The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.

The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3873 advisory.

  - Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial     of service (crash) via vectors related to a length inconsistency in the     crypto_policy_set_from_profile_for_rtp and srtp_protect functions. (CVE-2013-2139)

  - The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial     of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. (CVE-2015-6360)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libsrtp packages installed that are affected by multiple vulnerabilities:

  - Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial     of service (crash) via vectors related to a length inconsistency in the     crypto_policy_set_from_profile_for_rtp and srtp_protect functions. (CVE-2013-2139)

  - The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial     of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. (CVE-2015-6360)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libsrtp packages installed that are affected by multiple vulnerabilities:

  - The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial     of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. (CVE-2015-6360)

  - Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial     of service (crash) via vectors related to a length inconsistency in the     crypto_policy_set_from_profile_for_rtp and srtp_protect functions. (CVE-2013-2139)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3873 advisory.

  - libsrtp: buffer overflow in application of crypto profiles (CVE-2013-2139)

  - libsrtp: improper handling of CSRC count and extension header length in RTP header (CVE-2015-6360)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1530 advisory.

  - Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial     of service (crash) via vectors related to a length inconsistency in the     crypto_policy_set_from_profile_for_rtp and srtp_protect functions. (CVE-2013-2139)

  - The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial     of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. (CVE-2015-6360)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Security Fix(es) :

  - libsrtp: improper handling of CSRC count and extension     header length in RTP header (CVE-2015-6360)

  - libsrtp: buffer overflow in application of crypto     profiles (CVE-2013-2139)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3873 advisory.

  - libsrtp: buffer overflow in application of crypto profiles (CVE-2013-2139)

  - libsrtp: improper handling of CSRC count and extension header length in RTP header [rhel-7]     (CVE-2015-6360)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the libsrtp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and     earlier allows remote attackers to cause a denial of     service (crash) via vectors related to a length     inconsistency in the     crypto_policy_set_from_profile_for_rtp and srtp_protect     functions.(CVE-2013-2139)

  - The encryption-processing feature in Cisco libSRTP     before 1.5.3 allows remote attackers to cause a denial     of service via crafted fields in SRTP packets, aka Bug     ID CSCux00686.(CVE-2015-6360)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets.

This update for libsrtp fixes the following issues :

  - Update to 1.5.4 :

  - Use BE byte ordering of RTCP trailer.

  - Allow zero length payload on unprotect.

  - Update to new upstream release 1.5.3

  - Maintenance release, including fix for CVE-2015-6360     boo#957376

The remote Cisco IOS XE device is missing vendor-supplied security patches, and it is configured to use the Cisco Unified Border Element (CUBE) or Session Border Controller (SBC) features. It is, therefore, affected by an integer underflow condition in the Secure Real-Time Transport Protocol (SRTP) library due to improper validation of certain fields of SRTP packets. An unauthenticated, remote attacker can exploit this, via specially crafted SRTP packets, to cause packet decryption to fail, resulting in a denial of service condition.

The remote Cisco Adaptive Security Appliance (ASA) is missing vendor-supplied security patches, and it is configured to use the Phone Proxy feature. It is, therefore, affected by an integer underflow condition in the Secure Real-Time Transport Protocol (SRTP) library due to improper validation of certain fields of SRTP packets.
An unauthenticated, remote attacker can exploit this, via specially crafted SRTP packets, to cause packet decryption to fail, resulting in a denial of service condition.

Randell Jesup and the Firefox team discovered that srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), does not properly handle RTP header CSRC count and extension header length. A remote attacker can exploit this vulnerability to crash an application linked against libsrtp, resulting in a denial of service.

libsrtp reports :

Prevent potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length. Credit goes to Randell Jesup and the Firefox team for reporting this issue.

Prevent potential DoS attack due to lack of bounds checking on RTP header CSRC count and extension header length. Credit goes to Randell Jesup and the Firefox team for reporting this issue.

(As there is no aead mode available in the Squeeze version, only srtp_unprotect() needed to be patched)

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
502149	Cisco Multiple Products libSRTP Denial of Service (CVE-2015-6360)	Tenable OT Security	Tenable.ot	high
180984	Oracle Linux 7 : libsrtp (ELSA-2020-3873)	Nessus	Oracle Linux Local Security Checks	high
154579	NewStart CGSL CORE 5.05 / MAIN 5.05 : libsrtp Multiple Vulnerabilities (NS-SA-2021-0150)	Nessus	NewStart CGSL Local Security Checks	high
147369	NewStart CGSL CORE 5.04 / MAIN 5.04 : libsrtp Multiple Vulnerabilities (NS-SA-2021-0032)	Nessus	NewStart CGSL Local Security Checks	high
143088	RHEL 7 : libsrtp (RHSA-2020:3873)	Nessus	Red Hat Local Security Checks	high
141941	Amazon Linux 2 : libsrtp (ALAS-2020-1530)	Nessus	Amazon Linux Local Security Checks	high
141738	Scientific Linux Security Update : libsrtp on SL7.x x86_64 (20201001)	Nessus	Scientific Linux Local Security Checks	high
141630	CentOS 7 : libsrtp (CESA-2020:3873)	Nessus	CentOS Local Security Checks	high
132152	EulerOS 2.0 SP3 : libsrtp (EulerOS-SA-2019-2617)	Nessus	Huawei Local Security Checks	high
131625	EulerOS 2.0 SP2 : libsrtp (EulerOS-SA-2019-2472)	Nessus	Huawei Local Security Checks	high
130015	Cisco Unity Connection libSRTP Denial of Service Vulnerability	Nessus	CISCO	high
93391	openSUSE Security Update : libsrtp (openSUSE-2016-1063)	Nessus	SuSE Local Security Checks	high
91760	Cisco IOS XE libsrtp DoS (CSCux04317)	Nessus	CISCO	high
91759	Cisco ASA libsrtp DoS (CSCux00686)	Nessus	CISCO	high
90322	Debian DSA-3539-1 : srtp - security update	Nessus	Debian Local Security Checks	high
88876	FreeBSD : libsrtp -- DoS via crafted RTP header vulnerability (6171eb07-d8a9-11e5-b2bd-002590263bf5)	Nessus	FreeBSD Local Security Checks	high
87977	Debian DLA-393-1 : srtp security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2015-6360

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high