Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2006:069: asterisk Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the asterisk package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2006:069 (asterisk).
Two security problem have been found and fixed in the PBX software
CVE-2006-5444: Integer overflow in the get_input function in the
Skinny channel driver (chan_skinny.c) as used by Cisco SCCP phones,
allows remote attackers to potentially execute arbitrary code via a
certain dlen value that passes a signed integer comparison and leads
to a heap-based buffer overflow.
CVE-2006-5445: A vulnerability in the SIP channel driver
(channels/chan_sip.c) in Asterisk on SUSE Linux 10.1 allows remote
attackers to cause a denial of service (resource consumption)
via unspecified vectors that result in the creation of 'a real pvt
structure' that uses more resources than necessary.
Solution : http://www.suse.de/security/http://www.novell.com/linux/security/advisories/2006_69_asterisk.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.