Asterisk 13.13 < 13.13-cert4 / 13.x < 13.15.1 / 14.x < 14.4.1 Multiple Vulnerabilities (AST-2017-002 - AST-2017-004)

High Nessus Plugin ID 100386


A telephony application running on the remote host is affected by multiple vulnerabilities.


According to its SIP banner, the version of Asterisk running on the remote host is 13.13 prior to 13.13-cert4, 13.x prior to 13.15.1, or 14.x prior to 14.4.1. Is it, therefore, affected by multiple vulnerabilities :

- An out-of-bounds read error exists in the multi-part body parser in PJSIP due to reading memory outside the allowed boundaries. An unauthenticated, remote attacker can exploit this, via specially crafted packets, to trigger an invalid read, resulting in a denial of service condition. (VulnDB 157966)

- A denial of service vulnerability exists in 'partial data' message logging when handling SCCP packets that have 'chan_skinny' enabled and that are larger than the length of the SCCP header but smaller than the packet length specified in the header. The loop that reads the rest of the packet fails to detect that the call to read() returned end-of-file before the expected number of bytes and therefore continues indefinitely. An unauthenticated, remote attacker can exploit this issue, via specially crafted packets, to exhaust all available memory. (VulnDB 157967)

- A denial of service vulnerability exists in the PJSIP RFC 2543 transaction key generation algorithm due to a failure to allocate a sufficiently large buffer when handling a SIP packet with a specially crafted CSeq header and a Via header with no branch parameter.
An unauthenticated, remote attacker can exploit this, via specially crafted packets, to overflow the buffer, resulting in memory corruption and an eventual crash.
(VulnDB 157973)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Upgrade to Asterisk version 13.13-cert4 / 13.15.1 / 14.4.1 or later.

See Also

Plugin Details

Severity: High

ID: 100386

File Name: asterisk_ast_2017_002-004.nasl

Version: $Revision: 1.4 $

Type: remote

Family: Misc.

Published: 2017/05/24

Modified: 2017/09/07

Dependencies: 63202

Risk Information

Risk Factor: High


Base Score: 7.8

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:ND/RC:ND


Base Score: 7.5

Temporal Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:X/RC:X

Vulnerability Information

CPE: cpe:/a:digium:asterisk

Required KB Items: asterisk/sip_detected, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/05/19

Vulnerability Publication Date: 2017/05/19

Reference Information

OSVDB: 157966, 157967, 157973