The remote host is missing an update to the system as announced in the referenced advisory.

Update your system with the appropriate patches or software upgrades. http://downloads.asterisk.org/pub/security/AST-2011-013.html http://downloads.asterisk.org/pub/security/AST-2011-014.html http://www.vuxml.org/freebsd/bb389137-21fb-11e1-89b4-001ec9578670.html

The following packages are affected: asterisk18 asterisk16 CVE-2011-4597 The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. CVE-2011-4598 channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.