Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Debian Asterisk DSA-1525-1 Critical Remote Access and Auth Issue

debian
Calendar Grey March 20, 2008
Debian Logo
To enhance security on your Debian system, upgrade Asterisk packages and tackle vulnerabilities tied to remote access and authentication issues. Follow these steps to stay secure and current
Tilghman Lesher discovered that database-based registrations are insufficiently validated

Summary


Tilghman Lesher discovered that database-based registrations are
insufficiently validated. This only affects setups, which are
configured to run without a password and only host-based
authentication.

CVE-2008-1332

Jason Parker discovered that insufficient validation of From:
headers inside the SIP channel driver may lead to authentication
bypass and the potential external initiation of calls.

This update also fixes a format string vulnerability, which can only
be triggered through configuration files under control of the local
administrator. In later releases of Asterisk this issue is remotely
exploitable and tracked as CVE-2008-1333.

For the stable distribution (etch), these problems have been fixed in
version 1:1.2.13~dfsg-2etch3.

The status of the old stable distribution (sarge) is currently being
investigated. If affected, an update will be released through
security.debian.org.

We recommend that you upgrade your asterisk packages.

Upgrade inst...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here