Asterisk Project Security Advisory - An attacker can cause Asterisk to crash remotely by sending malformed RTP text frames. While the attacker can cause Asterisk to crash, he cannot execute arbitrary remote code with this exploit.
7cdb743f4d11e06fb523803f2e6f40f3d378378fd8b9554a26d5efcd6ce48db9
Asterisk Project Security Advisory - AST-2009-004
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | Remote Crash Vulnerability in RTP stack |
|----------------------+-------------------------------------------------|
| Nature of Advisory | Exploitable Crash |
|----------------------+-------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|----------------------+-------------------------------------------------|
| Severity | Critical |
|----------------------+-------------------------------------------------|
| Exploits Known | No |
|----------------------+-------------------------------------------------|
| Reported On | July 27, 2009 |
|----------------------+-------------------------------------------------|
| Reported By | Marcus Hunger <hunger AT sipgate DOT de> |
|----------------------+-------------------------------------------------|
| Posted On | August 2, 2009 |
|----------------------+-------------------------------------------------|
| Last Updated On | August 2, 2009 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Mark Michelson <mmichelson AT digium DOT com> |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | An attacker can cause Asterisk to crash remotely by |
| | sending malformed RTP text frames. While the attacker |
| | can cause Asterisk to crash, he cannot execute arbitrary |
| | remote code with this exploit. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Users should upgrade to a version listed in the |
| | "Corrected In" section below. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 1.2.x | Unaffected |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 1.4.x | Unaffected |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 1.6.x | All 1.6.1 versions |
|-------------------------------+----------------+-----------------------|
| Asterisk Addons | 1.2.x | Unaffected |
|-------------------------------+----------------+-----------------------|
| Asterisk Addons | 1.4.x | Unaffected |
|-------------------------------+----------------+-----------------------|
| Asterisk Addons | 1.6.x | Unaffected |
|-------------------------------+----------------+-----------------------|
| Asterisk Business Edition | A.x.x | Unaffected |
|-------------------------------+----------------+-----------------------|
| Asterisk Business Edition | B.x.x | Unaffected |
|-------------------------------+----------------+-----------------------|
| Asterisk Business Edition | C.x.x | Unaffected |
|-------------------------------+----------------+-----------------------|
| AsteriskNOW | 1.5 | Unaffected |
|-------------------------------+----------------+-----------------------|
| s800i (Asterisk Appliance) | 1.2.x | Unaffected |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|---------------------------------------------+--------------------------|
| Open Source Asterisk 1.6.1 | 1.6.1.2 |
|---------------------------------------------+--------------------------|
|---------------------------------------------+--------------------------|
+------------------------------------------------------------------------+
+----------------------------------------------------------------------------+
| Patches |
|----------------------------------------------------------------------------|
| SVN URL |Version|
|--------------------------------------------------------------------+-------|
|http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt| 1.6.1 |
|--------------------------------------------------------------------+-------|
+----------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Links | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2009-004.pdf and |
| http://downloads.digium.com/pub/security/AST-2009-004.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|----------------+-----------------+-------------------------------------|
| 27 Jul, 2009 | Mark Michelson | Initial Draft |
|----------------+-----------------+-------------------------------------|
| 31 Jul, 2009 | Mark Michelson | Added sentence about how remote |
| | | code cannot be executed. |
|----------------+-----------------+-------------------------------------|
| August 2, 2009 | Tilghman Lesher | Public release |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2009-004
Copyright (c) 2009 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.