Mandriva Linux Security Advisory : asterisk (MDVSA-2014:078)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

Multiple vulnerabilities has been discovered and corrected in
asterisk :

Sending a HTTP request that is handled by Asterisk with a large number
of Cookie headers could overflow the stack. You could even exhaust
memory if you sent an unlimited number of headers in the request

An attacker can use all available file descriptors using SIP INVITE
requests. Asterisk will respond with code 400, 420, or 422 for INVITEs
meeting this criteria. Each INVITE meeting these conditions will leak
a channel and several file descriptors. The file descriptors cannot be
released without restarting Asterisk which may allow intrusion
detection systems to be bypassed by sending the requests slowly

The updated packages has been upgraded to the 11.8.1 version which is
not vulnerable to these issues.

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 73582 ()

Bugtraq ID: 66093

CVE ID: CVE-2014-2286

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now