Detections
Analytics

FreeBSD : asterisk -- Remotely triggered crash (e60d9e65-3f6b-11e4-ad16-001999f8d30b)

high Nessus Plugin ID 77754

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The Asterisk project reports :

When an out of call message - delivered by either the SIP or PJSIP channel driver or the XMPP stack - is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the ReceiveFax dialplan application while using the res_fax_spandsp module.

Note that this crash does not occur when using the res_fax_digium module. While this crash technically occurs due to a configuration issue, as attempting to receive a fax from a channel driver that only contains textual information will never succeed, the likelihood of having it occur is sufficiently high as to warrant this advisory.

Solution

Update the affected package.

See Also

http://downloads.asterisk.org/pub/security/AST-2014-010.pdf

https://issues.asterisk.org/jira/browse/ASTERISK-24301

https://www.asterisk.org/downloads/security-advisories

http://www.nessus.org/u?627647f2

Plugin Details

Severity: High

ID: 77754

File Name: freebsd_pkg_e60d9e653f6b11e4ad16001999f8d30b.nasl

Version: 1.5

Type: local

Published: 9/19/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:asterisk11, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 9/18/2014

Vulnerability Publication Date: 9/5/2014