📄 deb_1525_1.nasl
字号:
# OpenVAS Vulnerability Test# $Id$# Description: Auto-generated from advisory DSA 1525-1 (asterisk)## Authors:# Thomas Reinke <reinke@securityspace.com>## Copyright:# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com# Text descriptions are largely excerpted from the referenced# advisory, and are Copyright (c) the respective author(s)## This program is free software; you can redistribute it and/or modify# it under the terms of the GNU General Public License version 2,# as published by the Free Software Foundation## This program is distributed in the hope that it will be useful,# but WITHOUT ANY WARRANTY; without even the implied warranty of# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the# GNU General Public License for more details.## You should have received a copy of the GNU General Public License# along with this program; if not, write to the Free Software# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.#if(description){ script_id(60616); script_cve_id("CVE-2007-6430", "CVE-2008-1332", "CVE-2008-1333"); script_version ("$"); name["english"] = "Debian Security Advisory DSA 1525-1 (asterisk)"; script_name(english:name["english"]); desc["english"] = "The remote host is missing an update to asteriskannounced via advisory DSA 1525-1.Several remote vulnerabilities have been discovered in Asterisk, a freesoftware PBX and telephony toolkit. The Common Vulnerabilities andExposures project identifies the following problems:CVE-2007-6430Tilghman Lesher discovered that database-based registrations areinsufficiently validated. This only affects setups, which areconfigured to run without a password and only host-basedauthentication.CVE-2008-1332Jason Parker discovered that insufficient validation of From:headers inside the SIP channel driver may lead to authenticationbypass and the potential external initiation of calls.This update also fixes a format string vulnerability, which can onlybe triggered through configuration files under control of the localadministrator. In later releases of Asterisk this issue is remotelyexploitable and tracked as CVE-2008-1333.For the stable distribution (etch), these problems have been fixed inversion 1:1.2.13~dfsg-2etch3.The status of the old stable distribution (sarge) is currently beinginvestigated. If affected, an update will be released throughsecurity.debian.org.We recommend that you upgrade your asterisk packages.Solution:https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201525-1Risk factor : High"; script_description(english:desc["english"]); summary["english"] = "Debian Security Advisory DSA 1525-1 (asterisk)"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); family["english"] = "Debian Local Security Checks"; script_family(english:family["english"]); script_dependencies("gather-package-list.nasl"); script_require_keys("ssh/login/packages"); exit(0);}## The script code starts here#include("revisions-lib.inc");include("pkg-lib-deb.inc");vuln = 0;if(isdpkgvuln(pkg:"asterisk-doc", ver:"1.2.13~dfsg-2etch3", rls:"DEB4.0")) { vuln = 1;}if(isdpkgvuln(pkg:"asterisk-sounds-main", ver:"1.2.13~dfsg-2etch3", rls:"DEB4.0")) { vuln = 1;}if(isdpkgvuln(pkg:"asterisk-config", ver:"1.2.13~dfsg-2etch3", rls:"DEB4.0")) { vuln = 1;}if(isdpkgvuln(pkg:"asterisk-web-vmail", ver:"1.2.13~dfsg-2etch3", rls:"DEB4.0")) { vuln = 1;}if(isdpkgvuln(pkg:"asterisk-dev", ver:"1.2.13~dfsg-2etch3", rls:"DEB4.0")) { vuln = 1;}if(isdpkgvuln(pkg:"asterisk", ver:"1.2.13~dfsg-2etch3", rls:"DEB4.0")) { vuln = 1;}if(isdpkgvuln(pkg:"asterisk-bristuff", ver:"1.2.13~dfsg-2etch3", rls:"DEB4.0")) { vuln = 1;}if(isdpkgvuln(pkg:"asterisk-h323", ver:"1.2.13~dfsg-2etch3", rls:"DEB4.0")) { vuln = 1;}if(isdpkgvuln(pkg:"asterisk-classic", ver:"1.2.13~dfsg-2etch3", rls:"DEB4.0")) { vuln = 1;}if(vuln) { security_hole(0);}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -