<br><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Asterisk Security Team</b> <span dir="ltr"><<a href="mailto:security@asterisk.org">security@asterisk.org</a>></span><br>
Date: 2009/3/10<br>Subject: [asterisk-dev] AST-2009-002: Remote Crash Vulnerability in SIP channel driver<br>To: <a href="mailto:asterisk-dev@lists.digium.com">asterisk-dev@lists.digium.com</a><br><br><br><div><div></div>
<div class="h5"> Asterisk Project Security Advisory - AST-2009-002<br>
<br>
+------------------------------------------------------------------------+<br>
| Product | Asterisk |<br>
|---------------------+--------------------------------------------------|<br>
| Summary | Remote Crash Vulnerability in SIP channel driver |<br>
|---------------------+--------------------------------------------------|<br>
| Nature of Advisory | Denial of Service |<br>
|---------------------+--------------------------------------------------|<br>
| Susceptibility | Remote Authenticated Sessions |<br>
|---------------------+--------------------------------------------------|<br>
| Severity | Moderate |<br>
|---------------------+--------------------------------------------------|<br>
| Exploits Known | No |<br>
|---------------------+--------------------------------------------------|<br>
| Reported On | February 6, 2009 |<br>
|---------------------+--------------------------------------------------|<br>
| Reported By | <a href="http://bugs.digium.com" target="_blank">bugs.digium.com</a> user klaus3000 |<br>
|---------------------+--------------------------------------------------|<br>
| Posted On | March 10, 2009 |<br>
|---------------------+--------------------------------------------------|<br>
| Last Updated On | March 10, 2009 |<br>
|---------------------+--------------------------------------------------|<br>
| Advisory Contact | Joshua Colp <<a href="mailto:jcolp@digium.com">jcolp@digium.com</a>> |<br>
|---------------------+--------------------------------------------------|<br>
| CVE Name | |<br>
+------------------------------------------------------------------------+<br>
<br>
+------------------------------------------------------------------------+<br>
| Description | When configured with pedantic=yes the SIP channel driver |<br>
| | performs extra request URI checking on an INVITE |<br>
| | received as a result of a SIP spiral. As part of this |<br>
| | extra checking the headers from the outgoing SIP INVITE |<br>
| | sent and the received SIP INVITE are compared. The code |<br>
| | incorrectly assumes that the string for each header |<br>
| | passed in will be non-NULL in all cases. This is |<br>
| | incorrect because if no headers are present the value |<br>
| | passed in will be NULL. |<br>
| | |<br>
| | The values passed into the code are now checked to be |<br>
| | non-NULL before being compared. |<br>
+------------------------------------------------------------------------+<br>
<br>
+------------------------------------------------------------------------+<br>
| Resolution | Upgrade to revision 174082 of the 1.4 branch, 174085 of |<br>
| | the 1.6.0 branch, 174086 of the 1.6.1 branch, or one of |<br>
| | the releases noted below. |<br>
| | |<br>
| | The pedantic option in the SIP channel driver can also be |<br>
| | turned off to prevent this issue from occurring. |<br>
+------------------------------------------------------------------------+<br>
<br>
+------------------------------------------------------------------------+<br>
| Affected Versions |<br>
|------------------------------------------------------------------------|<br>
| Product | Release | |<br>
| | Series | |<br>
|----------------------------+---------+---------------------------------|<br>
| Asterisk Open Source | 1.2.x | Not affected |<br>
|----------------------------+---------+---------------------------------|<br>
| Asterisk Open Source | 1.4.x | Versions 1.4.22, 1.4.23, |<br>
| | | 1.4.23.1 |<br>
|----------------------------+---------+---------------------------------|<br>
| Asterisk Open Source | 1.6.0.x | All versions prior to 1.6.0.6 |<br>
|----------------------------+---------+---------------------------------|<br>
| Asterisk Open Source | 1.6.1.x | All versions prior to |<br>
| | | 1.6.1.0-rc2 |<br>
|----------------------------+---------+---------------------------------|<br>
| Asterisk Addons | 1.2.x | Not affected |<br>
|----------------------------+---------+---------------------------------|<br>
| Asterisk Addons | 1.4.x | Not affected |<br>
|----------------------------+---------+---------------------------------|<br>
| Asterisk Addons | 1.6.x | Not affected |<br>
|----------------------------+---------+---------------------------------|<br>
| Asterisk Business Edition | A.x.x | Not affected |<br>
|----------------------------+---------+---------------------------------|<br>
| Asterisk Business Edition | B.x.x | Not affected |<br>
|----------------------------+---------+---------------------------------|<br>
| Asterisk Business Edition | C.x.x | Only version C.2.3 |<br>
|----------------------------+---------+---------------------------------|<br>
| s800i (Asterisk Appliance) | 1.2.x | Not affected |<br>
+------------------------------------------------------------------------+<br>
<br>
+------------------------------------------------------------------------+<br>
| Corrected In |<br>
|------------------------------------------------------------------------|<br>
| Product | Release |<br>
|-------------------------------------------+----------------------------|<br>
| Asterisk Open Source | 1.4.23.2 |<br>
|-------------------------------------------+----------------------------|<br>
| Asterisk Open Source | 1.6.0.6 |<br>
|-------------------------------------------+----------------------------|<br>
| Asterisk Open Source | 1.6.1.0-rc2 |<br>
|-------------------------------------------+----------------------------|<br>
| Asterisk Business Edition | C.2.3.2 |<br>
+------------------------------------------------------------------------+<br>
<br>
+------------------------------------------------------------------------+<br>
| Patches |<br>
|------------------------------------------------------------------------|<br>
| URL |Branch|<br>
|-----------------------------------------------------------------+------|<br>
|<a href="http://downloads.digium.com/pub/security/AST-2009-002-1.4.diff" target="_blank">http://downloads.digium.com/pub/security/AST-2009-002-1.4.diff</a> |1.4 |<br>
|-----------------------------------------------------------------+------|<br>
|<a href="http://downloads.digium.com/pub/security/AST-2009-002-1.6.0.diff" target="_blank">http://downloads.digium.com/pub/security/AST-2009-002-1.6.0.diff</a> |1.6.0 |<br>
|-----------------------------------------------------------------+------|<br>
|<a href="http://downloads.digium.com/pub/security/AST-2009-002-1.6.1.diff" target="_blank">http://downloads.digium.com/pub/security/AST-2009-002-1.6.1.diff</a> |1.6.1 |<br>
+------------------------------------------------------------------------+<br>
<br>
+------------------------------------------------------------------------+<br>
| Links | <a href="http://bugs.digium.com/view.php?id=14417" target="_blank">http://bugs.digium.com/view.php?id=14417</a> |<br>
| | |<br>
| | <a href="http://bugs.digium.com/view.php?id=13547" target="_blank">http://bugs.digium.com/view.php?id=13547</a> |<br>
+------------------------------------------------------------------------+<br>
<br>
+------------------------------------------------------------------------+<br>
| Asterisk Project Security Advisories are posted at |<br>
| <a href="http://www.asterisk.org/security" target="_blank">http://www.asterisk.org/security</a> |<br>
| |<br>
| This document may be superseded by later versions; if so, the latest |<br>
| version will be posted at |<br>
| <a href="http://downloads.digium.com/pub/security/AST-2009-002.pdf" target="_blank">http://downloads.digium.com/pub/security/AST-2009-002.pdf</a> and |<br>
| <a href="http://downloads.digium.com/pub/security/AST-2009-002.html" target="_blank">http://downloads.digium.com/pub/security/AST-2009-002.html</a> |<br>
+------------------------------------------------------------------------+<br>
<br>
+------------------------------------------------------------------------+<br>
| Revision History |<br>
|------------------------------------------------------------------------|<br>
| Date | Editor | Revisions Made |<br>
|------------------+--------------------+--------------------------------|<br>
| 2009-03-10 | Joshua Colp | Initial release |<br>
+------------------------------------------------------------------------+<br>
<br>
Asterisk Project Security Advisory - AST-2009-002<br>
Copyright (c) 2009 Digium, Inc. All Rights Reserved.<br>
Permission is hereby granted to distribute and publish this advisory in its<br>
original, unaltered form.<br>
<br>
<br>
_______________________________________________<br>
--Bandwidth and Colocation Provided by <a href="http://www.api-digital.com--" target="_blank">http://www.api-digital.com--</a><br>
<br>
</div></div>asterisk-dev mailing list<br>
<div class="im">To UNSUBSCRIBE or update options visit:<br>
</div> <a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a><br>
</div><br><br clear="all"><br>-- <br>Asterisk user number: 1099<br>Linux user: #443184<br><a href="http://shazaum.googlepages.com">shazaum.googlepages.com</a><br>