Summary
Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, that allow remote attackers to perform denial of service attacks.
Solution
For the stable distribution (squeeze), these problems have been fixed in version 1:1.6.2.9-2+squeeze10.
For the testing distribution (wheezy) and unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your asterisk packages.
Insight
Asterisk is an Open Source PBX and telephony toolkit. It is, in a sense, middleware between Internet and telephony channels on the bottom, and Internet and telephony applications at the top.
Affected
asterisk on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-5976, CVE-2012-5977 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities