[AsteriskBrasil] Vulnerabilidade: Todas as versões Asterisk.
Neylon Estevam
neylon em brisanet.com.br
Quarta Janeiro 19 15:07:21 BRST 2011
Senhores boa tarde, sob o relato abaixo, eu inclui o patch no asterisk e
o recompilei, setei as variaveis Callerid(num) Callerid(name) como o
descrito.
Uso o asterisk 1.4.20.1.
Estou certo na correção?
Em quais situações estarei prejudicado?
Atenciosamente.
Segue o email emcaminhado.
---------- Forwarded message ----------
From: *Asterisk Security Team* <security em asterisk.org
<mailto:security em asterisk.org>>
Date: Tue, Jan 18, 2011 at 1:35 PM
Subject: AST-2011-001: Stack buffer overflow in SIP channel driver
To: bugtraq em securityfocus.com <mailto:bugtraq em securityfocus.com>
Asterisk Project Security Advisory - AST-2011-001
Product Asterisk
Summary Stack buffer overflow in SIP channel driver
Nature of Advisory Exploitable Stack Buffer Overflow
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On January 11, 2011
Reported By Matthew Nicholson
Posted On January 18, 2011
Last Updated On January 18, 2011
Advisory Contact Matthew Nicholson <mnicholson em digium.com
<mailto:mnicholson em digium.com>>
CVE Name
Description When forming an outgoing SIP request while in pedantic
mode, a
stack buffer can be made to overflow if supplied with
carefully crafted caller ID information. This vulnerability
also affects the URIENCODE dialplan function and in some
versions of asterisk, the AGI dialplan application as well.
The ast_uri_encode function does not properly respect the
size
of its output buffer and can write past the end of it when
encoding URIs.
Resolution The size of the output buffer passed to the ast_uri_encode
function is now properly respected.
In asterisk versions not containing the fix for this issue,
limiting strings originating from remote sources that will be
URI encoded to a length of 40 characters will protect against
this vulnerability.
exten => s,1,Set(CALLERID(num)=${CALLERID(num):0:40})
exten => s,n,Set(CALLERID(name)=${CALLERID(name):0:40})
exten => s,n,Dial(SIP/channel)
The CALLERID(num) and CALLERID(name) channel values, and any
strings passed to the URIENCODE dialplan function should be
limited in this manner.
Affected Versions
Product Release Series
Asterisk Open Source 1.2.x All versions
Asterisk Open Source 1.4.x All versions
Asterisk Open Source 1.6.x All versions
Asterisk Open Source 1.8.x All versions
Asterisk Business Edition C.x.x All versions
AsteriskNOW 1.5 All versions
s800i (Asterisk Appliance) 1.2.x All versions
Corrected In
Product Release
Asterisk Open Source 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1,
1.6.2.16.1, 1.8.1.2, 1.8.2.1
Asterisk Business Edition C.3.6.2
Patches
URL
Branch
http://downloads.asterisk.org/pub/security/AST-2011-001-1.4.diff 1.4
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.1.diff 1.6.1
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff 1.6.2
http://downloads.asterisk.org/pub/security/AST-2011-001-1.8.diff 1.8
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2011-001.pdf and
http://downloads.digium.com/pub/security/AST-2011-001.html
Revision History
Date Editor Revisions Made
2011-01-18 Matthew Nicholson Initial Release
Asterisk Project Security Advisory - AST-2011-001
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory
in its
original, unaltered form.
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20110119/d6cafe63/attachment.htm
Mais detalhes sobre a lista de discussão AsteriskBrasil