FreeBSD : asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm (c599f95c-8ee5-11e7-8be8-001999f8d30b)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Asterisk project reports :

AST-2017-005 - A change was made to the strict RTP support in the RTP
stack to better tolerate late media when a reinvite occurs. When
combined with the symmetric RTP support this introduced an avenue
where media could be hijacked. Instead of only learning a new address
when expected the new code allowed a new source address to be learned
at all times.

AST-2017-006 - The app_minivm module has an 'externnotify' program
configuration option that is executed by the MinivmNotify dialplan
application. The application uses the caller-id name and number as
part of a built string passed to the OS shell for interpretation and
execution. Since the caller-id name and number can come from an
untrusted source, a crafted caller-id name or number allows an
arbitrary shell command injection.

See also :

https://downloads.asterisk.org/pub/security/AST-2017-005.html
https://downloads.asterisk.org/pub/security/AST-2017-006.html
http://www.nessus.org/u?1f827ba0

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 102940 ()

Bugtraq ID:

CVE ID: CVE-2017-14099
CVE-2017-14100

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now