FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Multiple Vulnerabilities

Affected packages
asterisk18 <
asterisk16 <


VuXML ID bb389137-21fb-11e1-89b4-001ec9578670
Discovery 2011-12-08
Entry 2011-12-09

Asterisk project reports:

It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header.

When the "automon" feature is enabled in features.conf, it is possible to send a sequence of SIP requests that cause Asterisk to dereference a NULL pointer and crash.


CVE Name CVE-2011-4597
CVE Name CVE-2011-4598