FreeBSD : asterisk -- multiple vulnerabilities (03159886-a8a3-11e3-8f36-0025905a4771)

High Nessus Plugin ID 72953


The remote FreeBSD host is missing one or more security-related updates.


The Asterisk project reports :

Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request.

Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers. An attacker can use all available file descriptors using SIP INVITE requests. Asterisk will respond with code 400, 420, or 422 for INVITEs meeting this criteria. Each INVITE meeting these conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly.

Remote Crash Vulnerability in PJSIP channel driver. A remotely exploitable crash vulnerability exists in the PJSIP channel driver if the 'qualify_frequency' configuration option is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request. The response handling code wrongly assumes that a PJSIP endpoint will always be associated with an outgoing request which is incorrect.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 72953

File Name: freebsd_pkg_03159886a8a311e38f360025905a4771.nasl

Version: $Revision: 1.8 $

Type: local

Published: 2014/03/12

Modified: 2014/06/22

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:asterisk11, p-cpe:/a:freebsd:freebsd:asterisk18, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2014/03/10

Vulnerability Publication Date: 2014/03/10

Reference Information

CVE: CVE-2014-2286, CVE-2014-2287, CVE-2014-2288