Posts Tagged AST-2009-005

Asterisk Security Advisory – AST-2009-005: Remote Crash Vulnerability in SIP channel driver

Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories, sip on August 11, 2009

Asterisk The Open Source PBX & Telephony Platform

Asterisk The Open Source PBX & Telephony Platform

On certain implementations of libc, the scanf family of functions uses an unbounded amount of stack memory to repeatedly allocate string buffers prior to conversion to the target type. Coupled with Asterisk‘s allocation of thread stack sizes that are smaller than the default, an attacker may exhaust stack memory in the SIP stack network thread by presenting excessively long numeric strings in various fields.
Note that while this potential vulnerability has existed in Asterisk for a very long time, it is only potentially exploitable in 1.6.1 and above, since those versions are the first that have allowed SIP packets to exceed 1500 bytes total, which does not permit strings that are large enough to crash Asterisk. (The number strings presented to us by the security researcher were approximately 32,000 bytes long.)

Additionally note that while this can crash Asterisk, execution of arbitrary code is not possible with this vector.

Upgrade Asterisk to one of the releases listed below.

Asterisk Project Security AdvisoryAST-2009-005

Product

 Asterisk

Summary

 Remote Crash Vulnerability in SIP channel driver

Nature of Advisory

 Denial of Service

Susceptibility

 Remote Unauthenticated Sessions

Severity

 Critical in 1.6.1; minor in lesser versions

Exploits Known

 No

Reported On

 July 28, 2009

Reported By

 Nick Baggott < nbaggott AT mudynamics DOT com >

Posted On

 August 10, 2009

Last Updated On

 August 10, 2009

Advisory Contact

 Tilghman Lesher < tlesher AT digium DOT com >

CVE Name

 CVE-2009-2726

Read the rest of this entry »

, , , , ,

No Comments

Asterisk 1.2.34, Asterisk 1.4.26.1, Asterisk 1.6.0.13, and Asterisk 1.6.1.4 released

Posted by admin in asterisk, Asterisk Security Advisories, Releases, Security Advisories on August 11, 2009

Asterisk The Open Source PBX & Telephony Platform

Asterisk The Open Source PBX & Telephony Platform

The Asterisk Development Team is pleased to announce the releases of 1.2.34, 1.4.26.1, 1.6.0.13, and 1.6.1.4. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/

The release of 1.6.1.4 fixes a remote crash security vulnerability in the SIP stack. Although this crash was not demonstrated in any other version, the details of the vulnerability suggested the possibility that related attacks might be possible in the future. We therefore opted to release new versions of all current releases with these fixes applied. For more information about the details of this vulnerability, please read the security advisory AST-2009-005, which was released at the same time as this announcement.

In addition, Asterisk users may notice that we skipped the version numbers 1.6.0.11 and 1.6.1.3. This was intentional, in an effort to avoid confusion about what a particular release contains. Both of those version numbers had candidates for releases made, so backtracking on those changes in a release with the same version number might be confusing. Those release candidates will be reissued with additional bugfixes, as 1.6.0.14-rc1 and 1.6.1.5-rc1, respectively.

For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.2.34
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.26.1
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.0.13
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.4

Thank you for your continued support of Asterisk!

Read the rest of this entry »

, , , , , , , , ,

No Comments