AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode Jun 03 2008 07:53PM
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2008-008

+-----------------------------------------------------------------------
-+
| Product | Asterisk |
|--------------------+--------------------------------------------------
-|
| Summary | Remote Crash Vulnerability in SIP channel driver |
| | when run in pedantic mode |
|--------------------+--------------------------------------------------
-|
| Nature of Advisory | Denial of Service |
|--------------------+--------------------------------------------------
-|
| Susceptibility | Remote Unauthenticated Sessions |
|--------------------+--------------------------------------------------
-|
| Severity | Critical |
|--------------------+--------------------------------------------------
-|
| Exploits Known | No |
|--------------------+--------------------------------------------------
-|
| Reported On | May 8, 2008 |
|--------------------+--------------------------------------------------
-|
| Reported By | Hooi Ng (bugs.digium.com user hooi) |
|--------------------+--------------------------------------------------
-|
| Posted On | May 8, 2008 |
|--------------------+--------------------------------------------------
-|
| Last Updated On | June 3, 2008 |
|--------------------+--------------------------------------------------
-|
| Advisory Contact | Joshua Colp <jcolp (at) digium (dot) com [email concealed]> |
|--------------------+--------------------------------------------------
-|
| CVE Name | CVE-2008-2119 |
+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Description | During pedantic SIP processing the From header value is |
| | passed to the ast_uri_decode function to be decoded. In |
| | two instances it is possible for the code to cause a |
| | crash as the From header value is not checked to be |
| | non-NULL before being passed to the function. |
+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Resolution | The From header value is now copied into a buffer before |
| | being passed to the ast_uri_decode function if pedantic |
| | is enabled and in another instance it is checked to be |
| | non-NULL before being passed. |
+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Affected Versions |
|-----------------------------------------------------------------------
-|
| Product | Release | |
| | Series | |
|-------------------------------+------------+--------------------------
-|
| Asterisk Open Source | 1.0.x | All versions |
|-------------------------------+------------+--------------------------
-|
| Asterisk Open Source | 1.2.x | All versions prior to |
| | | 1.2.29 |
|-------------------------------+------------+--------------------------
-|
| Asterisk Open Source | 1.4.x | Not Affected |
|-------------------------------+------------+--------------------------
-|
| Asterisk Business Edition | A.x.x | All versions |
|-------------------------------+------------+--------------------------
-|
| Asterisk Business Edition | B.x.x | All versions prior to |
| | | B.2.5.3 |
|-------------------------------+------------+--------------------------
-|
| Asterisk Business Edition | C.x.x | Not Affected |
|-------------------------------+------------+--------------------------
-|
| AsteriskNOW | 1.0.x | Not Affected |
|-------------------------------+------------+--------------------------
-|
| Asterisk Appliance Developer | 0.x.x | Not Affected |
| Kit | | |
|-------------------------------+------------+--------------------------
-|
| s800i (Asterisk Appliance) | 1.0.x | Not Affected |
+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Corrected In |
|-----------------------------------------------------------------------
-|
| Product | Release |
|---------------+-------------------------------------------------------
-|
| Asterisk Open | 1.2.29, available from |
| Source | http://downloads.digium.com/pub/telephony/asterisk |
|---------------+-------------------------------------------------------
-|
| Asterisk | B.2.5.3 |
| Business | |
| Edition | |
+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Links | http://bugs.digium.com/view.php?id=12607 |
+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2008-008.pdf and |
| http://downloads.digium.com/pub/security/AST-2008-008.html |
+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Revision History |
|-----------------------------------------------------------------------
-|
| Date | Editor | Revisions Made |
|------------------+--------------------+-------------------------------
-|
| 2008-06-03 | Joshua Colp | Initial Release |
+-----------------------------------------------------------------------
-+

Asterisk Project Security Advisory - AST-2008-008
Copyright (c) 2008 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus