Asterisk SRTP Video Stream Negotiation Remote Crash (AST-2012-001)
Medium Nessus Plugin ID 58431
SynopsisA telephony application running on the remote host is affected by a denial of service vulnerability.
DescriptionAccording to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote attacker to crash the server. The vulnerability can be triggered by attempting to negotiate a secure video stream when it has not been enabled and the res_srtp Asterisk module is loaded.
SolutionUpgrade to Asterisk 126.96.36.199 / 10.0.1 or apply the patches listed in the Asterisk advisory.