<span style>Asterisk Project Security Advisory - AST-2012-005</span><br style><br style><span style>         Product         Asterisk</span><br style><span style>         Summary         Heap Buffer Overflow in Skinny Channel Driver</span><br style>

<span style>    Nature of Advisory   Exploitable Heap Buffer Overflow</span><br style><span style>      Susceptibility     Remote Authenticated Sessions</span><br style><span style>         Severity        Minor</span><br style>

<span style>      Exploits Known     No</span><br style><span style>       Reported On       March 26, 2012</span><br style><span style>       Reported By       Russell Bryant</span><br style><span style>        Posted On        April 23, 2012</span><br style>

<span style>     Last Updated On     April 23, 2012</span><br style><span style>     Advisory Contact    Matt Jordan &lt; mjordan AT digium DOT com &gt;</span><br style><span style>         CVE Name</span><br style><br style>

<span style>   Description  In the Skinny channel driver, KEYPAD_BUTTON_MESSAGE events</span><br style><span style>                are queued for processing in a buffer allocated on the</span><br style><span style>                heap, where each DTMF value that is received is placed on</span><br style>

<span style>                the end of the buffer. Since the length of the buffer is</span><br style><span style>                never checked, an attacker could send sufficient</span><br style><span style>                KEYPAD_BUTTON_MESSAGE events such that the buffer is</span><br style>

<span style>                overrun.</span><br style><br style><span style>   Resolution  The length of the buffer is now checked before appending a</span><br style><span style>               value to the end of the buffer.</span><br style>

<br style><span style>                              Affected Versions</span><br style><span style>               Product              Release Series</span><br style><span style>        Asterisk Open Source           1.6.2.x      All Versions</span><br style>

<span style>        Asterisk Open Source            1.8.x       All Versions</span><br style><span style>        Asterisk Open Source             10.x       All Versions</span><br style><br style><span style>                                 Corrected In</span><br style>

<span style>               Product                              Release</span><br style><span style>         Asterisk Open Source              1.6.2.24, 1.8.11.1, 10.3.1</span><br style><br style><span style>                                    Patches</span><br style>

<span style>                               SVN URL                               Revision</span><br style><span style> <span class="Apple-converted-space"> </span></span><a href="http://downloads.asterisk.org/pub/security/AST-2012-005-1.6.2.diff" target="_blank" style>http://downloads.asterisk.org/pub/security/AST-2012-005-1.6.2.diff</a><span style><span class="Apple-converted-space"> </span>v1.6.2</span><br style>

<span style> <span class="Apple-converted-space"> </span></span><a href="http://downloads.asterisk.org/pub/security/AST-2012-005-1.8.diff" target="_blank" style>http://downloads.asterisk.org/pub/security/AST-2012-005-1.8.diff</a><span style><span class="Apple-converted-space"> </span>  v1.8</span><br style>

<span style> <span class="Apple-converted-space"> </span></span><a href="http://downloads.asterisk.org/pub/security/AST-2012-005-10.diff" target="_blank" style>http://downloads.asterisk.org/pub/security/AST-2012-005-10.diff</a><span style><span class="Apple-converted-space"> </span>   v10</span><br style>

<br style><span style>      Links    <span class="Apple-converted-space"> </span></span><a href="https://issues.asterisk.org/jira/browse/ASTERISK-19592" target="_blank" style>https://issues.asterisk.org/jira/browse/ASTERISK-19592</a><br style>

<br style><span style>   Asterisk Project Security Advisories are posted at</span><br style><span style>   </span><a href="http://www.asterisk.org/security" target="_blank" style>http://www.asterisk.org/security</a><br style>

<br style><span style>   This document may be superseded by later versions; if so, the latest</span><br style><span style>   version will be posted at</span><br style><span style>   </span><a href="http://downloads.digium.com/pub/security/AST-2012-005.pdf" target="_blank" style>http://downloads.digium.com/pub/security/AST-2012-005.pdf</a><span style><span class="Apple-converted-space"> </span>and</span><br style>

<span style>   </span><a href="http://downloads.digium.com/pub/security/AST-2012-005.html" target="_blank" style>http://downloads.digium.com/pub/security/AST-2012-005.html</a><br style><br style><span style>                               Revision History</span><br style>

<span style>         Date                  Editor                 Revisions Made</span><br style><span style>   04/16/2012         Matt Jordan               Initial Release</span><br style><br style><span style>              Asterisk Project Security Advisory - AST-2012-005</span><br style>

<span style>             Copyright (c) 2012 Digium, Inc. All Rights Reserved.</span><br style><span style> Permission is hereby granted to distribute and publish this advisory in its</span><br style><span style>                          original, unaltered form.</span>