+-----------------------------------------------------------------------
-+
| Product | Asterisk |
|--------------------+--------------------------------------------------
-|
| Summary | Remote crash vulnerability in Skinny channel |
| | driver |
|--------------------+--------------------------------------------------
-|
| Nature of Advisory | Denial of Service |
|--------------------+--------------------------------------------------
-|
| Susceptibility | Remote Authenticated Sessions |
|--------------------+--------------------------------------------------
-|
| Severity | Moderate |
|--------------------+--------------------------------------------------
-|
| Exploits Known | No |
|--------------------+--------------------------------------------------
-|
| Reported On | August 7, 2007 |
|--------------------+--------------------------------------------------
-|
| Reported By | Wei Wang of McAfee AVERT Labs |
|--------------------+--------------------------------------------------
-|
| Posted On | August 7, 2007 |
|--------------------+--------------------------------------------------
-|
| Last Updated On | August 7, 2007 |
|--------------------+--------------------------------------------------
-|
| Advisory Contact | Jason Parker <jparker (at) digium (dot) com [email concealed]> |
|--------------------+--------------------------------------------------
-|
| CVE Name | |
+-----------------------------------------------------------------------
-+
+-----------------------------------------------------------------------
-+
| Description | The Asterisk Skinny channel driver, chan_skinny, has a |
| | remotely exploitable crash vulnerability. A segfault can |
| | occur when Asterisk receives a |
| | "CAPABILITIES_RES_MESSAGE" packet where the capabilities |
| | count is greater than the total number of items in the |
| | capabilities_res_message array. Note that this requires |
| | an authenticated session. |
+-----------------------------------------------------------------------
-+
+-----------------------------------------------------------------------
-+
| Resolution | Asterisk code has been modified to limit the incoming |
| | capabilities count. |
| | |
| | Users with configured Skinny devices should upgrade to |
| | the appropriate version listed in the corrected in |
| | section of this advisory. |
+-----------------------------------------------------------------------
-+
+-----------------------------------------------------------------------
-+
| Affected Versions |
|-----------------------------------------------------------------------
-|
| Product | Release | |
| | Series | |
|----------------------------------+-------------+----------------------
-|
| Asterisk Open Source | 1.0.x | Not affected |
|----------------------------------+-------------+----------------------
-|
| Asterisk Open Source | 1.2.x | Not affected |
|----------------------------------+-------------+----------------------
-|
| Asterisk Open Source | 1.4.x | All versions prior to |
| | | 1.4.10 |
|----------------------------------+-------------+----------------------
-|
| Asterisk Business Edition | A.x.x | Not affected |
|----------------------------------+-------------+----------------------
-|
| Asterisk Business Edition | B.x.x | Not affected |
|----------------------------------+-------------+----------------------
-|
| AsteriskNOW | pre-release | All versions prior to |
| | | beta7 |
|----------------------------------+-------------+----------------------
-|
| Asterisk Appliance Developer Kit | 0.x.x | All versions prior to |
| | | 0.7.0 |
|----------------------------------+-------------+----------------------
-|
| s800i (Asterisk Appliance) | 1.0.x | All versions prior to |
| | | 1.0.3 |
+-----------------------------------------------------------------------
-+
+-----------------------------------------------------------------------
-+
| Corrected In |
|-----------------------------------------------------------------------
-|
| Product | Release |
|---------------+-------------------------------------------------------
-|
| Asterisk Open | 1.4.10, available from |
| Source | http://downloads.digium.com/pub/telephony/asterisk |
|---------------+-------------------------------------------------------
-|
| AsteriskNOW | Beta7, available from http://www.asterisknow.org/. |
| | Beta5 and Beta6 users can update using the system |
| | update feature in the appliance control panel. |
|---------------+-------------------------------------------------------
-|
| Asterisk | 0.7.0, available from |
| Appliance | http://downloads.digium.com/pub/telephony/aadk |
| Developer Kit | |
|---------------+-------------------------------------------------------
-|
| s800i | 1.0.3 |
| (Asterisk | |
| Appliance) | |
+-----------------------------------------------------------------------
-+
+-----------------------------------------------------------------------
-+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security. |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/asa/ASA-2007-019.pdf and |
| http://downloads.digium.com/pub/asa/ASA-2007-019.html. |
+-----------------------------------------------------------------------
-+
+-----------------------------------------------------------------------
-+
| Revision History |
|-----------------------------------------------------------------------
-|
| Date | Editor | Revisions Made |
|--------------------+------------------------+-------------------------
-|
| August 7, 2007 | jparker (at) digium (dot) com [email concealed] | Initial Release |
+-----------------------------------------------------------------------
-+
Asterisk Project Security Advisory - ASA-2007-019
Copyright (c) 2007 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
+-----------------------------------------------------------------------
-+
| Product | Asterisk |
|--------------------+--------------------------------------------------
-|
| Summary | Remote crash vulnerability in Skinny channel |
| | driver |
|--------------------+--------------------------------------------------
-|
| Nature of Advisory | Denial of Service |
|--------------------+--------------------------------------------------
-|
| Susceptibility | Remote Authenticated Sessions |
|--------------------+--------------------------------------------------
-|
| Severity | Moderate |
|--------------------+--------------------------------------------------
-|
| Exploits Known | No |
|--------------------+--------------------------------------------------
-|
| Reported On | August 7, 2007 |
|--------------------+--------------------------------------------------
-|
| Reported By | Wei Wang of McAfee AVERT Labs |
|--------------------+--------------------------------------------------
-|
| Posted On | August 7, 2007 |
|--------------------+--------------------------------------------------
-|
| Last Updated On | August 7, 2007 |
|--------------------+--------------------------------------------------
-|
| Advisory Contact | Jason Parker <jparker (at) digium (dot) com [email concealed]> |
|--------------------+--------------------------------------------------
-|
| CVE Name | |
+-----------------------------------------------------------------------
-+
+-----------------------------------------------------------------------
-+
| Description | The Asterisk Skinny channel driver, chan_skinny, has a |
| | remotely exploitable crash vulnerability. A segfault can |
| | occur when Asterisk receives a |
| | "CAPABILITIES_RES_MESSAGE" packet where the capabilities |
| | count is greater than the total number of items in the |
| | capabilities_res_message array. Note that this requires |
| | an authenticated session. |
+-----------------------------------------------------------------------
-+
+-----------------------------------------------------------------------
-+
| Resolution | Asterisk code has been modified to limit the incoming |
| | capabilities count. |
| | |
| | Users with configured Skinny devices should upgrade to |
| | the appropriate version listed in the corrected in |
| | section of this advisory. |
+-----------------------------------------------------------------------
-+
+-----------------------------------------------------------------------
-+
| Affected Versions |
|-----------------------------------------------------------------------
-|
| Product | Release | |
| | Series | |
|----------------------------------+-------------+----------------------
-|
| Asterisk Open Source | 1.0.x | Not affected |
|----------------------------------+-------------+----------------------
-|
| Asterisk Open Source | 1.2.x | Not affected |
|----------------------------------+-------------+----------------------
-|
| Asterisk Open Source | 1.4.x | All versions prior to |
| | | 1.4.10 |
|----------------------------------+-------------+----------------------
-|
| Asterisk Business Edition | A.x.x | Not affected |
|----------------------------------+-------------+----------------------
-|
| Asterisk Business Edition | B.x.x | Not affected |
|----------------------------------+-------------+----------------------
-|
| AsteriskNOW | pre-release | All versions prior to |
| | | beta7 |
|----------------------------------+-------------+----------------------
-|
| Asterisk Appliance Developer Kit | 0.x.x | All versions prior to |
| | | 0.7.0 |
|----------------------------------+-------------+----------------------
-|
| s800i (Asterisk Appliance) | 1.0.x | All versions prior to |
| | | 1.0.3 |
+-----------------------------------------------------------------------
-+
+-----------------------------------------------------------------------
-+
| Corrected In |
|-----------------------------------------------------------------------
-|
| Product | Release |
|---------------+-------------------------------------------------------
-|
| Asterisk Open | 1.4.10, available from |
| Source | http://downloads.digium.com/pub/telephony/asterisk |
|---------------+-------------------------------------------------------
-|
| AsteriskNOW | Beta7, available from http://www.asterisknow.org/. |
| | Beta5 and Beta6 users can update using the system |
| | update feature in the appliance control panel. |
|---------------+-------------------------------------------------------
-|
| Asterisk | 0.7.0, available from |
| Appliance | http://downloads.digium.com/pub/telephony/aadk |
| Developer Kit | |
|---------------+-------------------------------------------------------
-|
| s800i | 1.0.3 |
| (Asterisk | |
| Appliance) | |
+-----------------------------------------------------------------------
-+
+-----------------------------------------------------------------------
-+
| Links | |
+-----------------------------------------------------------------------
-+
+-----------------------------------------------------------------------
-+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security. |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/asa/ASA-2007-019.pdf and |
| http://downloads.digium.com/pub/asa/ASA-2007-019.html. |
+-----------------------------------------------------------------------
-+
+-----------------------------------------------------------------------
-+
| Revision History |
|-----------------------------------------------------------------------
-|
| Date | Editor | Revisions Made |
|--------------------+------------------------+-------------------------
-|
| August 7, 2007 | jparker (at) digium (dot) com [email concealed] | Initial Release |
+-----------------------------------------------------------------------
-+
Asterisk Project Security Advisory - ASA-2007-019
Copyright (c) 2007 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
[ reply ]