The remote host is missing an update to the system as announced in the referenced advisory.
Update your system with the appropriate patches or software upgrades. http://downloads.asterisk.org/pub/security/AST-2011-013.html http://downloads.asterisk.org/pub/security/AST-2011-014.html http://www.vuxml.org/freebsd/bb389137-21fb-11e1-89b4-001ec9578670.html
The following packages are affected: asterisk18 asterisk16 CVE-2011-4597 The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 188.8.131.52, and 1.8.x before 184.108.40.206 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. CVE-2011-4598 channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 220.127.116.11 and 1.8.x before 18.104.22.168, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.