This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
The Asterisk Development Team reports :
AST-2011-008: If a remote user sends a SIP packet containing a NULL,
Asterisk assumes available data extends past the null to the end of
the packet when the buffer is actually truncated when copied. This
causes SIP header parsing to modify data past the end of the buffer
altering unrelated memory structures. This vulnerability does not
affect TCP/TLS connections.
AST-2011-009: A remote user sending a SIP packet containing a Contact
header with a missing left angle bracket causes Asterisk to access a
AST-2011-010: A memory address was inadvertently transmitted over the
network via IAX2 via an option control frame and the remote party
would try to access it.
Possible enumeration of SIP users due to differing authentication
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0