FreeBSD : asterisk -- Buffer Overrun in PJSIP transaction layer (0537afa3-3ce0-11e7-bf9d-001999f8d30b)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Asterisk project reports :

A remote crash can be triggered by sending a SIP packet to Asterisk
with a specially crafted CSeq header and a Via header with no branch
parameter. The issue is that the PJSIP RFC 2543 transaction key
generation algorithm does not allocate a large enough buffer. By
overrunning the buffer, the memory allocation table becomes corrupted,
leading to an eventual crash.

The multi-part body parser in PJSIP contains a logical error that can
make certain multi-part body parts attempt to read memory from outside
the allowed boundaries. A specially crafted packet can trigger these
invalid reads and potentially induce a crash.

This issues is in PJSIP, and so the issue can be fixed without
performing an upgrade of Asterisk at all. However, we are releasing a
new version of Asterisk with the bundled PJProject updated to include
the fix.

If you are running Asterisk with chan_sip, this issue does not affect
you.

See also :

http://downloads.asterisk.org/pub/security/AST-2017-002.html
http://downloads.asterisk.org/pub/security/AST-2017-003.html
http://www.nessus.org/u?8b8f3df2

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 100313 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now