[Openvas-discuss] Asterisk False-Positives

Michael Meyer michael.meyer at greenbone.net
Tue Nov 3 10:26:32 CET 2015


*** Reindl Harald wrote:

> looks like OpenVAS missed that there are for a long time now major
> version greater than 10 - asterisk-13.3.2-1.fc22.x86_64

Both NVTs sending some SIP requests and don't compare the version.
I'll have a look.

> Details: Asterisk PBX NULL Pointer Dereference Overflow (OID:
> 1.3.6.1.4.1.25623.1.0.9999991)
> 
> Upgrade to Asterisk PBX release 1.4.1 or 1.2.16.
> 
> Details: Asterisk PBX SDP Header Overflow Vulnerability (OID:
> 1.3.6.1.4.1.25623.1.0.9999992)
> 
> Upgrade to Asterisk release 1.4.2/1.2.17 or newer.

Thanks for reporting.

Micha

-- 
Michael Meyer                  OpenPGP Key: 0xAF069E9152A6EFA6 
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner



More information about the Openvas-discuss mailing list