FreeBSD : asterisk -- Exploitable Stack Buffer Overflow (5ab9fb2a-23a5-11e0-a835-0003ba02bf30)

high Nessus Plugin ID 51582

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Asterisk Development Team reports :

The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2, 1.8.1.2, and 1.8.2.1 resolve an issue when forming an outgoing SIP request while in pedantic mode, which can cause a stack buffer to be made to overflow if supplied with carefully crafted caller ID information. The issue and resolution are described in the AST-2011-001 security advisory.

Solution

Update the affected packages.

See Also

http://downloads.asterisk.org/pub/security/AST-2011-001.pdf

http://www.nessus.org/u?65a2ed72

Plugin Details

Severity: High

ID: 51582

File Name: freebsd_pkg_5ab9fb2a23a511e0a8350003ba02bf30.nasl

Version: 1.11

Type: local

Published: 1/20/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:asterisk14, p-cpe:/a:freebsd:freebsd:asterisk16, p-cpe:/a:freebsd:freebsd:asterisk18, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/19/2011

Vulnerability Publication Date: 1/18/2011