FreeBSD : asterisk -- Authentication Bypass (c0b13887-be44-11e6-b04f-001999f8d30b)

high Nessus Plugin ID 95694

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Asterisk project reports :

The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace.

This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication.

If you do not use a proxy for authentication, then this issue does not affect you.

If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you.

If you use chan_pjsip instead of chan_sip, then this issue does not affect you.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 95694

File Name: freebsd_pkg_c0b13887be4411e6b04f001999f8d30b.nasl

Version: 3.4

Type: local

Family: FreeBSD Local Security Checks

Published: 12/12/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:asterisk11, p-cpe:/a:freebsd:freebsd:asterisk13, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/9/2016

Vulnerability Publication Date: 11/28/2016

Detections

Analytics