Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnwatch: AST-2008-001: Crash from transfer using BYE with Also header

AST-2008-001: Crash from transfer using BYE with Also header

From: Asterisk Security Team <security_at_asterisk.org>
Date: Wed, 02 Jan 2008 17:57:55 -0400

                Asterisk Project Security Advisory - AST-2008-001

    +------------------------------------------------------------------------+
    | Product | Asterisk |
    |---------------------+--------------------------------------------------|
    | Summary | Remote Crash Vulnerability in SIP channel driver |
    |---------------------+--------------------------------------------------|
    | Nature of Advisory | Denial of Service |
    |---------------------+--------------------------------------------------|
    | Susceptibility | Remote Unauthenticated Sessions |
    |---------------------+--------------------------------------------------|
    | Severity | Critical |
    |---------------------+--------------------------------------------------|
    | Exploits Known | No |
    |---------------------+--------------------------------------------------|
    | Reported On | December 26, 2007 |
    |---------------------+--------------------------------------------------|
    | Reported By | Grey VoIP (bugs.digium.com user greyvoip) |
    |---------------------+--------------------------------------------------|
    | Posted On | January 2, 2008 |
    |---------------------+--------------------------------------------------|
    | Last Updated On | January 2, 2008 |
    |---------------------+--------------------------------------------------|
    | Advisory Contact | Joshua Colp <jcolp_at_digium.com> |
    |---------------------+--------------------------------------------------|
    | CVE Name | |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    | Description | The handling of the BYE with Also transfer method was |
    | | broken during the development of Asterisk 1.4. If a |
    | | transfer attempt is made using this method the system |
    | | will immediately crash upon handling the BYE message due |
    | | to trying to copy data into a NULL pointer. It is |
    | | important to note that a dialog must have already been |
    | | established and up in order for this to happen. |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    | Resolution | A fix has been added so that the BYE with Also transfer |
    | | method now properly allocates and uses the transfer data |
    | | structure. It will no longer try to copy data into a NULL |
    | | pointer and will operate properly. |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    | Affected Versions |
    |------------------------------------------------------------------------|
    | Product | Release | |
    | | Series | |
    |----------------------------+-------------+-----------------------------|
    | Asterisk Open Source | 1.0.x | Unaffected |
    |----------------------------+-------------+-----------------------------|
    | Asterisk Open Source | 1.2.x | Unaffected |
    |----------------------------+-------------+-----------------------------|
    | Asterisk Open Source | 1.4.x | All versions prior to |
    | | | 1.4.17 |
    |----------------------------+-------------+-----------------------------|
    | Asterisk Business Edition | A.x.x | Unaffected |
    |----------------------------+-------------+-----------------------------|
    | Asterisk Business Edition | B.x.x | Unaffected |
    |----------------------------+-------------+-----------------------------|
    | Asterisk Business Edition | C.x.x | All versions prior to |
    | | | C.1.0-beta8 |
    |----------------------------+-------------+-----------------------------|
    | AsteriskNOW | pre-release | All versions prior to beta7 |
    |----------------------------+-------------+-----------------------------|
    | Asterisk Appliance | SVN | All versions prior to |
    | Developer Kit | | Asterisk 1.4 revision 95946 |
    |----------------------------+-------------+-----------------------------|
    | s800i (Asterisk Appliance) | 1.0.x | All versions prior to |
    | | | 1.0.3.4 |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    | Corrected In |
    |------------------------------------------------------------------------|
    | Product | Release |
    |---------------+--------------------------------------------------------|
    | Asterisk Open | 1.4.17, available from |
    | Source | http://downloads.digium.com/pub/telephony/asterisk |
    |---------------+--------------------------------------------------------|
    | Asterisk | C.1.0 |
    | Business | |
    | Edition | |
    |---------------+--------------------------------------------------------|
    | AsteriskNOW | Beta7, available from http://www.asterisknow.org/. |
    | | |
    | | Beta5 and Beta6 users can update using the system |
    | | update feature in the appliance control panel. |
    |---------------+--------------------------------------------------------|
    | Asterisk | Asterisk 1.4 revision 95946. Available by performing |
    | Appliance | an svn update of the AADK tree. |
    | Developer Kit | |
    |---------------+--------------------------------------------------------|
    | s800i | 1.0.3.4 |
    | (Asterisk | |
    | Appliance) | |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    | Links | http://bugs.digium.com/view.php?id=11637 |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    | Asterisk Project Security Advisories are posted at |
    | http://www.asterisk.org/security |
    | |
    | This document may be superseded by later versions; if so, the latest |
    | version will be posted at |
    | http://downloads.digium.com/pub/security/AST-2008-001.pdf and |
    | http://downloads.digium.com/pub/security/AST-2008-001.html |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    | Revision History |
    |------------------------------------------------------------------------|
    | Date | Editor | Revisions Made |
    |------------------+--------------------+--------------------------------|
    | 2008-01-02 | Joshua Colp | Initial Release |
    +------------------------------------------------------------------------+

                Asterisk Project Security Advisory - AST-2008-001
               Copyright (c) 2007 Digium, Inc. All Rights Reserved.
   Permission is hereby granted to distribute and publish this advisory in its
                            original, unaltered form.
Received on Jan 03 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]