[AsteriskBrasil] [asterisk-dev] AST-2012-014: Crashes due to large stack allocations when using TCP
Sylvio Jollenbeck
sylvio.jollenbeck em gmail.com
Quarta Janeiro 2 19:25:04 BRST 2013
Psc
Em 02/01/2013 19:24, "Asterisk Security Team" <security em asterisk.org>
escreveu:
> Asterisk Project Security Advisory - AST-2012-014
>
> Product Asterisk
> Summary Crashes due to large stack allocations when using
> TCP
> Nature of Advisory Stack Overflow
> Susceptibility Remote Unauthenticated Sessions (SIP)
>
> Remote Authenticated Sessions (XMPP, HTTP)
> Severity Critical
> Exploits Known No
> Reported On 7 November, 2012
> Reported By Walter Doekes
> Posted On 2 January, 2013
> Last Updated On January 2, 2013
> Advisory Contact Mark Michelson <mmichelson AT digium DOT com>
> CVE Name CVE-2012-5976
>
> Description Asterisk has several places where messages received over
> various network transports may be copied in a single stack
> allocation. In the case of TCP, since multiple packets in
> a
> stream may be concatenated together, this can lead to
> large
> allocations that overflow the stack.
>
> In the case of SIP, it is possible to do this before a
> session is established. Keep in mind that SIP over UDP is
> not affected by this vulnerability.
>
> With HTTP and XMPP, a session must first be established
> before the vulnerability may be exploited. The XMPP
> vulnerability exists both in the res_jabber.so module in
> Asterisk 1.8, 10, and 11 as well as the res_xmpp.so module
> in Asterisk 11.
>
> Resolution Stack allocations when using TCP have either been
> eliminated
> in favor of heap allocations or have had an upper bound
> placed on them to ensure that the stack will not overflow.
>
> For SIP, the allocation now has an upper limit.
>
> For HTTP, the allocation is now a heap allocation instead
> of
> a stack allocation.
>
> For XMPP, the allocation has been eliminated since it was
> unnecessary.
>
> Affected Versions
> Product Release Series
> Asterisk Open Source 1.8.x All versions
> Asterisk Open Source 10.x All versions
> Asterisk Open Source 11.x All versions
> Certified Asterisk 1.8.11 SIP: unaffected
>
> HTTP and XMPP: All versions
> Asterisk Digiumphones 10.x-digiumphones All versions
>
> Corrected In
> Product Release
> Asterisk Open Source 1.8.19.1, 10.11.1, 11.1.1
> Certified Asterisk 1.8.11-cert10
> Asterisk Digiumphones 10.11.1-digiumphones
>
> Patches
> SVN URL
> Revision
> http://downloads.asterisk.org/pub/security/AST-2012-014-1.8.diffAsterisk
> 1.8
> http://downloads.asterisk.org/pub/security/AST-2012-014-10.diff Asterisk
> 10
> http://downloads.asterisk.org/pub/security/AST-2012-014-11.diff Asterisk
> 11
>
> Links https://issues.asterisk.org/jira/browse/ASTERISK-20658
>
> Asterisk Project Security Advisories are posted at
> http://www.asterisk.org/security
>
> This document may be superseded by later versions; if so, the latest
> version will be posted at
> http://downloads.digium.com/pub/security/AST-2012-014.pdf and
> http://downloads.digium.com/pub/security/AST-2012-014.html
>
> Revision History
> Date Editor Revisions Made
> 19 November, 2012 Mark Michelson Initial Draft
> 02 January, 2013 Matt Jordan Removed ABE from affected products
>
> Asterisk Project Security Advisory - AST-2012-014
> Copyright (c) 2012 Digium, Inc. All Rights Reserved.
> Permission is hereby granted to distribute and publish this advisory in
> its
> original, unaltered form.
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
>
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.asteriskbrasil.org/pipermail/asteriskbrasil/attachments/20130102/52c3436d/attachment-0001.htm
Mais detalhes sobre a lista de discussão AsteriskBrasil