating vulnerability should enable the alwaysauthreject option in the configuration. We do not plan to change the default setting in the stable version (Asterisk 1.6) in order to preserve backwards compatibility. last seen 2020-03-17 modified 2012-06-29 plugin id 59771 published 2012-06-29 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59771 title Debian DSA-2493-1 : asterisk - denial of service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2493. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(59771); script_version("1.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-2947", "CVE-2012-2948"); script_bugtraq_id(53722, 53723); script_xref(name:"DSA", value:"2493"); script_name(english:"Debian DSA-2493-1 : asterisk - denial of service"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit. - CVE-2012-2947 The IAX2 channel driver allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold (when a certain mohinterpret setting is enabled). - CVE-2012-2948 The Skinny channel driver allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode. In addition, it was discovered that Asterisk does not set the alwaysauthreject option by default in the SIP channel driver. This allows remote attackers to observe a difference in response behavior and check for the presence of account names. (CVE-2011-2666 ) System administrators concerned by this user enumerating vulnerability should enable the alwaysauthreject option in the configuration. We do not plan to change the default setting in the stable version (Asterisk 1.6) in order to preserve backwards compatibility." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675204" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675210" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-2947" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-2948" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2011-2666" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/asterisk" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2012/dsa-2493" ); script_set_attribute( attribute:"solution", value: "Upgrade the asterisk packages. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6.2.9-2+squeeze6." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"asterisk", reference:"1:1.6.2.9-2+squeeze6")) flag++; if (deb_check(release:"6.0", prefix:"asterisk-config", reference:"1:1.6.2.9-2+squeeze6")) flag++; if (deb_check(release:"6.0", prefix:"asterisk-dbg", reference:"1:1.6.2.9-2+squeeze6")) flag++; if (deb_check(release:"6.0", prefix:"asterisk-dev", reference:"1:1.6.2.9-2+squeeze6")) flag++; if (deb_check(release:"6.0", prefix:"asterisk-doc", reference:"1:1.6.2.9-2+squeeze6")) flag++; if (deb_check(release:"6.0", prefix:"asterisk-h323", reference:"1:1.6.2.9-2+squeeze6")) flag++; if (deb_check(release:"6.0", prefix:"asterisk-sounds-main", reference:"1:1.6.2.9-2+squeeze6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-05.NASL description The remote host is affected by the vulnerability described in GLSA-201206-05 (Asterisk: Multiple vulnerabilities) Multiple vulnerabilities have been found in Asterisk: An error in manager.c allows shell access through the MixMonitor application, GetVar, or Status (CVE-2012-2414). An error in chan_skinny.c could cause a heap-based buffer overflow (CVE-2012-2415). An error in chan_sip.c prevents Asterisk from checking if a channel exists before connected line updates (CVE-2012-2416). An error in chan_iax2.c may cause an invalid pointer to be called (CVE-2012-2947). chan_skinny.c contains a NULL pointer dereference (CVE-2012-2948). Impact : A remote attacker could execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59633 published 2012-06-21 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59633 title GLSA-201206-05 : Asterisk: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201206-05. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(59633); script_version("1.8"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2012-2414", "CVE-2012-2415", "CVE-2012-2416", "CVE-2012-2947", "CVE-2012-2948"); script_bugtraq_id(53205, 53206, 53210, 53722, 53723); script_xref(name:"GLSA", value:"201206-05"); script_name(english:"GLSA-201206-05 : Asterisk: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201206-05 (Asterisk: Multiple vulnerabilities) Multiple vulnerabilities have been found in Asterisk: An error in manager.c allows shell access through the MixMonitor application, GetVar, or Status (CVE-2012-2414). An error in chan_skinny.c could cause a heap-based buffer overflow (CVE-2012-2415). An error in chan_sip.c prevents Asterisk from checking if a channel exists before connected line updates (CVE-2012-2416). An error in chan_iax2.c may cause an invalid pointer to be called (CVE-2012-2947). chan_skinny.c contains a NULL pointer dereference (CVE-2012-2948). Impact : A remote attacker could execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201206-05" ); script_set_attribute( attribute:"solution", value: "All Asterisk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.8.12.1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:asterisk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-misc/asterisk", unaffected:make_list("ge 1.8.12.1"), vulnerable:make_list("lt 1.8.12.1"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Asterisk"); }
References
- http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html
- http://downloads.asterisk.org/pub/security/AST-2012-008.html
- http://secunia.com/advisories/49303
- http://www.debian.org/security/2012/dsa-2493
- http://www.securityfocus.com/bid/53723
- http://www.securitytracker.com/id?1027103
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75937