Vulnerabilities > CVE-2015-3008 - Cryptographic Issues vulnerability in Digium Asterisk and Certified Asterisk

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

digium

CWE-310

nessus

NVD

Published: 2015-04-10

Updated: 2018-10-09

Summary

Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Vulnerable Configurations

Part	Description	Count
Application	Digium Digium Asterisk 1.8.0 Digium Asterisk 1.8.1 Digium Asterisk 1.8.1.1 Digium Asterisk 1.8.1.2 Digium Asterisk 1.8.2 Digium Asterisk 1.8.2.1 Digium Asterisk 1.8.2.2 Digium Asterisk 1.8.2.3 Digium Asterisk 1.8.2.4 Digium Asterisk 1.8.3 Digium Asterisk 1.8.3.1 Digium Asterisk 1.8.3.2 Digium Asterisk 1.8.3.3 Digium Asterisk 1.8.10.0 Digium Asterisk 1.8.10.1 Digium Asterisk 1.8.11.0 Digium Asterisk 1.8.11.1 Digium Asterisk 1.8.12 Digium Asterisk 1.8.12.0 Digium Asterisk 1.8.12.1 Digium Asterisk 1.8.12.2 Digium Asterisk 1.8.13.0 Digium Asterisk 1.8.13.1 Digium Asterisk 1.8.14.0 Digium Asterisk 1.8.14.1 Digium Asterisk 1.8.15.0 Digium Asterisk 1.8.15.1 Digium Asterisk 1.8.16.0 Digium Asterisk 1.8.17.0 Digium Asterisk 1.8.18.0 Digium Asterisk 1.8.18.1 Digium Asterisk 1.8.19.0 Digium Asterisk 1.8.19.1 Digium Asterisk 1.8.20.0 Digium Asterisk 1.8.20.1 Digium Asterisk 1.8.20.2 Digium Asterisk 1.8.21.0 Digium Asterisk 1.8.22.0 Digium Asterisk 1.8.23.0 Digium Asterisk 1.8.23.1 Digium Asterisk 1.8.24.0 Digium Asterisk 1.8.24.1 Digium Asterisk 1.8.25.0 Digium Asterisk 1.8.26.0 Digium Asterisk 1.8.26.1 Digium Asterisk 1.8.27.0 Digium Asterisk 1.8.28.0 Digium Asterisk 1.8.28.1 Digium Asterisk 1.8.28.2 Digium Asterisk 1.8.32.0 Digium Asterisk 11.0.0 Digium Asterisk 11.0.1 Digium Asterisk 11.0.2 Digium Asterisk 11.1.0 Digium Asterisk 11.1.1 Digium Asterisk 11.1.2 Digium Asterisk 11.2.0 Digium Asterisk 11.3.0 Digium Asterisk 11.4.0 Digium Asterisk 11.5.0 Digium Asterisk 11.5.1 Digium Asterisk 11.6.0 Digium Asterisk 11.7.0 Digium Asterisk 11.8.0 Digium Asterisk 11.8.1 Digium Asterisk 11.9.0 Digium Asterisk 11.10.0 Digium Asterisk 11.10.1 Digium Asterisk 11.11.0 Digium Asterisk 11.12.0 Digium Asterisk 11.13.0 Digium Asterisk 11.14.0 Digium Asterisk 11.15.0 Digium Asterisk 11.16.0 Digium Asterisk 11.17.0 Digium Asterisk 12.0.0 Digium Asterisk 12.1.0 Digium Asterisk 12.1.1 Digium Asterisk 12.2.0 Digium Asterisk 12.3.0 Digium Asterisk 12.3.1 Digium Asterisk 12.3.2 Digium Asterisk 12.4.0 Digium Asterisk 12.5.0 Digium Asterisk 12.6.0 Digium Asterisk 12.7.0 Digium Asterisk 12.7.1 Digium Asterisk 12.8.0 Digium Asterisk 12.8.1 Digium Asterisk 13.0.0 Digium Asterisk 13.0.1 Digium Asterisk 13.1.0 Digium Asterisk 13.2.0 Digium Asterisk 13.3.0 Digium Asterisk 13.3.1 Digium Certified Asterisk 1.8.0.0 Digium Certified Asterisk 1.8.1.0 Digium Certified Asterisk 1.8.2.0 Digium Certified Asterisk 1.8.3.0 Digium Certified Asterisk 1.8.4.0 Digium Certified Asterisk 1.8.5.0 Digium Certified Asterisk 1.8.6.0 Digium Certified Asterisk 1.8.7.0 Digium Certified Asterisk 1.8.8.0 Digium Certified Asterisk 1.8.9.0 Digium Certified Asterisk 1.8.10.0 Digium Certified Asterisk 1.8.11 Digium Certified Asterisk 1.8.11.0 Digium Certified Asterisk 1.8.12.0 Digium Certified Asterisk 1.8.13.0 Digium Certified Asterisk 1.8.14.0 Digium Certified Asterisk 1.8.15 Digium Certified Asterisk 1.8.28 Digium Certified Asterisk 1.8.28.0 Digium Certified Asterisk 11.6 Digium Certified Asterisk 11.6.0 Digium Certified Asterisk 13.1	322

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2015-5948.NASL
description	The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2, and 13.3.2. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of these versions resolves the following security vulnerability : - AST-2015-003: TLS Certificate Common name NULL byte exploit When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected. This potentially allows for a man in the middle attack. For more information about the details of this vulnerability, please read security advisory AST-2015-003, which was released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs : http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-1.8.28-cert5 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8.32.3 http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-11.6-cert11 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-11.17.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-12.8.2 http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-13.1-cert2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-13.3.2 The security advisory is available at : - http://downloads.asterisk.org/pub/security/AST-2015-003. pdf Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2015-07-22
plugin id	84910
published	2015-07-22
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84910
title	Fedora 22 : asterisk-13.3.2-1.fc22 (2015-5948)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-5948. # include("compat.inc"); if (description) { script_id(84910); script_version("2.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-3008"); script_xref(name:"FEDORA", value:"2015-5948"); script_name(english:"Fedora 22 : asterisk-13.3.2-1.fc22 (2015-5948)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2, and 13.3.2. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of these versions resolves the following security vulnerability : - AST-2015-003: TLS Certificate Common name NULL byte exploit When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected. This potentially allows for a man in the middle attack. For more information about the details of this vulnerability, please read security advisory AST-2015-003, which was released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs : http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-1.8.28-cert5 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8.32.3 http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-11.6-cert11 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-11.17.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-12.8.2 http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-13.1-cert2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-13.3.2 The security advisory is available at : - http://downloads.asterisk.org/pub/security/AST-2015-003. pdf Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2015-003.pdf" ); # http://downloads.asterisk.org/pub/telephony/asterisk/releases script_set_attribute( attribute:"see_also", value:"http://downloads.asterisk.org/pub/telephony/asterisk/releases/" ); # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?85da8028" ); # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.17.1 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9f7655dc" ); # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.8.2 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9e407efd" ); # http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.3.2 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?aaf19503" ); # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.28-cert5 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9f561735" ); # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert11 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?de0a6932" ); # http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-13.1-cert2 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3362af83" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1210225" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162260.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ab88120f" ); script_set_attribute( attribute:"solution", value:"Update the affected asterisk package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^22([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"asterisk-13.3.2-1.fc22")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "asterisk"); }

NASL family	Misc.
NASL id	ASTERISK_AST_2015_003.NASL
description	According to its SIP banner, the version of Asterisk running on the remote host is potentially affected by flaw related to certificate validation when registering a SIP TLS device due to not properly verifying a server hostname against an X.509 Common Name (CN) field that has a NULL byte appended after the expected results. A man-in-the-middle attacker can exploit this, via a crafted certificate, to spoof arbitrary SSL servers and intercept network traffic. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	82901
published	2015-04-20
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/82901
title	Asterisk TLS Certificate Common Name NULL Byte Vulnerability (AST-2015-003)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(82901); script_version("1.9"); script_cvs_date("Date: 2018/06/27 18:42:26"); script_cve_id("CVE-2015-3008"); script_bugtraq_id(74022); script_name(english:"Asterisk TLS Certificate Common Name NULL Byte Vulnerability (AST-2015-003)"); script_summary(english:"Checks the version in the SIP banner."); script_set_attribute(attribute:"synopsis", value: "A telephony application running on the remote host is affected by a certificate validation vulnerability."); script_set_attribute(attribute:"description", value: "According to its SIP banner, the version of Asterisk running on the remote host is potentially affected by flaw related to certificate validation when registering a SIP TLS device due to not properly verifying a server hostname against an X.509 Common Name (CN) field that has a NULL byte appended after the expected results. A man-in-the-middle attacker can exploit this, via a crafted certificate, to spoof arbitrary SSL servers and intercept network traffic. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"solution", value: "Upgrade to Asterisk 1.8.32.3 / 11.17.1 / 12.8.2 / 13.3.2 / 1.8.28-cert5 / 11.6-cert11 / 13.1-cert2, or apply the appropriate patch listed in the Asterisk advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2015-003.html"); script_set_attribute(attribute:"see_also", value:"https://issues.asterisk.org/jira/browse/ASTERISK-24847"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/08"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/20"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:digium:asterisk"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_dependencies("asterisk_detection.nasl"); script_require_keys("asterisk/sip_detected", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); get_kb_item_or_exit("asterisk/sip_detected"); asterisk_kbs = get_kb_list_or_exit("sip/asterisk/*/version"); if (report_paranoia < 2) audit(AUDIT_PARANOID); is_vuln = FALSE; not_vuln_installs = make_list(); errors = make_list(); foreach kb_name (keys(asterisk_kbs)) { vulnerable = 0; matches = eregmatch(pattern:"/(udp\|tcp)/([0-9]+)/version", string:kb_name); if (isnull(matches)) { errors = make_list(errors, "Unexpected error parsing port number from '"+kb_name+"'."); continue; } proto = matches[1]; port = matches[2]; version = asterisk_kbs[kb_name]; if (version == 'unknown') { errors = make_list(errors, "Unable to obtain version of install on " + proto + "/" + port + "."); continue; } banner = get_kb_item("sip/asterisk/" + proto + "/" + port + "/source"); if (!banner) { # We have version but banner is missing; # log error and use in version-check though. errors = make_list(errors, "KB item 'sip/asterisk/" + proto + "/" + port + "/source' is missing."); banner = 'unknown'; } # Open Source 1.8.x < 1.8.32.3 if (version =~ "^1\.8([^0-9]\|$)" && "cert" >!< tolower(version)) { fixed = "1.8.32.3"; vulnerable = ver_compare(ver:version, fix:fixed, app:"asterisk"); } # Open Source 11.x < 11.17.1 if (version =~ "^11([^0-9]\|$)" && "cert" >!< tolower(version)) { fixed = "11.17.1"; vulnerable = ver_compare(ver:version, fix:fixed, app:"asterisk"); } # Open Source 12.x < 12.8.2 else if (version =~ "^12([^0-9]\|$)" && "cert" >!< tolower(version)) { fixed = "12.8.2"; vulnerable = ver_compare(ver:version, fix:fixed, app:"asterisk"); } # Open Source 13.x < 13.3.2 else if (version =~ "^13([^0-9]\|$)" && "cert" >!< tolower(version)) { fixed = "13.3.2"; vulnerable = ver_compare(ver:version, fix:fixed, app:"asterisk"); } # Asterisk Certified 1.8.28-certx < 1.8.28-cert5 else if (version =~ "^1\.8\.28([^0-9])" && "cert" >< tolower(version)) { fixed = "1.8.28-cert5"; vulnerable = ver_compare(ver:version, fix:fixed, app:"asterisk"); } # Asterisk Certified 11.6-certx < 11.6-cert11 else if (version =~ "^11\.6([^0-9])" && "cert" >< tolower(version)) { fixed = "11.6-cert11"; vulnerable = ver_compare(ver:version, fix:fixed, app:"asterisk"); } # Asterisk Certified 13.1-certx < 13.1-cert2 else if (version =~ "^13\.1([^0-9])" && "cert" >< tolower(version)) { fixed = "13.1-cert2"; vulnerable = ver_compare(ver:version, fix:fixed, app:"asterisk"); } if (vulnerable < 0) { is_vuln = TRUE; if (report_verbosity > 0) { report = '\n Version source : ' + banner + '\n Installed version : ' + version + '\n Fixed version : ' + fixed + '\n'; security_warning(port:port, proto:proto, extra:report); } else security_warning(port:port, proto:proto); } else not_vuln_installs = make_list(not_vuln_installs, version + " on port " + proto + "/" + port); } if (max_index(errors)) { if (max_index(errors) == 1) errmsg = errors[0]; else errmsg = 'Errors were encountered verifying installs : \n ' + join(errors, sep:'\n '); exit(1, errmsg); } else { installs = max_index(not_vuln_installs); if (installs == 0) { if (is_vuln) exit(0); else audit(AUDIT_NOT_INST, "Asterisk"); } else audit(AUDIT_INST_VER_NOT_VULN, "Asterisk", not_vuln_installs); }

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-455.NASL
description	CVE-2014-6610 Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application. CVE-2014-4046 Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action. CVE-2014-2286 main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers. CVE-2014-8412 The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry. CVE-2014-8418 The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol. CVE-2015-3008 Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject
last seen	2020-03-17
modified	2016-05-04
plugin id	90873
published	2016-05-04
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/90873
title	Debian DLA-455-1 : asterisk security update
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-455-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(90873); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-2286", "CVE-2014-4046", "CVE-2014-6610", "CVE-2014-8412", "CVE-2014-8418", "CVE-2015-3008"); script_bugtraq_id(66093, 68040, 69962, 71218, 71227, 74022); script_name(english:"Debian DLA-455-1 : asterisk security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "CVE-2014-6610 Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application. CVE-2014-4046 Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action. CVE-2014-2286 main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers. CVE-2014-8412 The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry. CVE-2014-8418 The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol. CVE-2015-3008 Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2016/05/msg00005.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/asterisk" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk-config"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk-dahdi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk-mobile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk-modules"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk-mp3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk-ooh323"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk-voicemail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk-voicemail-imapstorage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk-voicemail-odbcstorage"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"asterisk", reference:"1:1.8.13.1~dfsg1-3+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"asterisk-config", reference:"1:1.8.13.1~dfsg1-3+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"asterisk-dahdi", reference:"1:1.8.13.1~dfsg1-3+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"asterisk-dbg", reference:"1:1.8.13.1~dfsg1-3+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"asterisk-dev", reference:"1:1.8.13.1~dfsg1-3+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"asterisk-doc", reference:"1:1.8.13.1~dfsg1-3+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"asterisk-mobile", reference:"1:1.8.13.1~dfsg1-3+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"asterisk-modules", reference:"1:1.8.13.1~dfsg1-3+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"asterisk-mp3", reference:"1:1.8.13.1~dfsg1-3+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"asterisk-mysql", reference:"1:1.8.13.1~dfsg1-3+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"asterisk-ooh323", reference:"1:1.8.13.1~dfsg1-3+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"asterisk-voicemail", reference:"1:1.8.13.1~dfsg1-3+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"asterisk-voicemail-imapstorage", reference:"1:1.8.13.1~dfsg1-3+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"asterisk-voicemail-odbcstorage", reference:"1:1.8.13.1~dfsg1-3+deb7u4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-3700.NASL
description	Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service or incorrect certificate validation.
last seen	2020-06-01
modified	2020-06-02
plugin id	94259
published	2016-10-26
reporter	This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94259
title	Debian DSA-3700-1 : asterisk - security update
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3700. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(94259); script_version("1.7"); script_cvs_date("Date: 2018/11/10 11:49:38"); script_cve_id("CVE-2015-3008", "CVE-2016-2232", "CVE-2016-2316", "CVE-2016-7551"); script_xref(name:"DSA", value:"3700"); script_name(english:"Debian DSA-3700-1 : asterisk - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service or incorrect certificate validation." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/asterisk" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2016/dsa-3700" ); script_set_attribute( attribute:"solution", value: "Upgrade the asterisk packages. For the stable distribution (jessie), these problems have been fixed in version 1:11.13.1~dfsg-2+deb8u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:asterisk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2016/10/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"asterisk", reference:"1:11.13.1~dfsg-2+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"asterisk-config", reference:"1:11.13.1~dfsg-2+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"asterisk-dahdi", reference:"1:11.13.1~dfsg-2+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"asterisk-dbg", reference:"1:11.13.1~dfsg-2+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"asterisk-dev", reference:"1:11.13.1~dfsg-2+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"asterisk-doc", reference:"1:11.13.1~dfsg-2+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"asterisk-mobile", reference:"1:11.13.1~dfsg-2+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"asterisk-modules", reference:"1:11.13.1~dfsg-2+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"asterisk-mp3", reference:"1:11.13.1~dfsg-2+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"asterisk-mysql", reference:"1:11.13.1~dfsg-2+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"asterisk-ooh323", reference:"1:11.13.1~dfsg-2+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"asterisk-voicemail", reference:"1:11.13.1~dfsg-2+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"asterisk-voicemail-imapstorage", reference:"1:11.13.1~dfsg-2+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"asterisk-voicemail-odbcstorage", reference:"1:11.13.1~dfsg-2+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"asterisk-vpb", reference:"1:11.13.1~dfsg-2+deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_5FEE3F02DE3711E4B7C3001999F8D30B.NASL
description	The Asterisk project reports : When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected. For example, if Asterisk is trying to register to www.domain.com, Asterisk will accept certificates of the form www.domain.com\x00www.someotherdomain.com
last seen	2020-06-01
modified	2020-06-02
plugin id	82650
published	2015-04-09
reporter	This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/82650
title	FreeBSD : asterisk -- TLS Certificate Common name NULL byte exploit (5fee3f02-de37-11e4-b7c3-001999f8d30b)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(82650); script_version("1.6"); script_cvs_date("Date: 2018/11/10 11:49:44"); script_cve_id("CVE-2015-3008"); script_name(english:"FreeBSD : asterisk -- TLS Certificate Common name NULL byte exploit (5fee3f02-de37-11e4-b7c3-001999f8d30b)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "The Asterisk project reports : When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected. For example, if Asterisk is trying to register to www.domain.com, Asterisk will accept certificates of the form www.domain.com\x00www.someotherdomain.com" ); script_set_attribute( attribute:"see_also", value:"http://downloads.asterisk.org/pub/security/AST-2015-003.html" ); # https://vuxml.freebsd.org/freebsd/5fee3f02-de37-11e4-b7c3-001999f8d30b.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ab73694f" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:asterisk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:asterisk11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:asterisk13"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/04"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"asterisk<1.8.32.3")) flag++; if (pkg_test(save_report:TRUE, pkg:"asterisk11<11.17.1")) flag++; if (pkg_test(save_report:TRUE, pkg:"asterisk13<13.3.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2015-206.NASL
description	Updated asterisk packages fix security vulnerability : When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected (CVE-2015-3008).
last seen	2020-06-01
modified	2020-06-02
plugin id	83098
published	2015-04-28
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/83098
title	Mandriva Linux Security Advisory : asterisk (MDVSA-2015:206)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2015:206. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(83098); script_version("2.7"); script_cvs_date("Date: 2019/08/02 13:32:57"); script_cve_id("CVE-2015-3008"); script_bugtraq_id(74022); script_xref(name:"MDVSA", value:"2015:206"); script_name(english:"Mandriva Linux Security Advisory : asterisk (MDVSA-2015:206)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated asterisk packages fix security vulnerability : When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected (CVE-2015-3008)." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2015-0153.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-addons"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-firmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-alsa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-calendar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-cel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-corosync"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-dahdi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-fax"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-festival"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-ices"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-jabber"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-jack"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-lua"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-minivm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-mobile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-mp3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-ooh323"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-osp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-oss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-pktccops"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-portaudio"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-radius"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-saycountpl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-skinny"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-speex"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-tds"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-unistim"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:asterisk-plugins-voicemail-plain"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64asteriskssl1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-addons-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-devel-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-firmware-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-gui-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-alsa-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-calendar-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-cel-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-corosync-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-curl-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-dahdi-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-fax-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-festival-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-ices-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-jabber-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-jack-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-ldap-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-lua-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-minivm-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-mobile-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-mp3-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-mysql-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-ooh323-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-osp-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-oss-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-pgsql-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-pktccops-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-portaudio-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-radius-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-saycountpl-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-skinny-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-snmp-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-speex-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-sqlite-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-tds-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-unistim-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-voicemail-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-voicemail-imap-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"asterisk-plugins-voicemail-plain-11.17.1-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64asteriskssl1-11.17.1-1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References