FreeBSD : libsrtp -- DoS via crafted RTP header vulnerability (6171eb07-d8a9-11e5-b2bd-002590263bf5)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

libsrtp reports :

Prevent potential DoS attack due to lack of bounds checking on RTP
header CSRC count and extension header length. Credit goes to Randell
Jesup and the Firefox team for reporting this issue.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207003
https://github.com/cisco/libsrtp/releases/tag/v1.5.3
http://www.nessus.org/u?89bccce1
http://www.nessus.org/u?ead3ecee
http://www.nessus.org/u?6ba5e8db
http://www.nessus.org/u?996ff6e4
http://www.nessus.org/u?475b8a98

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 88876 ()

Bugtraq ID:

CVE ID: CVE-2015-6360

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now