Asterisk Multiple Vulnerabilities (AST-2011-013 / AST-2011-014)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The version of Asterisk installed on the remote host may be affected
by multiple vulnerabilities.

Description :

According to the version in its SIP banner, the version of Asterisk
running on the remote host is potentially affected by the following
vulnerabilities :

- An issue in the SIP protocol can lead to the enumeration
of endpoints with NAT settings different from the
default. Note that this is an issue with the SIP
protocol itself, and that updated versions of Asterisk
provide warnings and safer defaults. (AST-2011-013)

- A NULL pointer derefererence can lead to an application
crash by a remote, unauthenticated user when processing
a SIP request. Note that successful exploitation
requires that the 'automon' feature in features.conf be
enabled and that it is not by default. (AST-2011-014)

See also :

http://downloads.asterisk.org/pub/security/AST-2011-013.html
http://downloads.asterisk.org/pub/security/AST-2011-014.html

Solution :

Either update to Asterisk 1.6.2.21 / 1.8.7.2 or later or disable the
'automon' feature in features.conf.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 57289 ()

Bugtraq ID: 50989
50990

CVE ID: CVE-2011-4597
CVE-2011-4598