The remote host is missing an update to the system as announced in the referenced advisory.
Update your system with the appropriate patches or software upgrades. http://downloads.asterisk.org/pub/security/AST-2011-013.html http://downloads.asterisk.org/pub/security/AST-2011-014.html http://www.vuxml.org/freebsd/bb389137-21fb-11e1-89b4-001ec9578670.html
The following packages are affected: asterisk18 asterisk16 CVE-2011-4597 The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 184.108.40.206, and 1.8.x before 220.127.116.11 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. CVE-2011-4598 channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 18.104.22.168 and 1.8.x before 22.214.171.124, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.