Mandriva Linux Security Advisory 2013-140 - The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by reading additional text in a 403 observing whether certain retransmissions occur. Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol header. main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976. The updated packages have upgraded to the 11.2.2 version which is not vulnerable to these issues
7fd98ec50c85814f6a4366bef4a58e953ba2ef0b56f816f8b5579a10f25a8d66-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:140
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : asterisk
Date : April 10, 2013
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Multiple vulnerablilities was identified and fixed in asterisk:
The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2,
10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk
1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x
before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before
10.12.2-digiumphones exhibits different behavior for invalid INVITE,
SUBSCRIBE, and REGISTER transactions depending on whether the user
account exists, which allows remote attackers to enumerate account
names by (1) reading HTTP status codes, (2) reading additional text
in a 403 (aka Forbidden) response, or (3) observing whether certain
retransmissions occur (CVE-2013-2264).
Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk
Open Source 11.x before 11.2.2 allows remote attackers to execute
arbitrary code via a long sprop-parameter-sets H.264 media attribute
in a SIP Session Description Protocol (SDP) header (CVE-2013-2685).
main/http.c in the HTTP server in Asterisk Open Source 1.8.x before
1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified
Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones
10.x-digiumphones before 10.12.2-digiumphones does not properly
restrict Content-Length values, which allows remote attackers to
conduct stack-consumption attacks and cause a denial of service (daemon
crash) via a crafted HTTP POST request. NOTE: this vulnerability
exists because of an incorrect fix for CVE-2012-5976 (CVE-2013-2686).
The updated packages have upgraded to the 11.2.2 version which is
not vulnerable to these issues
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2686
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
a54f9c52287911d3009b9a4a63b0d9b5 mbs1/x86_64/asterisk-11.2.2-1.mbs1.x86_64.rpm
bcb912383884c79bb03fff129c5e73a2 mbs1/x86_64/asterisk-addons-11.2.2-1.mbs1.x86_64.rpm
df3e731ab622828d3fc24ce2d6d8ff05 mbs1/x86_64/asterisk-devel-11.2.2-1.mbs1.x86_64.rpm
6f50863ffe38eb34af0c815d1f72ed8e mbs1/x86_64/asterisk-firmware-11.2.2-1.mbs1.x86_64.rpm
c9e37bd25faa73c7db9a80add5f4c41a mbs1/x86_64/asterisk-plugins-alsa-11.2.2-1.mbs1.x86_64.rpm
4ca4658e6c0789c9b1a8d08a35508127 mbs1/x86_64/asterisk-plugins-calendar-11.2.2-1.mbs1.x86_64.rpm
0422472f189ed9cc7b321d6aa545d083 mbs1/x86_64/asterisk-plugins-cel-11.2.2-1.mbs1.x86_64.rpm
7120a68c9917f2089bcc0573e61814af mbs1/x86_64/asterisk-plugins-corosync-11.2.2-1.mbs1.x86_64.rpm
229099ec3eb0ec8c9a158cd12b3c7381 mbs1/x86_64/asterisk-plugins-curl-11.2.2-1.mbs1.x86_64.rpm
0df35ef09a290759c86d2f83dc493317 mbs1/x86_64/asterisk-plugins-dahdi-11.2.2-1.mbs1.x86_64.rpm
fca23ba0184fca97687de135bc6db938 mbs1/x86_64/asterisk-plugins-fax-11.2.2-1.mbs1.x86_64.rpm
e8ef64d157e89569a24642df5ecd218d mbs1/x86_64/asterisk-plugins-festival-11.2.2-1.mbs1.x86_64.rpm
dae0d37e87a647e9dcf7c103b2d75936 mbs1/x86_64/asterisk-plugins-ices-11.2.2-1.mbs1.x86_64.rpm
6003a92d49063d384f64557102de45a0 mbs1/x86_64/asterisk-plugins-jabber-11.2.2-1.mbs1.x86_64.rpm
7f24a0975072b8267514594124c59ab9 mbs1/x86_64/asterisk-plugins-jack-11.2.2-1.mbs1.x86_64.rpm
18c95e28ed7e2030296f89a228bb3866 mbs1/x86_64/asterisk-plugins-ldap-11.2.2-1.mbs1.x86_64.rpm
74d80afb084ae84a1d03df32fa150eeb mbs1/x86_64/asterisk-plugins-lua-11.2.2-1.mbs1.x86_64.rpm
34b054b98623abbef21308ff2ae9ce8e mbs1/x86_64/asterisk-plugins-minivm-11.2.2-1.mbs1.x86_64.rpm
3f5ec5d48595ce72b732e7041a221e5e mbs1/x86_64/asterisk-plugins-mobile-11.2.2-1.mbs1.x86_64.rpm
c8dd361926bbf937381f38dd52b2c033 mbs1/x86_64/asterisk-plugins-mp3-11.2.2-1.mbs1.x86_64.rpm
18a3412d113e67bf89a1c7ccde2d6580 mbs1/x86_64/asterisk-plugins-mysql-11.2.2-1.mbs1.x86_64.rpm
73fa8038d86571a80a5bce4811a98186 mbs1/x86_64/asterisk-plugins-ooh323-11.2.2-1.mbs1.x86_64.rpm
825402b29cfba17e1927e732d9d5ec58 mbs1/x86_64/asterisk-plugins-osp-11.2.2-1.mbs1.x86_64.rpm
0c324752f143577ab5ec722519c92144 mbs1/x86_64/asterisk-plugins-oss-11.2.2-1.mbs1.x86_64.rpm
1ebf4f1ac970416960f0fe3507d94d40 mbs1/x86_64/asterisk-plugins-pgsql-11.2.2-1.mbs1.x86_64.rpm
17d23d345b78b40f91ac28ccf4adbcd6 mbs1/x86_64/asterisk-plugins-pktccops-11.2.2-1.mbs1.x86_64.rpm
548eb2863e0d867a2b6e2c40318ec435 mbs1/x86_64/asterisk-plugins-portaudio-11.2.2-1.mbs1.x86_64.rpm
cb48575342032fcfd0a5a65a6ad2623f mbs1/x86_64/asterisk-plugins-radius-11.2.2-1.mbs1.x86_64.rpm
400248688a8f1d52971bfb4699e369b0 mbs1/x86_64/asterisk-plugins-saycountpl-11.2.2-1.mbs1.x86_64.rpm
07bcb252b9149c9fc9a649313ae37537 mbs1/x86_64/asterisk-plugins-skinny-11.2.2-1.mbs1.x86_64.rpm
5bdaeac4b6f9b137407c3de3ddf2b689 mbs1/x86_64/asterisk-plugins-snmp-11.2.2-1.mbs1.x86_64.rpm
e5a514d2bb105e1d6dfc97a8cdb88d2c mbs1/x86_64/asterisk-plugins-speex-11.2.2-1.mbs1.x86_64.rpm
90bb6435b54c96d12a81a5545e77f8bd mbs1/x86_64/asterisk-plugins-sqlite-11.2.2-1.mbs1.x86_64.rpm
2f74005d5ce692d239ea34513c40acaa mbs1/x86_64/asterisk-plugins-tds-11.2.2-1.mbs1.x86_64.rpm
4fdef5ff76eb88108fb0a8db7dcc78be mbs1/x86_64/asterisk-plugins-unistim-11.2.2-1.mbs1.x86_64.rpm
5c713b0ade322da6da36502bbc54934a mbs1/x86_64/asterisk-plugins-voicemail-11.2.2-1.mbs1.x86_64.rpm
ef051b35a2cda8e1d7cbe09681b24d28 mbs1/x86_64/asterisk-plugins-voicemail-imap-11.2.2-1.mbs1.x86_64.rpm
94bc9b4c92f2021240fead1b63a7708d mbs1/x86_64/asterisk-plugins-voicemail-plain-11.2.2-1.mbs1.x86_64.rpm
49a4eddca35fa01f473ede3103700470 mbs1/x86_64/lib64asteriskssl1-11.2.2-1.mbs1.x86_64.rpm
ae5eddf71c3f1964a07635ab0a3e23a5 mbs1/SRPMS/asterisk-11.2.2-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFRZWZmmqjQ0CJFipgRArhsAKC9fNsHR3BYRvvUFe7zjg6hBLGQHwCgj2Ip
0y7HyM54ytz3xd14ULzXIVo=
=9w8B
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed