[asterisk-bugs] [Asterisk 0012277]: Asterisk 1.6.0-beta6 crashes on Nessus scanning

noreply at bugs.digium.com noreply at bugs.digium.com
Sat Mar 22 18:18:14 CDT 2008 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=12277 
====================================================================== 
Reported By:                widgetii
Assigned To:                qwell
====================================================================== 
Project:                    Asterisk
Issue ID:                   12277
Category:                   Channels/chan_skinny
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     assigned
Asterisk Version:           1.6.0-beta5 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             03-22-2008 17:55 CDT
Last Modified:              03-22-2008 18:18 CDT
====================================================================== 
Summary:                    Asterisk 1.6.0-beta6 crashes on Nessus scanning
Description: 
Few days ago I downloaded last free version of Nessus scanner
(www.nessus.org) and I did scanning my Asterisk host. In few seconds after
scanning begun, Asterisk crashed at some vulnerability in module
chan_skinny (scanning was from host 10.99.4.12):

*CLI> skinny set debug on
Skinny Debugging Enabled
*CLI>     -- Starting Skinny session from 10.99.4.12
Segmentation fault
[Mar 23 03:04:24] WARNING[13335]: chan_skinny.c:5534 get_input: Skinny
Client sent less data than expected.

Using:
Asterisk 1.6.0-beta6
Nessus version 3.2.0 (build 2G281_Q)
====================================================================== 

---------------------------------------------------------------------- 
 widgetii - 03-22-08 18:18  
---------------------------------------------------------------------- 
I am sorry, by deactivating all modules step-by-step, I found that
chan_ooh323.so contains some bug, that led to crash Asterisk.

Module chan_skinny is OK. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
03-22-08 18:18  widgetii       Note Added: 0084421                          
======================================================================

More information about the asterisk-bugs mailing list