Linux Security
Linux Security
Linux Security

Debian: New asterisk packages fix several vulnerabilities

Date 20 Mar 2008
Posted By LinuxSecurity Advisories
Tilghman Lesher discovered that database-based registrations are insufficiently validated. This only affects setups, which are configured to run without a password and only host-based authentication.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1525-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
March 20, 2008              
- ------------------------------------------------------------------------

Package        : asterisk
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-6430 CVE-2008-1332 CVE-2008-1333

Several remote vulnerabilities have been discovered in Asterisk, a free
software PBX and telephony toolkit. The Common Vulnerabilities and
Exposures project identifies the following problems:


    Tilghman Lesher discovered that database-based registrations are
    insufficiently validated. This only affects setups, which are
    configured to run without a password and only host-based


    Jason Parker discovered that insufficient validation of From:
    headers inside the SIP channel driver may lead to authentication
    bypass and the potential external initiation of calls.

This update also fixes a format string vulnerability, which can only
be triggered through configuration files under control of the local
administrator. In later releases of Asterisk this issue is remotely
exploitable and tracked as CVE-2008-1333.

For the stable distribution (etch), these problems have been fixed in
version 1:1.2.13~dfsg-2etch3.

The status of the old stable distribution (sarge) is currently being
investigated. If affected, an update will be released through

We recommend that you upgrade your asterisk packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 4.0 (stable)
- -------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:   181527 6a98d3db7fd54a5dd082c692f3e50042
    Size/MD5 checksum:  3835589 f8ee088b2e4feffe2b35d78079f90b69
    Size/MD5 checksum:     1488 181da0b7d5a604cd79be518e662b049b

Architecture independent packages:
    Size/MD5 checksum:  1500218 de67182dd31aef4878322327034ae0ae
    Size/MD5 checksum:  1504782 6096881223aafe96ce1285b9be1a97ad
    Size/MD5 checksum:   131832 99911d22fb5fbf7f0520d28f0cd21af7
    Size/MD5 checksum:    73928 0eaff6b096a03f0830a965ed21671557
    Size/MD5 checksum:   170126 26798a8026d05a9843a63fa3ac28488e
    Size/MD5 checksum:   146658 8fd6ec949bdd4fc072b4244f6c97642a

alpha architecture (DEC Alpha)
    Size/MD5 checksum:  1934760 0999adcecf044475a12d9300c8dc2c48
    Size/MD5 checksum:   137160 f1a2f55ed07f19114ea44639aa2be4a9
    Size/MD5 checksum:  1898628 637feeb1ac1b25f28330b808bd0597a1

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:  1780328 b2c4b1c62ebc4dc13a1ea53a5c842e96
    Size/MD5 checksum:   133354 1f58ef3241222af34a9ca717eff2c052
    Size/MD5 checksum:  1745634 bd5f2ee7c79247ee6f5944076b9f3442

arm architecture (ARM)
    Size/MD5 checksum:  1701818 9153b33c47b4eead77107cfdeb0055ae
    Size/MD5 checksum:  1668398 a8d2cb491be92fbdb93ebda9e2f42c97
    Size/MD5 checksum:   136514 3e64fa9e5d988a10244b9122b20c9454

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   145336 7ab22793ce0794bd2058bed710055bed
    Size/MD5 checksum:  1869966 38318b647fe2fd8e083b50f6b288d8aa
    Size/MD5 checksum:  1830986 8b026f468a5a60aefeed67a43b04e759

i386 architecture (Intel ia32)
    Size/MD5 checksum:  1616600 65c4d9ef59dc45d7ab4eb91c8497a283
    Size/MD5 checksum:  1650014 f119c7b228725648f953b84d2a2ee33c
    Size/MD5 checksum:   131048 539ce1eb62c36817f34e9ca0cbfb84d7

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   149818 695f2f9898e033f7623cb084bfa12b6d
    Size/MD5 checksum:  2349560 98635c3fb790ff46ea1c264cd8bec307
    Size/MD5 checksum:  2395588 f517fd2e2bd3138fa3d8fbeafb0cb32d

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   130306 36fdfbc5bc139efd896adacb7938f100
    Size/MD5 checksum:  1720394 3941173413eafc9fb6fa534f43fe2d3b
    Size/MD5 checksum:  1688738 d27395cebf31c20bd8e175c62652f170

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:  1664252 e30c152fef3fa37ce958fb4d463e4b09
    Size/MD5 checksum:   129804 2624ae4a755631fb733032a1c524daff
    Size/MD5 checksum:  1696296 04e9239cc4109971f3651fc95d5db5ea

powerpc architecture (PowerPC)
    Size/MD5 checksum:   133180 08012ba08692b33b3f61ad01508288b1
    Size/MD5 checksum:  1825580 631dfe6dfb72159b05d9e049995a1cce
    Size/MD5 checksum:  1864102 c5d24242137540588cbcdd2c330b08e6

s390 architecture (IBM S/390)
    Size/MD5 checksum:  1744876 f4b432e9ea83929766d375aa8b859261
    Size/MD5 checksum:  1780834 5f855e02a7b83eb9b786a2faa5133945
    Size/MD5 checksum:   136696 6693c944ceeff566de18bac7a10c9ed2

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.