Vulnerabilities > CVE-2012-2948 - Resource Management Errors vulnerability in Asterisk Certified Asterisk and Open Source

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
asterisk
CWE-399
nessus

Summary

chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMisc.
    NASL idASTERISK_AST_2012_008.NASL
    descriptionAccording to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server. This issue could be exploited when the attacker has a valid SCCP (Skinny) ID and closes a connection when in certain call states. A NULL pointer is left behind and can cause the server to crash when the pointer is later dereferenced.
    last seen2020-06-01
    modified2020-06-02
    plugin id59504
    published2012-06-14
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59504
    titleAsterisk Remote Crash Vulnerability in Skinny Channel Driver (AST-2012-008)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59504);
      script_version("1.12");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id("CVE-2012-2948");
      script_bugtraq_id(53723);
    
      script_name(english:"Asterisk Remote Crash Vulnerability in Skinny Channel Driver (AST-2012-008)");
      script_summary(english:"Checks version in SIP banner");
    
      script_set_attribute(attribute:"synopsis", value:
    "A telephony application running on the remote host is affected by a
    denial of service vulnerability.");
      script_set_attribute(attribute:"description", value:
    "According to the version in its SIP banner, the version of Asterisk
    running on the remote host is potentially affected by a vulnerability
    that could allow a remote attacker to crash the server.  This issue
    could be exploited when the attacker has a valid SCCP (Skinny) ID and
    closes a connection when in certain call states.  A NULL pointer is
    left behind and can cause the server to crash when the pointer is
    later dereferenced.");
      script_set_attribute(attribute:"see_also", value:"https://issues.asterisk.org/jira/browse/ASTERISK-19905");
      script_set_attribute(attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2012-008.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Asterisk 1.8.12.1 / 10.4.1 / 1.8.11-cert-2 or apply the
    patches listed in the Asterisk advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-2948");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/05/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/14");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:digium:asterisk");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("asterisk_detection.nasl");
      script_require_keys("asterisk/sip_detected", "Settings/ParanoidReport");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    get_kb_item_or_exit("asterisk/sip_detected");
    
    # see if we were able to get version info from the Asterisk SIP services
    asterisk_kbs = get_kb_list("sip/asterisk/*/version");
    if (isnull(asterisk_kbs)) exit(1, "Could not obtain any version information from the Asterisk SIP instance(s).");
    
    # Prevent potential false positives.
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    is_vuln = FALSE;
    not_vuln_installs = make_list();
    errors = make_list();
    
    foreach kb_name (keys(asterisk_kbs))
    {
      vulnerable = 0;
    
      matches = eregmatch(pattern:"/(udp|tcp)/([0-9]+)/version", string:kb_name);
      if (isnull(matches))
      {
        errors = make_list(errors, "Unexpected error parsing port number from kb name: "+kb_name);
        continue;
      }
    
      proto = matches[1];
      port  = matches[2];
      version = asterisk_kbs[kb_name];
    
      if (version == 'unknown')
      {
        errors = make_list(errors, "Unable to obtain version of install on " + proto + "/" + port);
        continue;
      }
    
      banner = get_kb_item("sip/asterisk/" + proto + "/" + port + "/source");
      if (!banner)
      {
        # We have version but banner is missing; log error
        # and use in version-check though.
        errors = make_list(errors, "KB item 'sip/asterisk/" + proto + "/" + port + "/source' is missing");
        banner = 'unknown';
      }
    
      if (version =~ "^1\.8([^0-9]|$)" && "cert" >!< tolower(version))
      {
        fixed = "1.8.12.1";
        vulnerable = ver_compare(ver:version, fix:fixed, app:"asterisk");
      }
      else if (version =~ "^1\.8\.11-cert1([^0-9]|$)")
      {
        fixed = "1.8.11-cert2";
        vulnerable = -1;
      }
      else if (version =~ "^10([^0-9]|$)")
      {
        fixed = "10.4.1";
        vulnerable = ver_compare(ver:version, fix:fixed, app:"asterisk");
      }
    
      if (vulnerable < 0)
      {
        is_vuln = TRUE;
        if (report_verbosity > 0)
        {
          report =
            '\n  Version source    : ' + banner +
            '\n  Installed version : ' + version +
            '\n  Fixed version     : ' + fixed + '\n';
          security_warning(port:port, proto:proto, extra:report);
        }
        else security_warning(port:port, proto:proto);
      }
      else not_vuln_installs = make_list(not_vuln_installs, version + " on port " + proto + "/" + port);
    }
    
    if (max_index(errors))
    {
      if (max_index(errors) == 1) errmsg = errors[0];
      else errmsg = 'Errors were encountered verifying installs : \n  ' + join(errors, sep:'\n  ');
    
      exit(1, errmsg);
    }
    else
    {
      installs = max_index(not_vuln_installs);
      if (installs == 0)
      {
        if (is_vuln)
          exit(0);
        else
          audit(AUDIT_NOT_INST, "Asterisk");
      }
      else if (installs == 1) audit(AUDIT_INST_VER_NOT_VULN, "Asterisk " + not_vuln_installs[0]);
      else exit(0, "The Asterisk installs (" + join(not_vuln_installs, sep:", ") + ") are not affected.");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_359F615DA9E111E18A6614DAE9EBCF89.NASL
    descriptionAsterisk project reports : Remote crash vulnerability in IAX2 channel driver. Skinny Channel Driver Remote Crash Vulnerability
    last seen2020-06-01
    modified2020-06-02
    plugin id59302
    published2012-05-30
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59302
    titleFreeBSD : asterisk -- multiple vulnerabilities (359f615d-a9e1-11e1-8a66-14dae9ebcf89)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59302);
      script_version("1.8");
      script_cvs_date("Date: 2018/12/19 13:21:18");
    
      script_cve_id("CVE-2012-2947", "CVE-2012-2948");
    
      script_name(english:"FreeBSD : asterisk -- multiple vulnerabilities (359f615d-a9e1-11e1-8a66-14dae9ebcf89)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Asterisk project reports :
    
    Remote crash vulnerability in IAX2 channel driver.
    
    Skinny Channel Driver Remote Crash Vulnerability"
      );
      # http://downloads.digium.com/pub/security/AST-2012-007.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://downloads.digium.com/pub/security/AST-2012-007.html"
      );
      # http://downloads.digium.com/pub/security/AST-2012-008.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://downloads.digium.com/pub/security/AST-2012-008.html"
      );
      # https://www.asterisk.org/security
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.asterisk.org/downloads/security-advisories"
      );
      # https://vuxml.freebsd.org/freebsd/359f615d-a9e1-11e1-8a66-14dae9ebcf89.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?57bdeb4f"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:asterisk10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:asterisk16");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:asterisk18");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/05/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"asterisk16>1.6.*<=1.6.2.24")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"asterisk18>1.8.*<1.8.12.1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"asterisk10>10.*<10.4.1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2493.NASL
    descriptionSeveral vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit. - CVE-2012-2947 The IAX2 channel driver allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold (when a certain mohinterpret setting is enabled). - CVE-2012-2948 The Skinny channel driver allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode. In addition, it was discovered that Asterisk does not set the alwaysauthreject option by default in the SIP channel driver. This allows remote attackers to observe a difference in response behavior and check for the presence of account names. (CVE-2011-2666 ) System administrators concerned by this user enumerating vulnerability should enable the alwaysauthreject option in the configuration. We do not plan to change the default setting in the stable version (Asterisk 1.6) in order to preserve backwards compatibility.
    last seen2020-03-17
    modified2012-06-29
    plugin id59771
    published2012-06-29
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59771
    titleDebian DSA-2493-1 : asterisk - denial of service
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2493. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59771);
      script_version("1.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2012-2947", "CVE-2012-2948");
      script_bugtraq_id(53722, 53723);
      script_xref(name:"DSA", value:"2493");
    
      script_name(english:"Debian DSA-2493-1 : asterisk - denial of service");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities were discovered in Asterisk, a PBX and
    telephony toolkit.
    
      - CVE-2012-2947
        The IAX2 channel driver allows remote attackers to cause
        a denial of service (daemon crash) by placing a call on
        hold (when a certain mohinterpret setting is enabled).
    
      - CVE-2012-2948
        The Skinny channel driver allows remote authenticated
        users to cause a denial of service (NULL pointer
        dereference and daemon crash) by closing a connection in
        off-hook mode.
    
    In addition, it was discovered that Asterisk does not set the
    alwaysauthreject option by default in the SIP channel driver. This
    allows remote attackers to observe a difference in response behavior
    and check for the presence of account names. (CVE-2011-2666 ) System
    administrators concerned by this user enumerating vulnerability should
    enable the alwaysauthreject option in the configuration. We do not
    plan to change the default setting in the stable version (Asterisk
    1.6) in order to preserve backwards compatibility."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675204"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675210"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-2947"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2012-2948"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2011-2666"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/asterisk"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2012/dsa-2493"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the asterisk packages.
    
    For the stable distribution (squeeze), this problem has been fixed in
    version 1:1.6.2.9-2+squeeze6."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/06/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"asterisk", reference:"1:1.6.2.9-2+squeeze6")) flag++;
    if (deb_check(release:"6.0", prefix:"asterisk-config", reference:"1:1.6.2.9-2+squeeze6")) flag++;
    if (deb_check(release:"6.0", prefix:"asterisk-dbg", reference:"1:1.6.2.9-2+squeeze6")) flag++;
    if (deb_check(release:"6.0", prefix:"asterisk-dev", reference:"1:1.6.2.9-2+squeeze6")) flag++;
    if (deb_check(release:"6.0", prefix:"asterisk-doc", reference:"1:1.6.2.9-2+squeeze6")) flag++;
    if (deb_check(release:"6.0", prefix:"asterisk-h323", reference:"1:1.6.2.9-2+squeeze6")) flag++;
    if (deb_check(release:"6.0", prefix:"asterisk-sounds-main", reference:"1:1.6.2.9-2+squeeze6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201206-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201206-05 (Asterisk: Multiple vulnerabilities) Multiple vulnerabilities have been found in Asterisk: An error in manager.c allows shell access through the MixMonitor application, GetVar, or Status (CVE-2012-2414). An error in chan_skinny.c could cause a heap-based buffer overflow (CVE-2012-2415). An error in chan_sip.c prevents Asterisk from checking if a channel exists before connected line updates (CVE-2012-2416). An error in chan_iax2.c may cause an invalid pointer to be called (CVE-2012-2947). chan_skinny.c contains a NULL pointer dereference (CVE-2012-2948). Impact : A remote attacker could execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59633
    published2012-06-21
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59633
    titleGLSA-201206-05 : Asterisk: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201206-05.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59633);
      script_version("1.8");
      script_cvs_date("Date: 2018/07/11 17:09:26");
    
      script_cve_id("CVE-2012-2414", "CVE-2012-2415", "CVE-2012-2416", "CVE-2012-2947", "CVE-2012-2948");
      script_bugtraq_id(53205, 53206, 53210, 53722, 53723);
      script_xref(name:"GLSA", value:"201206-05");
    
      script_name(english:"GLSA-201206-05 : Asterisk: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201206-05
    (Asterisk: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been found in Asterisk:
          An error in manager.c allows shell access through the MixMonitor
            application, GetVar, or Status (CVE-2012-2414).
          An error in chan_skinny.c could cause a heap-based buffer overflow
            (CVE-2012-2415).
          An error in chan_sip.c prevents Asterisk from checking if a channel
            exists before connected line updates (CVE-2012-2416).
          An error in chan_iax2.c may cause an invalid pointer to be called
            (CVE-2012-2947).
          chan_skinny.c contains a NULL pointer dereference (CVE-2012-2948).
      
    Impact :
    
        A remote attacker could execute arbitrary code with the privileges of
          the process or cause a Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201206-05"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Asterisk users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.8.12.1'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:asterisk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/06/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-misc/asterisk", unaffected:make_list("ge 1.8.12.1"), vulnerable:make_list("lt 1.8.12.1"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Asterisk");
    }