Fedora 15 : asterisk-1.8.10.1-1.fc15 (2012-4259)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

Update to 1.8.10.1, which fixes 2 security vulnerabilities. The
Asterisk Development Team has announced security releases for Asterisk
1.4, 1.6.2 and 1.8. The available security releases are released as
versions 1.4.43, 1.6.2.21 and 1.8.7.2.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk versions 1.4.43, 1.6.2.21, and 1.8.7.2
resolves an issue with possible remote enumeration of SIP endpoints
with differing NAT settings.

The release of Asterisk versions 1.6.2.21 and 1.8.7.2 resolves a
remote crash possibility with SIP when the 'automon' feature is
enabled.

The issues and resolutions are described in the AST-2011-013 and
AST-2011-014 security advisories.

For more information about the details of these vulnerabilities,
please read the security advisories AST-2011-013 and AST-2011-014,
which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the
ChangeLogs :

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo
g-1.4.43
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo
g-1.6.2.21
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo
g-1.8.7.2

Security advisory AST-2011-013 is available at :

-
http://downloads.asterisk.org/pub/security/AST-2011-013.
pdf

Security advisory AST-2011-014 is available at :

-
http://downloads.asterisk.org/pub/security/AST-2011-014.
pdf

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://downloads.asterisk.org/pub/security/AST-2011-013.pdf
http://downloads.asterisk.org/pub/security/AST-2011-014.pdf
http://downloads.asterisk.org/pub/telephony/asterisk/releases
http://www.nessus.org/u?5d3e0301
http://www.nessus.org/u?de7eb2c6
http://www.nessus.org/u?6c680dc0
https://bugzilla.redhat.com/show_bug.cgi?id=765773
https://bugzilla.redhat.com/show_bug.cgi?id=765776
https://bugzilla.redhat.com/show_bug.cgi?id=804038
https://bugzilla.redhat.com/show_bug.cgi?id=804042
http://www.nessus.org/u?a5fa7bf9

Solution :

Update the affected asterisk package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 58549 ()

Bugtraq ID: 50989
50990
52523
52815

CVE ID: CVE-2011-4597
CVE-2011-4598
CVE-2012-1183
CVE-2012-1184

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now