Multiple Asterisk Products CVE-2013-2264 Multiple Information Disclosure Vulnerabilities
BID:58764
Info
Multiple Asterisk Products CVE-2013-2264 Multiple Information Disclosure Vulnerabilities
| Bugtraq ID: | 58764 |
| Class: | Design Error |
| CVE: |
CVE-2013-2264 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2013 12:00AM |
| Updated: | Apr 13 2015 09:46PM |
| Credit: | Walter Doekes, OSSO B.V. |
| Vulnerable: |
Asterisk Asterisk Business Edition C.3.7.4 Asterisk Asterisk Business Edition C.3.7.3 |
| Not Vulnerable: | |
Discussion
Multiple Asterisk Products CVE-2013-2264 Multiple Information Disclosure Vulnerabilities
Multiple Asterisk products are prone to multiple information-disclosure vulnerabilities.
An attacker can exploit these issues to disclose sensitive information; this may aid in further attacks.
The following products are vulnerable:
Versions prior to Asterisk Open Source 1.8.20.2, 10.12.2, and 11.2.2
Versions prior to Asterisk Digiumphones 10.12.2-digiumphones
Versions prior to Certified Asterisk 1.8.15-cert2
Versions prior to Asterisk Business Edition C.3.8.1
Multiple Asterisk products are prone to multiple information-disclosure vulnerabilities.
An attacker can exploit these issues to disclose sensitive information; this may aid in further attacks.
The following products are vulnerable:
Versions prior to Asterisk Open Source 1.8.20.2, 10.12.2, and 11.2.2
Versions prior to Asterisk Digiumphones 10.12.2-digiumphones
Versions prior to Certified Asterisk 1.8.15-cert2
Versions prior to Asterisk Business Edition C.3.8.1
Exploit / POC
Multiple Asterisk Products CVE-2013-2264 Multiple Information Disclosure Vulnerabilities
Attackers can use readily available tools to exploit these issues.
Attackers can use readily available tools to exploit these issues.
Solution / Fix
Multiple Asterisk Products CVE-2013-2264 Multiple Information Disclosure Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Mandriva Business Server 1 X86 64
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Mandriva Business Server 1 X86 64
-
Mandriva asterisk-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-addons-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-devel-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-firmware-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-alsa-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-calendar-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-cel-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-corosync-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-curl-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-dahdi-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-fax-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-festival-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-ices-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-jabber-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-jack-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-ldap-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-lua-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-minivm-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-mobile-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-mp3-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-mysql-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-ooh323-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-osp-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-oss-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-pgsql-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-pktccops-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-portaudio-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-radius-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-saycountpl-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-skinny-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-snmp-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-speex-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-sqlite-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-tds-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-unistim-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-voicemail-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-voicemail-imap-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-voicemail-plain-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64asteriskssl1-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/
References
Multiple Asterisk Products CVE-2013-2264 Multiple Information Disclosure Vulnerabilities
References:
References:
- Asterisk Homepage (Asterisk)
- Asterisk Project Security Advisory - AST-2013-003 (Asterisk)