Asterisk Multiple Denial of Service Vulnerabilities (AST-2011-003 / AST-2011-004)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The version of Asterisk installed on the remote host may be affected
by multiple denial of service vulnerabilities.

Description :

According to the version in its SIP banner, the version of Asterisk
running on the remote host may be affected by multiple denial of
service vulnerabilities :

- A resource exhaustion issue exists in the Asterisk
manager interface.

- A NULL pointer dereference issue exists in the
TCP/TLS server.

See also :

http://downloads.asterisk.org/pub/security/AST-2011-003.html
http://downloads.asterisk.org/pub/security/AST-2011-004.html
http://www.nessus.org/u?3ecf62e4

Solution :

Upgrade to Asterisk 1.6.1.24 / 1.6.2.17.2 / 1.8.3.2 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Denial of Service

Nessus Plugin ID: 52714 ()

Bugtraq ID: 46897
46898

CVE ID: CVE-2011-1174
CVE-2011-1175