[asterisk-bugs] [Asterisk 0012277]: Asterisk 1.6.0-beta6 crashes on Nessus scanning

noreply at bugs.digium.com noreply at bugs.digium.com
Mon Mar 24 09:35:34 CDT 2008


The following issue has been RESOLVED. 
====================================================================== 
http://bugs.digium.com/view.php?id=12277 
====================================================================== 
Reported By:                widgetii
Assigned To:                qwell
====================================================================== 
Project:                    Asterisk
Issue ID:                   12277
Category:                   Channels/chan_skinny
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     resolved
Asterisk Version:           1.6.0-beta5 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
Resolution:                 no change required
Fixed in Version:           
====================================================================== 
Date Submitted:             03-22-2008 17:55 CDT
Last Modified:              03-24-2008 09:35 CDT
====================================================================== 
Summary:                    Asterisk 1.6.0-beta6 crashes on Nessus scanning
Description: 
Few days ago I downloaded last free version of Nessus scanner
(www.nessus.org) and I did scanning my Asterisk host. In few seconds after
scanning begun, Asterisk crashed at some vulnerability in module
chan_skinny (scanning was from host 10.99.4.12):

*CLI> skinny set debug on
Skinny Debugging Enabled
*CLI>     -- Starting Skinny session from 10.99.4.12
Segmentation fault
[Mar 23 03:04:24] WARNING[13335]: chan_skinny.c:5534 get_input: Skinny
Client sent less data than expected.

Using:
Asterisk 1.6.0-beta6
Nessus version 3.2.0 (build 2G281_Q)
====================================================================== 

---------------------------------------------------------------------- 
 qwell - 03-24-08 09:35  
---------------------------------------------------------------------- 
Please open another issue if the h323 crash is actually a problem.

In the future, if you suspect there is a security issue, PLEASE send it to
security at asterisk.org, rather than post a bug here. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
03-24-08 09:35  qwell          Status                   assigned => resolved
03-24-08 09:35  qwell          Resolution               open => no change
required
03-24-08 09:35  qwell          Note Added: 0084441                          
======================================================================




More information about the asterisk-bugs mailing list