This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
The Asterisk project reports :
A 16 bit SMS message that contains an odd message length value will
cause the message decoding loop to run forever. The message buffer is
not on the stack but will be overflowed resulting in corrupted memory
and an immediate crash.
External control protocols, such as the Asterisk Manager Interface,
often have the ability to get and set channel variables; this allows
the execution of dialplan functions. Dialplan functions within
Asterisk are incredibly powerful, which is wonderful for building
applications using Asterisk. But during the read or write execution,
certain diaplan functions do much more. For example, reading the
SHELL() function can execute arbitrary commands on the system Asterisk
is running on. Writing to the FILE() function can change any file that
Asterisk has write access to. When these functions are executed from
an external protocol, that execution could result in a privilege
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0