Summary:ASTERISK-11700: Asterisk 1.6.0-beta6 crashes on Nessus scanning
Reporter:Dmitry V Ilyin (widgetii)Labels:
Date Opened:2008-03-22 17:55:19Date Closed:2011-06-07 14:00:40
Versions:Frequency of
Environment:Attachments:( 0) tcpdump.txt
Description:Few days ago I downloaded last free version of Nessus scanner (www.nessus.org) and I did scanning my Asterisk host. In few seconds after scanning begun, Asterisk crashed at some vulnerability in module chan_skinny (scanning was from host

*CLI> skinny set debug on
Skinny Debugging Enabled
*CLI>     -- Starting Skinny session from
Segmentation fault
[Mar 23 03:04:24] WARNING[13335]: chan_skinny.c:5534 get_input: Skinny Client sent less data than expected.

Asterisk 1.6.0-beta6
Nessus version 3.2.0 (build 2G281_Q)
Comments:By: Dmitry V Ilyin (widgetii) 2008-03-22 18:18:13

I am sorry, by deactivating all modules step-by-step, I found that chan_ooh323.so contains some bug, that led to crash Asterisk.

Module chan_skinny is OK.

By: Jason Parker (jparker) 2008-03-24 09:35:34

Please open another issue if the h323 crash is actually a problem.

In the future, if you suspect there is a security issue, PLEASE send it to security@asterisk.org, rather than post a bug here.