FreeBSD : asterisk -- Remotely triggered crash (e60d9e65-3f6b-11e4-ad16-001999f8d30b)

High Nessus Plugin ID 77754


The remote FreeBSD host is missing a security-related update.


The Asterisk project reports :

When an out of call message - delivered by either the SIP or PJSIP channel driver or the XMPP stack - is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the ReceiveFax dialplan application while using the res_fax_spandsp module.

Note that this crash does not occur when using the res_fax_digium module. While this crash technically occurs due to a configuration issue, as attempting to receive a fax from a channel driver that only contains textual information will never succeed, the likelihood of having it occur is sufficiently high as to warrant this advisory.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 77754

File Name: freebsd_pkg_e60d9e653f6b11e4ad16001999f8d30b.nasl

Version: $Revision: 1.1 $

Type: local

Published: 2014/09/19

Modified: 2014/09/19

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:asterisk11, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2014/09/18

Vulnerability Publication Date: 2014/09/05