|Category:||FreeBSD Local Security Checks|
|Title:||FreeBSD Ports: asterisk18|
|Summary:||The remote host is missing an update to the system; as announced in the referenced advisory.|
The remote host is missing an update to the system
as announced in the referenced advisory.
The following packages are affected:
The SIP over UDP implementation in Asterisk Open Source 1.4.x before
1.4.43, 1.6.x before 126.96.36.199, and 1.8.x before 188.8.131.52 uses different
port numbers for responses to invalid requests depending on whether a
SIP username exists, which allows remote attackers to enumerate
usernames via a series of requests.
channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 184.108.40.206
and 1.8.x before 220.127.116.11, when automon is enabled, allows remote
attackers to cause a denial of service (NULL pointer dereference and
daemon crash) via a crafted sequence of SIP requests.
Update your system with the appropriate patches or
Common Vulnerability Exposure (CVE) ID: CVE-2011-4597|
Bugtraq: 20111222 Exploit for Asterisk Security Advisory AST-2011-013 (Google Search)
Debian Security Information: DSA-2367 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2011-4598
|Copyright||Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.