Archive for category Asterisk Security Advisories

Asterisk Security Advisories – AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings

Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories on December 8, 2011

Asterisk Project Security Advisory - AST-2011-013

Product

 Asterisk

Summary

 Possible remote enumeration of SIP endpoints with differing NAT settings

Nature of Advisory

 Unauthorized data disclosure

Susceptibility

 Remote unauthenticated sessions

Severity

 Minor

Exploits Known

 Yes

Reported On

 2011-07-18

Reported By

 Ben Williams

Posted On

Last Updated On

 December 8, 2011

Advisory Contact

 Terry Wilson <twilson@digium.com>

CVE Name

Read the rest of this entry »

,

No Comments

Asterisk Security Advisories – AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled

Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories on December 7, 2011

Asterisk Project Security Advisory - AST-2011-014

Product

 Asterisk

Summary

 Remote crash possibility with SIP and the “automon” feature enabled

Nature of Advisory

 Remote crash vulnerability in a feature that is disabled by default

Susceptibility

 Remote unauthenticated sessions

Severity

 Moderate

Exploits Known

 Yes

Reported On

 November 2, 2011

Reported By

 Kristijan Vrban

Posted On

 2011-11-03

Last Updated On

 December 7, 2011

Advisory Contact

 Terry Wilson <twilson@digium.com>

CVE Name

  

Read the rest of this entry »

, ,

No Comments

Asterisk Security Advisories – AST-2011-011: Possible enumeration of SIP users due to differing authentication responses

Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories, sip on June 28, 2011

Asterisk Project Security Advisory - AST-2011-011

Product Asterisk
Summary Possible enumeration of SIP users due to differing authentication responses
Nature of Advisory Unauthorized data disclosure
Susceptibility Remote unauthenticated sessions
Severity Moderate
Exploits Known No
Reported On June 11, 2011
Reported By
Posted On June 28, 2011
Last Updated On June 28, 2011
Advisory Contact Terry Wilson <twilson@digium.com>
CVE Name CVE-2011-2536

Read the rest of this entry »

, ,

No Comments

Asterisk Security Advisory – AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code

Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories, t.38 on February 22, 2011

Product Asterisk
Summary Multiple array overflow and crash vulnerabilities in UDPTL code
Nature of Advisory Exploitable Stack and Heap Array Overflows
Susceptibility Remote Unauthenticated Sessions
Severity Critical
Exploits Known No
Reported On January 27, 2011
Reported By Matthew Nicholson
Posted On February 21, 2011
Last Updated On February 22, 2011
Advisory Contact Matthew Nicholson <mnicholson@digium.com>
CVE Name
Description When decoding UDPTL packets, multiple stack and heap based arrays can be made to overflow by specially crafted packets. Systems configured for T.38 pass through or termination are vulnerable.

Read the rest of this entry »

, , , , ,

No Comments

AST-2011-001: Stack buffer overflow in SIP channel driver

Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories, sip on January 11, 2011

Asterisk Project Security Advisory - AST-2011-001

Product Asterisk
Summary Stack buffer overflow in SIP channel driver
Nature of Advisory Exploitable Stack Buffer Overflow
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On January 11, 2011
Reported By Matthew Nicholson
Posted On January 18, 2011
Last Updated On January 20, 2011
Advisory Contact Matthew Nicholson <mnicholson@digium.com>
CVE Name CVE-2011-0495
Description When forming an outgoing SIP request while in pedantic mode, a stack buffer can be made to overflow if supplied with carefully crafted caller ID information. This vulnerability also affects the URIENCODE dialplan function and in some versions of asterisk, the AGI dialplan application as well. The ast_uri_encode function does not properly respect the size of its output buffer and can write past the end of it when encoding URIs.

Read the rest of this entry »

, ,

No Comments

Asterisk Security Advisory – AST-2010-001: T.38 Remote Crash Vulnerability

Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories, sip, t.38 on February 3, 2010

Asterisk The Open Source PBX & Telephony Platform

Asterisk The Open Source PBX & Telephony Platform

Asterisk Project Security AdvisoryAST-2010-001

Product Asterisk
Summary T.38 Remote Crash Vulnerability
Nature of Advisory Denial of Service
Susceptibility Remote unauthenticated sessions
Severity Critical
Exploits Known No
Reported On 12/03/09
Reported By issues.asterisk.org users bklang and elsto
Posted On 02/03/10
Last Updated On February 2, 2010
Advisory Contact David Vossel < dvossel AT digium DOT com >
CVE Name CVE-2010-0441

Read the rest of this entry »

, , , , , ,

No Comments

Asterisk 1.6.0.22, Asterisk 1.6.1.14, Asterisk 1.6.2.2 Released

Posted by admin in asterisk, Asterisk Security Advisories, Releases, Security Advisories, sip, t.38 on February 3, 2010

Asterisk The Open Source PBX & Telephony Platform

Asterisk The Open Source PBX & Telephony Platform

The Asterisk Development Team has announced security releases for Asterisk as the following versions:

These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/

The releases of Asterisk 1.6.0.22, 1.6.1.14, and 1.6.2.2 include the fix described in security advisory AST-2010-001.

The issue is that an attacker attempting to negotiate T.38 over SIP can remotely crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain either a negative or exceptionally large value. The same crash will occur when the FaxMaxDatagram field is omitted from the SDP, as well.

For more information about the details of this vulnerability, please read the security advisory AST-2010-001, which was released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

Security advisory AST-2010-001 is available at:
http://asterisk.net.ru/en/2010/02/03/asterisk-security-advisory-ast-2010-001-t-38-remote-crash-vulnerability/

Thank you for your continued support of Asterisk!

, , , , , , , , , , ,

No Comments

Asterisk Security Advisory – AST-2009-005: Remote Crash Vulnerability in SIP channel driver

Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories, sip on August 11, 2009

Asterisk The Open Source PBX & Telephony Platform

Asterisk The Open Source PBX & Telephony Platform

On certain implementations of libc, the scanf family of functions uses an unbounded amount of stack memory to repeatedly allocate string buffers prior to conversion to the target type. Coupled with Asterisk‘s allocation of thread stack sizes that are smaller than the default, an attacker may exhaust stack memory in the SIP stack network thread by presenting excessively long numeric strings in various fields.
Note that while this potential vulnerability has existed in Asterisk for a very long time, it is only potentially exploitable in 1.6.1 and above, since those versions are the first that have allowed SIP packets to exceed 1500 bytes total, which does not permit strings that are large enough to crash Asterisk. (The number strings presented to us by the security researcher were approximately 32,000 bytes long.)

Additionally note that while this can crash Asterisk, execution of arbitrary code is not possible with this vector.

Upgrade Asterisk to one of the releases listed below.

Asterisk Project Security AdvisoryAST-2009-005

Product

 Asterisk

Summary

 Remote Crash Vulnerability in SIP channel driver

Nature of Advisory

 Denial of Service

Susceptibility

 Remote Unauthenticated Sessions

Severity

 Critical in 1.6.1; minor in lesser versions

Exploits Known

 No

Reported On

 July 28, 2009

Reported By

 Nick Baggott < nbaggott AT mudynamics DOT com >

Posted On

 August 10, 2009

Last Updated On

 August 10, 2009

Advisory Contact

 Tilghman Lesher < tlesher AT digium DOT com >

CVE Name

 CVE-2009-2726

Read the rest of this entry »

, , , , ,

No Comments

Asterisk 1.2.34, Asterisk 1.4.26.1, Asterisk 1.6.0.13, and Asterisk 1.6.1.4 released

Posted by admin in asterisk, Asterisk Security Advisories, Releases, Security Advisories on August 11, 2009

Asterisk The Open Source PBX & Telephony Platform

Asterisk The Open Source PBX & Telephony Platform

The Asterisk Development Team is pleased to announce the releases of 1.2.34, 1.4.26.1, 1.6.0.13, and 1.6.1.4. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/

The release of 1.6.1.4 fixes a remote crash security vulnerability in the SIP stack. Although this crash was not demonstrated in any other version, the details of the vulnerability suggested the possibility that related attacks might be possible in the future. We therefore opted to release new versions of all current releases with these fixes applied. For more information about the details of this vulnerability, please read the security advisory AST-2009-005, which was released at the same time as this announcement.

In addition, Asterisk users may notice that we skipped the version numbers 1.6.0.11 and 1.6.1.3. This was intentional, in an effort to avoid confusion about what a particular release contains. Both of those version numbers had candidates for releases made, so backtracking on those changes in a release with the same version number might be confusing. Those release candidates will be reissued with additional bugfixes, as 1.6.0.14-rc1 and 1.6.1.5-rc1, respectively.

For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.2.34
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.26.1
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.0.13
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.4

Thank you for your continued support of Asterisk!

Read the rest of this entry »

, , , , , , , , ,

No Comments

Asterisk Security Advisory – AST-2009-004

Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories on August 3, 2009

Asterisk The Open Source PBX & Telephony Platform

Asterisk The Open Source PBX & Telephony Platform

Asterisk Project Security AdvisoryAST-2009-004

An attacker can cause Asterisk to crash remotely by sending malformed RTP text frames. While the attacker can cause Asterisk to crash, he cannot execute arbitrary remote code with this exploit.
Users should upgrade to a version listed in the “Corrected In” section below.

Product

 Asterisk

Summary

 Remote Crash Vulnerability in RTP stack

Nature of Advisory

 Exploitable Crash

Susceptibility

 Remote unauthenticated sessions

Severity

 Critical

Exploits Known

 No

Reported On

 July 27, 2009

Reported By

 Marcus Hunger <hunger AT sipgate DOT de>

Posted On

 August 2, 2009

Last Updated On

 August 2, 2009

Advisory Contact

 Mark Michelson <mmichelson AT digium DOT com>

CVE Name

Read the rest of this entry »

, , , ,

No Comments