Asterisk Multiple Vulnerabilities (AST-2011-005 / AST-2011-006)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

A telephony application running on the remote host is affected by
multiple denial of service vulnerabilities.

Description :

According to the version in its SIP banner, the version of Asterisk
running on the remote host may be affected by multiple denial of
service vulnerabilities :

- On systems that have the Asterisk Manager interface,
Skinny, SIP over TCP, or the built-in HTTP server
enabled, it is possible for an attacker to open an
unlimited number of connections to Asterisk, which would
cause Asterisk to run out of available file descriptors
and stop processing any new calls. (AST-2011-005)

- It is possible to bypass a security check and execute
shell commands when they should not have that ability.
Note that only users with the 'system' privilege should
be able to do this. (AST-2011-006)

See also :

Solution :

Upgrade to Asterisk / / / /
Business Edition C.3.6.4 or later.

Risk factor :

Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 5.7
Public Exploit Available : true

Family: Denial of Service

Nessus Plugin ID: 53544 ()

Bugtraq ID: 47537

CVE ID: CVE-2011-1507

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now