The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3335 advisory.

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when     parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications     that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch     (2.13.1). (CVE-2022-23537)

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to     GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability     affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in     the master branch. (CVE-2022-23547)

  - PJSIP is a free and open source multimedia communication library written in C language implementing     standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including     2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications,     either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using     `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next     release. There are no known workarounds for this issue. (CVE-2022-31031)

  - In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming     Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a     crash. (CVE-2022-37325)

  - PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior     to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow     vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is     available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users     are advised to upgrade. There are no known workarounds for this issue. (CVE-2022-39244)

  - PJSIP is a free and open source multimedia communication library written in C. When processing certain     packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP     restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP.
    The patch is available as commit d2acb9a in the master branch of the project and will be included in     version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this     vulnerability. (CVE-2022-39269)

  - A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2     may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on     a subscription via a reliable transport at the same time that Asterisk is also performing activity on that     subscription. (CVE-2022-42705)

  - An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and     certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to     access files outside of the asterisk configuration directory, aka Directory Traversal. (CVE-2022-42706)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DLA-3335-1 : asterisk - LTS security update

critical Nessus Plugin ID 171903

Version 1.0