FreeBSD : asterisk -- Crash on ACK from unknown endpoint (7fda7920-7603-11e6-b362-001999f8d30b)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Asterisk project reports :

Asterisk can be crashed remotely by sending an ACK to it from an
endpoint username that Asterisk does not recognize. Most SIP request
types result in an 'artificial' endpoint being looked up, but ACKs
bypass this lookup. The resulting NULL pointer results in a crash when
attempting to determine if ACLs should be applied.

This issue was introduced in the Asterisk 13.10 release and only
affects that release.

This issue only affects users using the PJSIP stack with Asterisk.
Those users that use chan_sip are unaffected.

See also :

http://downloads.asterisk.org/pub/security/AST-2016-006.html
http://www.nessus.org/u?cdf86ed4

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 93389 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now