[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] AST-2011-007
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] AST-2011-007
- From: Jonathan Rose <security@xxxxxxxxxx>
- Date: Thu, 02 Jun 2011 12:43:55 -0500
Asterisk Project Security Advisory - AST-2011-007
+------------------------------------------------------------------------+
| Product | Asterisk |
|---------------------+--------------------------------------------------|
| Summary | Remote Crash Vulnerability in SIP channel driver |
|---------------------+--------------------------------------------------|
| Nature of Advisory | Remote attacker can crash an Asterisk server |
|---------------------+--------------------------------------------------|
| Susceptibility | Remote Authenticated Sessions |
|---------------------+--------------------------------------------------|
| Severity | Moderate |
|---------------------+--------------------------------------------------|
| Exploits Known | No |
|---------------------+--------------------------------------------------|
| Reported On | May 23, 2011 |
|---------------------+--------------------------------------------------|
| Reported By | Jonathan Rose jrose@xxxxxxxxxx |
|---------------------+--------------------------------------------------|
| Posted On | June 02, 2011 |
|---------------------+--------------------------------------------------|
| Last Updated On | June 02, 2011 |
|---------------------+--------------------------------------------------|
| Advisory Contact | Jonathan Rose jrose@xxxxxxxxxx |
|---------------------+--------------------------------------------------|
| CVE Name | CVE-2011-2216 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | If a remote user initiates a SIP call and the recipient |
| | picks up, the remote user can reply with a malformed |
| | Contact header that Asterisk will improperly handle and |
| | cause a crash due to a segmentation fault. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Asterisk now immediately initializes buffer strings |
| | coming into the parse_uri_full function to prevent |
| | outside functions from receiving a NULL value pointer. |
| | This should increase the safety of any function that uses |
| | parse_uri or its wrapper functions which previously would |
| | attempt to work in the presence of a parse_uri failure by |
| | reading off of potentially uninitialized strings. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 1.8.x | All versions |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 1.8.4.2 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Patches |
|------------------------------------------------------------------------|
| URL |Branch|
|-----------------------------------------------------------------+------|
|Http://downloads.asterisk.org/pub/security/AST-2011-007-1.8.diff |1.8 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2011-007.pdf and |
| http://downloads.digium.com/pub/security/AST-2011-007.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|-------------------+-------------------------+--------------------------|
| 06/02/11 | Jonathan Rose | Initial Release |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2011-007
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/