This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been discovered and corrected in
Sending a HTTP request that is handled by Asterisk with a large number
of Cookie headers could overflow the stack. You could even exhaust
memory if you sent an unlimited number of headers in the request
An attacker can use all available file descriptors using SIP INVITE
requests. Asterisk will respond with code 400, 420, or 422 for INVITEs
meeting this criteria. Each INVITE meeting these conditions will leak
a channel and several file descriptors. The file descriptors cannot be
released without restarting Asterisk which may allow intrusion
detection systems to be bypassed by sending the requests slowly
The updated packages has been upgraded to the 11.8.1 version which is
not vulnerable to these issues.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false