FreeBSD : asterisk -- multiple vulnerabilities (03159886-a8a3-11e3-8f36-0025905a4771)

high Nessus Plugin ID 72953

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Asterisk project reports :

Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request.

Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers. An attacker can use all available file descriptors using SIP INVITE requests. Asterisk will respond with code 400, 420, or 422 for INVITEs meeting this criteria. Each INVITE meeting these conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly.

Remote Crash Vulnerability in PJSIP channel driver. A remotely exploitable crash vulnerability exists in the PJSIP channel driver if the 'qualify_frequency' configuration option is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request. The response handling code wrongly assumes that a PJSIP endpoint will always be associated with an outgoing request which is incorrect.

Solution

Update the affected packages.

See Also

http://downloads.asterisk.org/pub/security/AST-2014-001.pdf

http://downloads.asterisk.org/pub/security/AST-2014-002.pdf

http://downloads.asterisk.org/pub/security/AST-2014-003.pdf

https://www.asterisk.org/downloads/security-advisories

http://www.nessus.org/u?43eb0eef

Plugin Details

Severity: High

ID: 72953

File Name: freebsd_pkg_03159886a8a311e38f360025905a4771.nasl

Version: 1.12

Type: local

Published: 3/12/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:asterisk11, p-cpe:/a:freebsd:freebsd:asterisk18, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 3/10/2014

Vulnerability Publication Date: 3/10/2014

Reference Information

CVE: CVE-2014-2286, CVE-2014-2287, CVE-2014-2288