This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
The Asterisk project reports :
Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP
request that is handled by Asterisk with a large number of Cookie
headers could overflow the stack. You could even exhaust memory if you
sent an unlimited number of headers in the request.
Denial of Service Through File Descriptor Exhaustion with chan_sip
Session-Timers. An attacker can use all available file descriptors
using SIP INVITE requests. Asterisk will respond with code 400, 420,
or 422 for INVITEs meeting this criteria. Each INVITE meeting these
conditions will leak a channel and several file descriptors. The file
descriptors cannot be released without restarting Asterisk which may
allow intrusion detection systems to be bypassed by sending the
Remote Crash Vulnerability in PJSIP channel driver. A remotely
exploitable crash vulnerability exists in the PJSIP channel driver if
the 'qualify_frequency' configuration option is enabled on an AOR and
the remote SIP server challenges for authentication of the resulting
OPTIONS request. The response handling code wrongly assumes that a
PJSIP endpoint will always be associated with an outgoing request
which is incorrect.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5