[AsteriskBrasil] Vulnerabilidade: Todas as versões Asterisk.

Neylon Estevam neylon em brisanet.com.br
Quarta Janeiro 19 15:07:21 BRST 2011


Senhores boa tarde, sob o relato abaixo, eu inclui o patch no asterisk e 
o recompilei,  setei as variaveis Callerid(num) Callerid(name) como o 
descrito.

Uso o asterisk 1.4.20.1.

Estou certo na correção?

Em quais situações estarei prejudicado?

Atenciosamente.


Segue o email emcaminhado.

---------- Forwarded message ----------
From: *Asterisk Security Team* <security em asterisk.org 
<mailto:security em asterisk.org>>
Date: Tue, Jan 18, 2011 at 1:35 PM
Subject: AST-2011-001: Stack buffer overflow in SIP channel driver
To: bugtraq em securityfocus.com <mailto:bugtraq em securityfocus.com>


               Asterisk Project Security Advisory - AST-2011-001

         Product        Asterisk
         Summary        Stack buffer overflow in SIP channel driver
    Nature of Advisory  Exploitable Stack Buffer Overflow
      Susceptibility    Remote Authenticated Sessions
         Severity       Moderate
      Exploits Known    No
       Reported On      January 11, 2011
       Reported By      Matthew Nicholson
        Posted On       January 18, 2011
     Last Updated On    January 18, 2011
     Advisory Contact   Matthew Nicholson <mnicholson em digium.com 
<mailto:mnicholson em digium.com>>
         CVE Name

   Description When forming an outgoing SIP request while in pedantic 
mode, a
               stack buffer can be made to overflow if supplied with
               carefully crafted caller ID information. This vulnerability
               also affects the URIENCODE dialplan function and in some
               versions of asterisk, the AGI dialplan application as well.
               The ast_uri_encode function does not properly respect the 
size
               of its output buffer and can write past the end of it when
               encoding URIs.

   Resolution The size of the output buffer passed to the ast_uri_encode
              function is now properly respected.

              In asterisk versions not containing the fix for this issue,
              limiting strings originating from remote sources that will be
              URI encoded to a length of 40 characters will protect against
              this vulnerability.

              exten => s,1,Set(CALLERID(num)=${CALLERID(num):0:40})
              exten => s,n,Set(CALLERID(name)=${CALLERID(name):0:40})
              exten => s,n,Dial(SIP/channel)

              The CALLERID(num) and CALLERID(name) channel values, and any
              strings passed to the URIENCODE dialplan function should be
              limited in this manner.

                               Affected Versions
                Product              Release Series
         Asterisk Open Source            1.2.x      All versions
         Asterisk Open Source            1.4.x      All versions
         Asterisk Open Source            1.6.x      All versions
         Asterisk Open Source            1.8.x      All versions
       Asterisk Business Edition         C.x.x      All versions
              AsteriskNOW                 1.5       All versions
      s800i (Asterisk Appliance)         1.2.x      All versions

                                  Corrected In
            Product                              Release
     Asterisk Open Source       1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1,
                                       1.6.2.16.1, 1.8.1.2, 1.8.2.1
   Asterisk Business Edition                     C.3.6.2

                                    Patches
                                   URL                                 
Branch
http://downloads.asterisk.org/pub/security/AST-2011-001-1.4.diff    1.4
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.1.diff  1.6.1
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff  1.6.2
http://downloads.asterisk.org/pub/security/AST-2011-001-1.8.diff    1.8

   Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security

   This document may be superseded by later versions; if so, the latest
   version will be posted at
http://downloads.digium.com/pub/security/AST-2011-001.pdf and
http://downloads.digium.com/pub/security/AST-2011-001.html

                                Revision History
         Date                 Editor                  Revisions Made
   2011-01-18        Matthew Nicholson        Initial Release

               Asterisk Project Security Advisory - AST-2011-001
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory 
in its
                           original, unaltered form.
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20110119/d6cafe63/attachment.htm 


Mais detalhes sobre a lista de discussão AsteriskBrasil