| Summary: | ASTERISK-11700: Asterisk 1.6.0-beta6 crashes on Nessus scanning | ||
| Reporter: | Dmitry V Ilyin (widgetii) | Labels: | |
| Date Opened: | 2008-03-22 17:55:19 | Date Closed: | 2011-06-07 14:00:40 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_skinny |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) tcpdump.txt | |
| Description: | Few days ago I downloaded last free version of Nessus scanner (www.nessus.org) and I did scanning my Asterisk host. In few seconds after scanning begun, Asterisk crashed at some vulnerability in module chan_skinny (scanning was from host 10.99.4.12): *CLI> skinny set debug on Skinny Debugging Enabled *CLI> -- Starting Skinny session from 10.99.4.12 Segmentation fault [Mar 23 03:04:24] WARNING[13335]: chan_skinny.c:5534 get_input: Skinny Client sent less data than expected. Using: Asterisk 1.6.0-beta6 Nessus version 3.2.0 (build 2G281_Q) | ||
| Comments: | By: Dmitry V Ilyin (widgetii) 2008-03-22 18:18:13 I am sorry, by deactivating all modules step-by-step, I found that chan_ooh323.so contains some bug, that led to crash Asterisk. Module chan_skinny is OK. By: Jason Parker (jparker) 2008-03-24 09:35:34 Please open another issue if the h323 crash is actually a problem. In the future, if you suspect there is a security issue, PLEASE send it to security@asterisk.org, rather than post a bug here. | ||