what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ASA-2007-011.txt

ASA-2007-011.txt
Posted Apr 25, 2007
Authored by qwerty1979 | Site asterisk.org

Asterisk Project Security Advisory - Multiple problems have been identified in the Asterisk SIP channel driver (chan_sip) when handling response packets from other SIP endpoints.

tags | advisory
SHA-256 | 1466bb9117813fc5de7943aeb33b93d1848fb5d8fe9fe5ea4eb00860aa85e899
Download | Favorite | View

ASA-2007-011.txt

Change Mirror Download
>                Asterisk Project Security Advisory - ASA-2007-011
> 
>    +------------------------------------------------------------------------+
>    |      Product       | Asterisk                                          |
>    |--------------------+---------------------------------------------------|
>    |      Summary       | Multiple problems in SIP channel parser handling  |
>    |                    | response codes                                    |
>    |--------------------+---------------------------------------------------|
>    | Nature of Advisory | Denial of Service                                 |
>    |--------------------+---------------------------------------------------|
>    |   Susceptibility   | Remote Unauthenticated Sessions                   |
>    |--------------------+---------------------------------------------------|
>    |      Severity      | Critical                                          |
>    |--------------------+---------------------------------------------------|
>    |   Exploits Known   | No                                                |
>    |--------------------+---------------------------------------------------|
>    |    Reported On     | March 20, 2007                                    |
>    |--------------------+---------------------------------------------------|
>    |    Reported By     | Mantis user ID 'qwerty1979'                       |
>    |--------------------+---------------------------------------------------|
>    |     Posted On      | April 24, 2007                                    |
>    |--------------------+---------------------------------------------------|
>    |  Last Updated On   | April 24, 2007                                    |
>    |--------------------+---------------------------------------------------|
>    |  Advisory Contact  | kpfleming@digium.com                              |
>    +------------------------------------------------------------------------+
> 
>    +------------------------------------------------------------------------+
>    | Description | Multiple problems have been identified in the Asterisk   |
>    |             | SIP channel driver (chan_sip) when handling response     |
>    |             | packets from other SIP endpoints.                        |
>    |             |                                                          |
>    |             | If the response packets did not contain a valid response |
>    |             | code in the first line of the UDP packet, the Asterisk   |
>    |             | SIP channel driver would fail to parse the packet        |
>    |             | properly and would cause the Asterisk process to die     |
>    |             | with a segmentation fault. This results in all active    |
>    |             | calls and other sessions being lost.                     |
>    |             |                                                          |
>    |             | More details about these issues can be found at          |
>    |             | http://bugs.digium.com/view.php?id=9313.                 |
>    +------------------------------------------------------------------------+
> 
>    +------------------------------------------------------------------------+
>    | Resolution | All users are urged to upgrade to the appropriate version |
>    |            | of their Asterisk product listed in the 'Corrected In'    |
>    |            | section below.                                            |
>    +------------------------------------------------------------------------+
> 
>    +------------------------------------------------------------------------+
>    |                           Affected Versions                            |
>    |------------------------------------------------------------------------|
>    |          Product          |   Release   |                              |
>    |                           |   Series    |                              |
>    |---------------------------+-------------+------------------------------|
>    |   Asterisk Open Source    |    1.0.x    | has not been evaluated as    |
>    |                           |             | this release series is no    |
>    |                           |             | longer maintained            |
>    |---------------------------+-------------+------------------------------|
>    |   Asterisk Open Source    |    1.2.x    | all releases prior to 1.2.18 |
>    |---------------------------+-------------+------------------------------|
>    |   Asterisk Open Source    |    1.4.x    | all releases prior to 1.4.3  |
>    |---------------------------+-------------+------------------------------|
>    | Asterisk Business Edition |    A.x.x    | all releases                 |
>    |---------------------------+-------------+------------------------------|
>    | Asterisk Business Edition |    B.x.x    | all releases prior to and    |
>    |                           |             | including B.1.3.2            |
>    |---------------------------+-------------+------------------------------|
>    |        AsteriskNOW        | pre-release | all releases prior to and    |
>    |                           |             | including Beta 5             |
>    |---------------------------+-------------+------------------------------|
>    |    Asterisk Appliance     |    0.x.x    | all releases prior to 0.4.0  |
>    |       Developer Kit       |             |                              |
>    +------------------------------------------------------------------------+
> 
>    +------------------------------------------------------------------------+
>    |                              Corrected In                              |
>    |------------------------------------------------------------------------|
>    |      Product       |                      Release                      |
>    |--------------------+---------------------------------------------------|
>    |   Asterisk Open    |         1.2.18 and 1.4.3, available from          |
>    |       Source       |    ftp://ftp.digium.com/pub/telephony/asterisk    |
>    |--------------------+---------------------------------------------------|
>    | Asterisk Business  |   B.1.3.3, available from the Asterisk Business   |
>    |      Edition       |  Edition user portal on http://www.digium.com or  |
>    |                    |           via Digium Technical Support            |
>    |--------------------+---------------------------------------------------|
>    |    AsteriskNOW     |            Beta 6, when available from            |
>    |                    | http://www.asterisknow.org, Beta 5 users can use  |
>    |                    |   use 'System Update' in the appliance control    |
>    |                    |   panel to update their version of AsteriskNOW    |
>    |--------------------+---------------------------------------------------|
>    | Asterisk Appliance |               0.4.0, available from               |
>    |   Developer Kit    |      ftp://ftp.digium.com/pub/telephony/aadk      |
>    +------------------------------------------------------------------------+
> 
>    +------------------------------------------------------------------------+
>    |       Links       | http://bugs.digium.com/view.php?id=9313            |
>    +------------------------------------------------------------------------+
> 
>    +------------------------------------------------------------------------+
>    | Asterisk Project Security Advisories are posted at                     |
>    | http://www.asterisk.org/security.                                      |
>    |                                                                        |
>    | This document may be superseded by later versions; if so, the latest   |
>    | version will be posted at                                              |
>    | http://www.asterisk.org/files/ASA-2007-011.pdf.                        |
>    +------------------------------------------------------------------------+
> 
>                Asterisk Project Security Advisory - ASA-2007-011
>               Copyright (c) 2007 Digium, Inc. All Rights Reserved.
>   Permission is hereby granted to distribute and publish this advisory in its
>                            original, unaltered form.

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close