|
Family: Debian Local Security Checks --> Category: infos
[DSA1048] DSA-1048-1 asterisk Vulnerability Scan
Vulnerability Scan Summary DSA-1048-1 asterisk
Detailed Explanation for this Vulnerability Test
Several problems have been discovered in Asterisk, an Open Source
Private Branch Exchange (telephone control center). The Common
Vulnerabilities and Exposures project identifies the following
problems:
Adam Pointon discovered that due to missing input sanitising it is
possible to retrieve recorded phone messages for a different
extension.
Emmanouel Kellinis discovered an integer signedness error that
could trigger a buffer overflow and hence allow the execution of
arbitrary code.
For the old stable distribution (woody) this problem has been fixed in
version 0.1.11-3woody1.
For the stable distribution (sarge) this problem has been fixed in
version 1.0.7.dfsg.1-2sarge2.
For the unstable distribution (sid) this problem has been fixed in
version 1.2.7.1.dfsg-1.
We recommend that you upgrade your asterisk package.
Solution : http://www.debian.org/security/2006/dsa-1048
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|