GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Jun 26, 2014 12:26 am Post subject: [ GLSA 201406-25 ] Asterisk: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: Asterisk: Multiple vulnerabilities (GLSA 201406-25)
Severity: normal
Exploitable: remote
Date: June 25, 2014
Bug(s): #513102
ID: 201406-25
Synopsis
Multiple vulnerabilities have been discovered in Asterisk, the
worst of which could allow privileged users to execute arbitrary system
shell commands.
Background
Asterisk is an open source telephony engine and toolkit.
Affected Packages
Package: net-misc/asterisk
Vulnerable: < 11.10.2
Unaffected: >= 11.10.2
Unaffected: >= 1.8.28.2 < 1.8.28.3
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Asterisk. Please review
the CVE identifiers below for details.
Impact
A remote attacker that gains access to a privileged Asterisk account can
execute arbitrary system shell commands. Furthermore an unprivileged
remote attacker could cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Asterisk 11 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/asterisk-11.10.2"
|
All Asterisk 1.8 users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.28.2"
|
References
CVE-2014-4046
CVE-2014-4047 |
|
News & Announcements
