This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
A telephony application running on the remote host is affected by
multiple denial of service vulnerabilities.
According to the version in its SIP banner, the version of Asterisk
running on the remote host is potentially affected by multiple denial
of service vulnerabilities :
- If a remote user sends a SIP packet with a NULL,
Asterisk reads data past the NULL even though the
buffer is actually truncated when copied, which
could lead to an application crash. (AST-2011-008)
- A remote user sending a SIP packet containing a Contact
header with a missing left angle bracket causes Asterisk
to access a NULL pointer, which could cause the
application to crash. (AST-2011-009)
- A memory address can be inadvertently transmitted over
the network via IAX2 via an option control frame, which
would cause the remote party to try to access it.
See also :
Upgrade to Asterisk 184.108.40.206, 220.127.116.11.1, 18.104.22.168, C.3.7.3 or later.
Risk factor :
Medium / CVSS Base Score : 4.0
CVSS Temporal Score : 3.0
Public Exploit Available : false