This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
This update fixes 2 security problem in the PBX software Asterisk.
CVE-2006-5444: Integer overflow in the get_input function in the
Skinny channel driver (chan_skinny.c) as used by Cisco SCCP phones,
allows remote attackers to execute arbitrary code via a certain dlen
value that passes a signed integer comparison and leads to a
heap-based buffer overflow.
CVE-2006-5445: A vulnerability in the SIP channel driver
(channels/chan_sip.c) in Asterisk on SUSE Linux 10.1 allows remote
attackers to cause a denial of service (resource consumption) via
unspecified vectors that result in the creation of 'a real pvt
structure' that uses more resources than necessary.
Update the affected asterisk package.
Risk factor :
High / CVSS Base Score : 7.8