This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-201006-20
(Asterisk: Multiple vulnerabilities)
Multiple vulnerabilities have been reported in Asterisk:
Nick Baggott reported that Asterisk does not properly process
overly long ASCII strings in various packets (CVE-2009-2726).
Noam Rathaus and Blake Cornell reported a flaw in the IAX2 protocol
amorsen reported an input
processing error in the RTP protocol implementation
Patrik Karlsson reported an information
disclosure flaw related to the REGISTER message (CVE-2009-3727).
library, related to AJAX calls (CVE-2008-7220).
A remote attacker could exploit these vulnerabilities by sending a
specially crafted package, possibly causing a Denial of Service
condition, or resulting in information disclosure.
There is no known workaround at this time.
See also :
All Asterisk users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-misc/asterisk-1.2.37'
NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since January 5, 2010. It is likely that your system is
already no longer affected by this issue.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.8
Public Exploit Available : true