FreeBSD : asterisk -- Buffer overflow in CDR's set user (356b02e9-1954-11e7-9608-001999f8d30b)

High Nessus Plugin ID 99192


The remote FreeBSD host is missing a security-related update.


The Asterisk project reports :

No size checking is done when setting the user field on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. This allows the possibility of remote code injection.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 99192

File Name: freebsd_pkg_356b02e9195411e79608001999f8d30b.nasl

Version: $Revision: 3.1 $

Type: local

Published: 2017/04/05

Modified: 2017/04/05

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:asterisk13, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2017/04/04

Vulnerability Publication Date: 2017/03/27