FreeBSD : asterisk -- Authentication Bypass (c0b13887-be44-11e6-b04f-001999f8d30b)
High Nessus Plugin ID 95694
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe Asterisk project reports :
The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace.
This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication.
If you do not use a proxy for authentication, then this issue does not affect you.
If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you.
If you use chan_pjsip instead of chan_sip, then this issue does not affect you.
SolutionUpdate the affected packages.