FreeBSD : asterisk -- File descriptor leak when incompatible codecs are offered (2eeb6652-a7a6-11e4-96ba-001999f8d30b)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Asterisk project reports :

Asterisk may be configured to only allow specific audio or video
codecs to be used when communicating with a particular endpoint. When
an endpoint sends an SDP offer that only lists codecs not allowed by
Asterisk, the offer is rejected. However, in this case, RTP ports that
are allocated in the process are not reclaimed.

This issue only affects the PJSIP channel driver in Asterisk. Users of
the chan_sip channel driver are not affected.

As the resources are allocated after authentication, this issue only
affects communications with authenticated endpoints.

See also :

http://downloads.asterisk.org/pub/security/AST-2015-001.html
http://www.nessus.org/u?d667b71e

Solution :

Update the affected package.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 81096 ()

Bugtraq ID:

CVE ID: CVE-2015-1558

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now