FreeBSD : asterisk -- RTP Resource Exhaustion (5cb18881-7604-11e6-b362-001999f8d30b)

high Nessus Plugin ID 93388

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Asterisk project reports :

The overlap dialing feature in chan_sip allows chan_sip to report to a device that the number that has been dialed is incomplete and more digits are required. If this functionality is used with a device that has performed username/password authentication RTP resources are leaked. This occurs because the code fails to release the old RTP resources before allocating new ones in this scenario. If all resources are used then RTP port exhaustion will occur and no RTP sessions are able to be set up.

If overlap dialing support is not needed the 'allowoverlap' option can be set to no. This will stop any usage of the scenario which causes the resource exhaustion.

Solution

Update the affected packages.

See Also

http://downloads.asterisk.org/pub/security/AST-2016-007.html

http://www.nessus.org/u?b5835ce3

Plugin Details

Severity: High

ID: 93388

File Name: freebsd_pkg_5cb18881760411e6b362001999f8d30b.nasl

Version: 2.3

Type: local

Published: 9/9/2016

Updated: 1/4/2021

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:asterisk11, p-cpe:/a:freebsd:freebsd:asterisk13, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 9/8/2016

Vulnerability Publication Date: 8/5/2016