seeing is believing

Mandriva Linux Security Advisory 2013-140

Mandriva Linux Security Advisory 2013-140
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-140 - The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by reading additional text in a 403 observing whether certain retransmissions occur. Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol header. main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976. The updated packages have upgraded to the 11.2.2 version which is not vulnerable to these issues

tags | advisory, remote, web, denial of service, overflow, arbitrary, protocol
systems | linux, mandriva
advisories | CVE-2013-2264, CVE-2013-2685, CVE-2013-2686
MD5 | 27472f01b8e037ac5caa26399490b8b2

Mandriva Linux Security Advisory 2013-140

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:140
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : asterisk
Date : April 10, 2013
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerablilities was identified and fixed in asterisk:

The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2,
10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk
1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x
before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before
10.12.2-digiumphones exhibits different behavior for invalid INVITE,
SUBSCRIBE, and REGISTER transactions depending on whether the user
account exists, which allows remote attackers to enumerate account
names by (1) reading HTTP status codes, (2) reading additional text
in a 403 (aka Forbidden) response, or (3) observing whether certain
retransmissions occur (CVE-2013-2264).

Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk
Open Source 11.x before 11.2.2 allows remote attackers to execute
arbitrary code via a long sprop-parameter-sets H.264 media attribute
in a SIP Session Description Protocol (SDP) header (CVE-2013-2685).

main/http.c in the HTTP server in Asterisk Open Source 1.8.x before
1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified
Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones
10.x-digiumphones before 10.12.2-digiumphones does not properly
restrict Content-Length values, which allows remote attackers to
conduct stack-consumption attacks and cause a denial of service (daemon
crash) via a crafted HTTP POST request. NOTE: this vulnerability
exists because of an incorrect fix for CVE-2012-5976 (CVE-2013-2686).

The updated packages have upgraded to the 11.2.2 version which is
not vulnerable to these issues
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2686
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
a54f9c52287911d3009b9a4a63b0d9b5 mbs1/x86_64/asterisk-11.2.2-1.mbs1.x86_64.rpm
bcb912383884c79bb03fff129c5e73a2 mbs1/x86_64/asterisk-addons-11.2.2-1.mbs1.x86_64.rpm
df3e731ab622828d3fc24ce2d6d8ff05 mbs1/x86_64/asterisk-devel-11.2.2-1.mbs1.x86_64.rpm
6f50863ffe38eb34af0c815d1f72ed8e mbs1/x86_64/asterisk-firmware-11.2.2-1.mbs1.x86_64.rpm
c9e37bd25faa73c7db9a80add5f4c41a mbs1/x86_64/asterisk-plugins-alsa-11.2.2-1.mbs1.x86_64.rpm
4ca4658e6c0789c9b1a8d08a35508127 mbs1/x86_64/asterisk-plugins-calendar-11.2.2-1.mbs1.x86_64.rpm
0422472f189ed9cc7b321d6aa545d083 mbs1/x86_64/asterisk-plugins-cel-11.2.2-1.mbs1.x86_64.rpm
7120a68c9917f2089bcc0573e61814af mbs1/x86_64/asterisk-plugins-corosync-11.2.2-1.mbs1.x86_64.rpm
229099ec3eb0ec8c9a158cd12b3c7381 mbs1/x86_64/asterisk-plugins-curl-11.2.2-1.mbs1.x86_64.rpm
0df35ef09a290759c86d2f83dc493317 mbs1/x86_64/asterisk-plugins-dahdi-11.2.2-1.mbs1.x86_64.rpm
fca23ba0184fca97687de135bc6db938 mbs1/x86_64/asterisk-plugins-fax-11.2.2-1.mbs1.x86_64.rpm
e8ef64d157e89569a24642df5ecd218d mbs1/x86_64/asterisk-plugins-festival-11.2.2-1.mbs1.x86_64.rpm
dae0d37e87a647e9dcf7c103b2d75936 mbs1/x86_64/asterisk-plugins-ices-11.2.2-1.mbs1.x86_64.rpm
6003a92d49063d384f64557102de45a0 mbs1/x86_64/asterisk-plugins-jabber-11.2.2-1.mbs1.x86_64.rpm
7f24a0975072b8267514594124c59ab9 mbs1/x86_64/asterisk-plugins-jack-11.2.2-1.mbs1.x86_64.rpm
18c95e28ed7e2030296f89a228bb3866 mbs1/x86_64/asterisk-plugins-ldap-11.2.2-1.mbs1.x86_64.rpm
74d80afb084ae84a1d03df32fa150eeb mbs1/x86_64/asterisk-plugins-lua-11.2.2-1.mbs1.x86_64.rpm
34b054b98623abbef21308ff2ae9ce8e mbs1/x86_64/asterisk-plugins-minivm-11.2.2-1.mbs1.x86_64.rpm
3f5ec5d48595ce72b732e7041a221e5e mbs1/x86_64/asterisk-plugins-mobile-11.2.2-1.mbs1.x86_64.rpm
c8dd361926bbf937381f38dd52b2c033 mbs1/x86_64/asterisk-plugins-mp3-11.2.2-1.mbs1.x86_64.rpm
18a3412d113e67bf89a1c7ccde2d6580 mbs1/x86_64/asterisk-plugins-mysql-11.2.2-1.mbs1.x86_64.rpm
73fa8038d86571a80a5bce4811a98186 mbs1/x86_64/asterisk-plugins-ooh323-11.2.2-1.mbs1.x86_64.rpm
825402b29cfba17e1927e732d9d5ec58 mbs1/x86_64/asterisk-plugins-osp-11.2.2-1.mbs1.x86_64.rpm
0c324752f143577ab5ec722519c92144 mbs1/x86_64/asterisk-plugins-oss-11.2.2-1.mbs1.x86_64.rpm
1ebf4f1ac970416960f0fe3507d94d40 mbs1/x86_64/asterisk-plugins-pgsql-11.2.2-1.mbs1.x86_64.rpm
17d23d345b78b40f91ac28ccf4adbcd6 mbs1/x86_64/asterisk-plugins-pktccops-11.2.2-1.mbs1.x86_64.rpm
548eb2863e0d867a2b6e2c40318ec435 mbs1/x86_64/asterisk-plugins-portaudio-11.2.2-1.mbs1.x86_64.rpm
cb48575342032fcfd0a5a65a6ad2623f mbs1/x86_64/asterisk-plugins-radius-11.2.2-1.mbs1.x86_64.rpm
400248688a8f1d52971bfb4699e369b0 mbs1/x86_64/asterisk-plugins-saycountpl-11.2.2-1.mbs1.x86_64.rpm
07bcb252b9149c9fc9a649313ae37537 mbs1/x86_64/asterisk-plugins-skinny-11.2.2-1.mbs1.x86_64.rpm
5bdaeac4b6f9b137407c3de3ddf2b689 mbs1/x86_64/asterisk-plugins-snmp-11.2.2-1.mbs1.x86_64.rpm
e5a514d2bb105e1d6dfc97a8cdb88d2c mbs1/x86_64/asterisk-plugins-speex-11.2.2-1.mbs1.x86_64.rpm
90bb6435b54c96d12a81a5545e77f8bd mbs1/x86_64/asterisk-plugins-sqlite-11.2.2-1.mbs1.x86_64.rpm
2f74005d5ce692d239ea34513c40acaa mbs1/x86_64/asterisk-plugins-tds-11.2.2-1.mbs1.x86_64.rpm
4fdef5ff76eb88108fb0a8db7dcc78be mbs1/x86_64/asterisk-plugins-unistim-11.2.2-1.mbs1.x86_64.rpm
5c713b0ade322da6da36502bbc54934a mbs1/x86_64/asterisk-plugins-voicemail-11.2.2-1.mbs1.x86_64.rpm
ef051b35a2cda8e1d7cbe09681b24d28 mbs1/x86_64/asterisk-plugins-voicemail-imap-11.2.2-1.mbs1.x86_64.rpm
94bc9b4c92f2021240fead1b63a7708d mbs1/x86_64/asterisk-plugins-voicemail-plain-11.2.2-1.mbs1.x86_64.rpm
49a4eddca35fa01f473ede3103700470 mbs1/x86_64/lib64asteriskssl1-11.2.2-1.mbs1.x86_64.rpm
ae5eddf71c3f1964a07635ab0a3e23a5 mbs1/SRPMS/asterisk-11.2.2-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRZWZmmqjQ0CJFipgRArhsAKC9fNsHR3BYRvvUFe7zjg6hBLGQHwCgj2Ip
0y7HyM54ytz3xd14ULzXIVo=
=9w8B
-----END PGP SIGNATURE-----


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close