GLSA-200610-15 : Asterisk: Multiple vulnerabilities

high Nessus Plugin ID 22930

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200610-15 (Asterisk: Multiple vulnerabilities)

Asterisk contains buffer overflows in channels/chan_mgcp.c from the MGCP driver and in channels/chan_skinny.c from the Skinny channel driver for Cisco SCCP phones. It also dangerously handles client-controlled variables to determine filenames in the Record() function. Finally, the SIP channel driver in channels/chan_sip.c could use more resources than necessary under unspecified circumstances.
Impact :

A remote attacker could execute arbitrary code by sending a crafted audit endpoint (AUEP) response, by sending an overly large Skinny packet even before authentication, or by making use of format strings specifiers through the client-controlled variables. An attacker could also cause a Denial of Service by resource consumption through the SIP channel driver.
Workaround :

There is no known workaround for the format strings vulnerability at this time. You can comment the lines in /etc/asterisk/mgcp.conf, /etc/asterisk/skinny.conf and /etc/asterisk/sip.conf to deactivate the three vulnerable channel drivers. Please note that the MGCP channel driver is disabled by default.

Solution

All Asterisk users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.2.13'

See Also

https://security.gentoo.org/glsa/200610-15

Plugin Details

Severity: High

ID: 22930

File Name: gentoo_GLSA-200610-15.nasl

Version: 1.15

Type: local

Published: 10/31/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:asterisk, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/30/2006

Vulnerability Publication Date: 8/23/2006

Reference Information

CVE: CVE-2006-4345, CVE-2006-4346, CVE-2006-5444, CVE-2006-5445

GLSA: 200610-15