FreeBSD : asterisk -- RTP Resource Exhaustion (5cb18881-7604-11e6-b362-001999f8d30b)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Asterisk project reports :

The overlap dialing feature in chan_sip allows chan_sip to report to a
device that the number that has been dialed is incomplete and more
digits are required. If this functionality is used with a device that
has performed username/password authentication RTP resources are
leaked. This occurs because the code fails to release the old RTP
resources before allocating new ones in this scenario. If all
resources are used then RTP port exhaustion will occur and no RTP
sessions are able to be set up.

If overlap dialing support is not needed the 'allowoverlap' option can
be set to no. This will stop any usage of the scenario which causes
the resource exhaustion.

See also :

http://downloads.asterisk.org/pub/security/AST-2016-007.html
http://www.nessus.org/u?01135821

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 93388 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now