This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The version of Asterisk installed on the remote host may be affected
by multiple denial of service vulnerabilities.
According to the version in its SIP banner, the version of Asterisk
running on the remote host is potentially affected by multiple denial
of service vulnerabilities :
- If a remote user sends a SIP packet with a NULL,
Asterisk reads data past the NULL even though the
buffer is actually truncated when copied, which
could lead to an application crash. (AST-2011-008)
- A remote user sending a SIP packet containing a Contact
header with a missing left angle bracket causes Asterisk
to access a NULL pointer, which could cause the
application to crash. (AST-2011-009)
- A memory address can be inadvertently transmitted over
the network via IAX2 via an option control frame, which
would cause the remote party to try to access it.
See also :
Upgrade to Asterisk 22.214.171.124, 126.96.36.199.1, 188.8.131.52, C.3.7.3 or later.
Risk factor :
Medium / CVSS Base Score : 4.0
CVSS Temporal Score : 3.0
Public Exploit Available : false
Family: Denial of Service
Nessus Plugin ID: 55457 ()
Bugtraq ID: 48431
CVE ID: CVE-2011-2529CVE-2011-2535CVE-2011-2665
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.