<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#ffffff">
Senhores boa tarde, sob o relato abaixo, eu inclui o patch no
asterisk e o recompilei, setei as variaveis Callerid(num)
Callerid(name) como o descrito.<br>
<br>
Uso o asterisk 1.4.20.1.<br>
<br>
Estou certo na correção?<br>
<br>
Em quais situações estarei prejudicado?<br>
<br>
Atenciosamente.<br>
<br>
<br>
Segue o email emcaminhado.<br>
<br>
---------- Forwarded message ----------<br>
From: <b class="gmail_sendername">Asterisk Security Team</b> <span
dir="ltr"><<a href="mailto:security@asterisk.org">security@asterisk.org</a>></span><br>
Date: Tue, Jan 18, 2011 at 1:35 PM<br>
Subject: AST-2011-001: Stack buffer overflow in SIP channel driver<br>
To: <a href="mailto:bugtraq@securityfocus.com">bugtraq@securityfocus.com</a><br>
<br>
<br>
Asterisk Project Security Advisory - AST-2011-001<br>
<br>
Product Asterisk<br>
Summary Stack buffer overflow in SIP channel driver<br>
Nature of Advisory Exploitable Stack Buffer Overflow<br>
Susceptibility Remote Authenticated Sessions<br>
Severity Moderate<br>
Exploits Known No<br>
Reported On January 11, 2011<br>
Reported By Matthew Nicholson<br>
Posted On January 18, 2011<br>
Last Updated On January 18, 2011<br>
Advisory Contact Matthew Nicholson <<a
href="mailto:mnicholson@digium.com">mnicholson@digium.com</a>><br>
CVE Name<br>
<br>
Description When forming an outgoing SIP request while in pedantic
mode, a<br>
stack buffer can be made to overflow if supplied with<br>
carefully crafted caller ID information. This
vulnerability<br>
also affects the URIENCODE dialplan function and in
some<br>
versions of asterisk, the AGI dialplan application as
well.<br>
The ast_uri_encode function does not properly respect
the size<br>
of its output buffer and can write past the end of it
when<br>
encoding URIs.<br>
<br>
Resolution The size of the output buffer passed to the
ast_uri_encode<br>
function is now properly respected.<br>
<br>
In asterisk versions not containing the fix for this
issue,<br>
limiting strings originating from remote sources that
will be<br>
URI encoded to a length of 40 characters will protect
against<br>
this vulnerability.<br>
<br>
exten =>
s,1,Set(CALLERID(num)=${CALLERID(num):0:40})<br>
exten =>
s,n,Set(CALLERID(name)=${CALLERID(name):0:40})<br>
exten => s,n,Dial(SIP/channel)<br>
<br>
The CALLERID(num) and CALLERID(name) channel values,
and any<br>
strings passed to the URIENCODE dialplan function
should be<br>
limited in this manner.<br>
<br>
Affected Versions<br>
Product Release Series<br>
Asterisk Open Source 1.2.x All versions<br>
Asterisk Open Source 1.4.x All versions<br>
Asterisk Open Source 1.6.x All versions<br>
Asterisk Open Source 1.8.x All versions<br>
Asterisk Business Edition C.x.x All versions<br>
AsteriskNOW 1.5 All versions<br>
s800i (Asterisk Appliance) 1.2.x All versions<br>
<br>
Corrected In<br>
Product Release<br>
Asterisk Open Source 1.4.38.1, 1.4.39.1, 1.6.1.21,
1.6.2.15.1,<br>
1.6.2.16.1, 1.8.1.2, 1.8.2.1<br>
Asterisk Business Edition C.3.6.2<br>
<br>
Patches<br>
URL
Branch<br>
<a
href="http://downloads.asterisk.org/pub/security/AST-2011-001-1.4.diff"
target="_blank">http://downloads.asterisk.org/pub/security/AST-2011-001-1.4.diff</a>
1.4<br>
<a
href="http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.1.diff"
target="_blank">http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.1.diff</a>
1.6.1<br>
<a
href="http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff"
target="_blank">http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff</a>
1.6.2<br>
<a
href="http://downloads.asterisk.org/pub/security/AST-2011-001-1.8.diff"
target="_blank">http://downloads.asterisk.org/pub/security/AST-2011-001-1.8.diff</a>
1.8<br>
<br>
Asterisk Project Security Advisories are posted at<br>
<a href="http://www.asterisk.org/security" target="_blank">http://www.asterisk.org/security</a><br>
<br>
This document may be superseded by later versions; if so, the
latest<br>
version will be posted at<br>
<a
href="http://downloads.digium.com/pub/security/AST-2011-001.pdf"
target="_blank">http://downloads.digium.com/pub/security/AST-2011-001.pdf</a>
and<br>
<a
href="http://downloads.digium.com/pub/security/AST-2011-001.html"
target="_blank">http://downloads.digium.com/pub/security/AST-2011-001.html</a><br>
<br>
Revision History<br>
Date Editor Revisions Made<br>
2011-01-18 Matthew Nicholson Initial Release<br>
<br>
Asterisk Project Security Advisory - AST-2011-001<br>
Copyright (c) 2011 Digium, Inc. All Rights Reserved.<br>
Permission is hereby granted to distribute and publish this
advisory in its<br>
original, unaltered form.
</body>
</html>