FreeBSD : asterisk -- Authentication Bypass (c0b13887-be44-11e6-b04f-001999f8d30b)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Asterisk project reports :

The chan_sip channel driver has a liberal definition for whitespace
when attempting to strip the content between a SIP header name and a
colon character. Rather than following RFC 3261 and stripping only
spaces and horizontal tabs, Asterisk treats any non-printable ASCII
character as if it were whitespace.

This mostly does not pose a problem until Asterisk is placed in tandem
with an authenticating SIP proxy. In such a case, a crafty combination
of valid and invalid To headers can cause a proxy to allow an INVITE
request into Asterisk without authentication since it believes the
request is an in-dialog request. However, because of the bug described
above, the request will look like an out-of-dialog request to
Asterisk. Asterisk will then process the request as a new call. The
result is that Asterisk can process calls from unvetted sources
without any authentication.

If you do not use a proxy for authentication, then this issue does not
affect you.

If your proxy is dialog-aware (meaning that the proxy keeps track of
what dialogs are currently valid), then this issue does not affect
you.

If you use chan_pjsip instead of chan_sip, then this issue does not
affect you.

See also :

http://downloads.digium.com/pub/security/ASTERISK-2016-009.html
http://www.nessus.org/u?adb57d61

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 95694 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now