[Openvas-discuss] Asterisk False-Positives

Michael Meyer michael.meyer at greenbone.net
Tue Nov 3 10:26:32 CET 2015

*** Reindl Harald wrote:

> looks like OpenVAS missed that there are for a long time now major
> version greater than 10 - asterisk-13.3.2-1.fc22.x86_64

Both NVTs sending some SIP requests and don't compare the version.
I'll have a look.

> Details: Asterisk PBX NULL Pointer Dereference Overflow (OID:
> Upgrade to Asterisk PBX release 1.4.1 or 1.2.16.
> Details: Asterisk PBX SDP Header Overflow Vulnerability (OID:
> Upgrade to Asterisk release 1.4.2/1.2.17 or newer.

Thanks for reporting.


Michael Meyer                  OpenPGP Key: 0xAF069E9152A6EFA6 
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner

More information about the Openvas-discuss mailing list