Mandriva Linux Security Advisory : asterisk (MDVSA-2013:223)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated asterisk packages fix security vulnerabilities :

A remotely exploitable crash vulnerability exists in the SIP channel
driver if an ACK with SDP is received after the channel has been
terminated. The handling code incorrectly assumes that the channel
will always be present (CVE-2013-5641).

A remotely exploitable crash vulnerability exists in the SIP channel
driver if an invalid SDP is sent in a SIP request that defines media
descriptions before connection information. The handling code
incorrectly attempts to reference the socket address information even
though that information has not yet been set (CVE-2013-5642).

See also :

http://downloads.asterisk.org/pub/security/AST-2013-004.html
http://downloads.asterisk.org/pub/security/AST-2013-005.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 69540 ()

Bugtraq ID: 62021
62022

CVE ID: CVE-2013-5641
CVE-2013-5642

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now