Secunia Security Advisory - Some vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
8e41d51346ad612e658e10349678e24c1f40a8fa8ffb39f5ee1d35f28ce33314----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.
Download and test it today:
https://psi.secunia.com/
Read more about this new version:
https://psi.secunia.com/?page=changelog
----------------------------------------------------------------------
TITLE:
Asterisk Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA29426
VERIFY ADVISORY:
http://secunia.com/advisories/29426/
CRITICAL:
Highly critical
IMPACT:
Security Bypass, DoS, System access
WHERE:
>From remote
SOFTWARE:
Asterisk Business Edition 2.x
http://secunia.com/product/14820/
Asterisk 1.x
http://secunia.com/product/2155/
Asterisk Appliance Developer Kit 0.x
http://secunia.com/product/14821/
DESCRIPTION:
Some vulnerabilities have been reported in Asterisk, which can be
exploited by malicious people to bypass certain security
restrictions, cause a DoS (Denial of Service), and potentially
compromise a vulnerable system.
1) An error exists within the handling of RTP codec payloads, which
can be exploited to write a 0 into certain memory locations by
sending a specially crafted SIP packet with SDP containing a payload
number greater than 256.
2) An error exists within the handling of RTP codec payloads, which
can be exploited to cause a stack-based buffer overflow by sending
more than 32 RTP payloads.
3) An error within the SIP channel driver when determining if
authentication is required can be exploited to perform
unauthenticated calls by sending specially crafted From headers to
the driver.
Note: A format string error within the "ast_verbose()" logging API
call has also been reported by Steve Davies and Brandon Kruse. This
can be exploited to crash the application by providing input
containing format specifiers, which is later used in the affected API
call. However, this only affects Asterisk 1.6.x versions prior to
1.6.0-beta6.
SOLUTION:
Update to a fixed version.
Asterisk 1.2.x:
Update to version 1.2.27.
Asterisk 1.4.x:
Update to version 1.4.18.1.
Asterisk Business Edition:
Update to version B.2.5.1 and C.1.6.2.
s800i (Asterisk Appliance):
Update to version 1.1.0.2.
Asterisk Appliance Developer Kit:
Fixed in the SVN repository. Please see the vendor's advisories for
details.
PROVIDED AND/OR DISCOVERED BY:
1, 2) Mu Security Research Team
3) Jason Parker
ORIGINAL ADVISORY:
http://downloads.digium.com/pub/security/AST-2008-002.html
http://downloads.digium.com/pub/security/AST-2008-003.html
http://downloads.digium.com/pub/security/AST-2008-004.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed