FreeBSD : asterisk -- RTP Resource Exhaustion (5cb18881-7604-11e6-b362-001999f8d30b)

High Nessus Plugin ID 93388


The remote FreeBSD host is missing one or more security-related updates.


The Asterisk project reports :

The overlap dialing feature in chan_sip allows chan_sip to report to a device that the number that has been dialed is incomplete and more digits are required. If this functionality is used with a device that has performed username/password authentication RTP resources are leaked. This occurs because the code fails to release the old RTP resources before allocating new ones in this scenario. If all resources are used then RTP port exhaustion will occur and no RTP sessions are able to be set up.

If overlap dialing support is not needed the 'allowoverlap' option can be set to no. This will stop any usage of the scenario which causes the resource exhaustion.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 93388

File Name: freebsd_pkg_5cb18881760411e6b362001999f8d30b.nasl

Version: $Revision: 2.1 $

Type: local

Published: 2016/09/09

Modified: 2016/09/09

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:asterisk11, p-cpe:/a:freebsd:freebsd:asterisk13, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2016/09/08

Vulnerability Publication Date: 2016/08/05