Asterisk Multiple Vulnerabilities (AST-2011-005/AST-2011-006)
Medium Nessus Network Monitor Plugin ID 5897
SynopsisThe remote VoIP server is vulnerable to multiple attack vectors.
DescriptionThe version of Asterisk running on the remote host is potentially affected by multiple issues :
- On systems that have the Asterisk Manager interface, Skinny, SIP over TCP, or the built in HTTP server enabled, it is possible for an attacker to open as many connections to asterisk as he wishes which would cause Asterisk to run out of available file descriptors and stop processing any new calls. (AST-2011-005)
- It is possible to bypass a security check and execute shell commands when they should not have that ability. Note that only users with the 'system' privileges should be able to do this. (AST-2011-006)
SolutionUpgrade to Asterisk 18.104.22.168, 22.214.171.124, 126.96.36.199.3, 188.8.131.52, Business Edition C.3.6.4, or later.