Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> SuSE Local Security Checks >> SUSE-SA:2006:069: asterisk


Vulnerability Assessment Details

SUSE-SA:2006:069: asterisk

Vulnerability Assessment Summary
Check for the version of the asterisk package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory SUSE-SA:2006:069 (asterisk).


Two security problem have been found and fixed in the PBX software
Asterisk.

CVE-2006-5444: Integer overflow in the get_input function in the
Skinny channel driver (chan_skinny.c) as used by Cisco SCCP phones,
permits remote attackers to potentially execute arbitrary code via a
certain dlen value that passes a signed integer comparison and leads
to a heap-based buffer overflow.

CVE-2006-5445: A vulnerability in the SIP channel driver
(channels/chan_sip.c) in Asterisk on SUSE Linux 10.1 permits remote
attackers to cause a denial of service (resource consumption)
via unspecified vectors that result in the creation of 'a real pvt
structure' that uses more resources than necessary.


Solution : http://www.suse.de/security/http://www.novell.com/linux/security/advisories/2006_69_asterisk.html
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2007 Tenable Network Security

Cables, Connectors

HP 737773-001 SL2500 Gen8 24-Bay T2500 CTO Chassis
$695.0
HP 737773-001 SL2500 Gen8 24-Bay T2500 CTO Chassis pictureAmulet Hotkey DXM610 Barebones Blade Server Version 2
$49.99
Amulet Hotkey DXM610 Barebones Blade Server Version 2 picture727021-B21 HP ProLiant BL460c Gen9 E5-v3 10Gb FlexibleLOM CTO Blade Server
$694.99
727021-B21 HP ProLiant BL460c Gen9 E5-v3 10Gb FlexibleLOM CTO Blade Server pictureIBM HS22 BLADECENTER SERVER TWO E5520 2.26GHZ 96GB 1TB SATA
$1059.0
IBM HS22 BLADECENTER SERVER TWO E5520 2.26GHZ 96GB 1TB SATA picture


Discussions

No Discussions have been posted on this vulnerability.