Vendor Status Note JVNCIAC-R-330

Asterisk に複数の脆弱性

概要

ソフトウェア PBX の Asterisk には複数の脆弱性があります。

想定される影響

遠隔の第三者が任意のコードを実行したり、サービス運用妨害 (DoS) 攻撃を行ったり、機密情報を取得したりする可能性があります。

ベンダ情報

ベンダリンク更新日
DebianDebian Security Advisory DSA-1358
asterisk -- several vulnerabilities
Digium, IncAsterisk :: The Open Source Telephony Platform
参考情報

  1. ISS X-Force Database: asterisk-sip-channeldriver-dos(32830)
    Asterisk SIP channel driver denial of service
  2. ISS X-Force Database: asterisk-sip-invite-dos(33068)
    Asterisk SIP INVITE denial of service
  3. ISS X-Force Database: asterisk-interface-dos(33886)
    Asterisk Management Interface denial of service
  4. ISS X-Force Database: asterisk-sip-response-dos(33892)
    Asterisk SIP response packets denial of service
  5. ISS X-Force Database: asterisk-iax2-information-disclosure(34085)
    Asterisk IAX2 information disclosure
  6. ISS X-Force Database: asterisk-iax2channeldriver-bo(35466)
    Asterisk IAX2 channel driver buffer overflow
  7. ISS X-Force Database: asterisk-iax2-dos(35465)
    Asterisk IAX2 channel driver denial of service
  8. ISS X-Force Database: asterisk-skinny-driver-dos(35478)
    Asterisk Skinny driver denial of service

JPCERT 緊急報告
JPCERT REPORTJPCERT-WR-2007-3401 ( 2007-09-05 )
CIAC BulletinR-330 Asterisk Security Vulnerabilities ( 2007-08-27 )
CVE2007-1306 [CVE+] XF32830
2007-1561 [CVE+] XF33068
2007-2294 [CVE+] XF33886
2007-2297 [CVE+] XF33892
2007-2488 [CVE+] XF34085
2007-3762 [CVE+] XF35466
2007-3763 [CVE+] XF35465
2007-3764 [CVE+] XF35478
PGP署名JVNCIAC-R-330.html.sig

登録日20:19 2007/09/07
更新日20:19 2007/09/07

Copyright(C) 2002-2009 Keio Univ. All rights reserved.