This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The version of Asterisk installed on the remote host may be affected
by multiple denial of service vulnerabilities.
According to the version in its SIP banner, the version of Asterisk
running on the remote host is potentially affected by multiple denial
of service vulnerabilities :
- If a remote user sends a SIP packet with a NULL,
Asterisk reads data past the NULL even though the
buffer is actually truncated when copied, which
could lead to an application crash. (AST-2011-008)
- A remote user sending a SIP packet containing a Contact
header with a missing left angle bracket causes Asterisk
to access a NULL pointer, which could cause the
application to crash. (AST-2011-009)
- A memory address can be inadvertently transmitted over
the network via IAX2 via an option control frame, which
would cause the remote party to try to access it.
See also :
Upgrade to Asterisk 220.127.116.11, 18.104.22.168.1, 22.214.171.124, C.3.7.3 or later.
Risk factor :
Medium / CVSS Base Score : 4.0
CVSS Temporal Score : 3.0
Public Exploit Available : false