[AsteriskBrasil] AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver

Diego diegofull em gmail.com
Segunda Abril 23 17:13:15 BRT 2012


Asterisk Project Security Advisory - AST-2012-005

         Product         Asterisk
         Summary         Heap Buffer Overflow in Skinny Channel Driver
    Nature of Advisory   Exploitable Heap Buffer Overflow
      Susceptibility     Remote Authenticated Sessions
         Severity        Minor
      Exploits Known     No
       Reported On       March 26, 2012
       Reported By       Russell Bryant
        Posted On        April 23, 2012
     Last Updated On     April 23, 2012
     Advisory Contact    Matt Jordan < mjordan AT digium DOT com >
         CVE Name

   Description  In the Skinny channel driver, KEYPAD_BUTTON_MESSAGE events
                are queued for processing in a buffer allocated on the
                heap, where each DTMF value that is received is placed on
                the end of the buffer. Since the length of the buffer is
                never checked, an attacker could send sufficient
                KEYPAD_BUTTON_MESSAGE events such that the buffer is
                overrun.

   Resolution  The length of the buffer is now checked before appending a
               value to the end of the buffer.

                              Affected Versions
               Product              Release Series
        Asterisk Open Source           1.6.2.x      All Versions
        Asterisk Open Source            1.8.x       All Versions
        Asterisk Open Source             10.x       All Versions

                                 Corrected In
               Product                              Release
         Asterisk Open Source              1.6.2.24, 1.8.11.1, 10.3.1

                                    Patches
                               SVN URL
Revision
  http://downloads.asterisk.org/pub/security/AST-2012-005-1.6.2.diff v1.6.2
  http://downloads.asterisk.org/pub/security/AST-2012-005-1.8.diff   v1.8
  http://downloads.asterisk.org/pub/security/AST-2012-005-10.diff    v10

      Links     https://issues.asterisk.org/jira/browse/ASTERISK-19592

   Asterisk Project Security Advisories are posted at
   http://www.asterisk.org/security

   This document may be superseded by later versions; if so, the latest
   version will be posted at
   http://downloads.digium.com/pub/security/AST-2012-005.pdf and
   http://downloads.digium.com/pub/security/AST-2012-005.html

                               Revision History
         Date                  Editor                 Revisions Made
   04/16/2012         Matt Jordan               Initial Release

              Asterisk Project Security Advisory - AST-2012-005
             Copyright (c) 2012 Digium, Inc. All Rights Reserved.
 Permission is hereby granted to distribute and publish this advisory in its
                          original, unaltered form.
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20120423/227ff436/attachment-0001.htm 


Mais detalhes sobre a lista de discussão AsteriskBrasil