openSUSE 10 Security Update : asterisk (asterisk-2272)

High Nessus Plugin ID 27156


The remote openSUSE host is missing a security update.


This update fixes 2 security problem in the PBX software Asterisk.

CVE-2006-5444: Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.

CVE-2006-5445: A vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk on SUSE Linux 10.1 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of 'a real pvt structure' that uses more resources than necessary.


Update the affected asterisk package.

Plugin Details

Severity: High

ID: 27156

File Name: suse_asterisk-2272.nasl

Version: $Revision: 1.8 $

Type: local

Agent: unix

Published: 2007/10/17

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:asterisk, cpe:/o:novell:opensuse:10.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2006/11/15

Reference Information

CVE: CVE-2006-5444, CVE-2006-5445