FreeBSD : asterisk -- multiple vulnerabilities (03159886-a8a3-11e3-8f36-0025905a4771)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Asterisk project reports :

Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP
request that is handled by Asterisk with a large number of Cookie
headers could overflow the stack. You could even exhaust memory if you
sent an unlimited number of headers in the request.

Denial of Service Through File Descriptor Exhaustion with chan_sip
Session-Timers. An attacker can use all available file descriptors
using SIP INVITE requests. Asterisk will respond with code 400, 420,
or 422 for INVITEs meeting this criteria. Each INVITE meeting these
conditions will leak a channel and several file descriptors. The file
descriptors cannot be released without restarting Asterisk which may
allow intrusion detection systems to be bypassed by sending the
requests slowly.

Remote Crash Vulnerability in PJSIP channel driver. A remotely
exploitable crash vulnerability exists in the PJSIP channel driver if
the 'qualify_frequency' configuration option is enabled on an AOR and
the remote SIP server challenges for authentication of the resulting
OPTIONS request. The response handling code wrongly assumes that a
PJSIP endpoint will always be associated with an outgoing request
which is incorrect.

See also :

http://downloads.asterisk.org/pub/security/AST-2014-001.pdf
http://downloads.asterisk.org/pub/security/AST-2014-002.pdf
http://downloads.asterisk.org/pub/security/AST-2014-003.pdf
https://www.asterisk.org/security
http://www.nessus.org/u?156f1cbc

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 72953 ()

Bugtraq ID:

CVE ID: CVE-2014-2286
CVE-2014-2287
CVE-2014-2288

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now