<p>Psc</p>
<div class="gmail_quote">Em 02/01/2013 19:24, &quot;Asterisk Security Team&quot; &lt;<a href="mailto:security@asterisk.org">security@asterisk.org</a>&gt; escreveu:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
               Asterisk Project Security Advisory - AST-2012-014<br>
<br>
         Product        Asterisk<br>
         Summary        Crashes due to large stack allocations when using<br>
                        TCP<br>
    Nature of Advisory  Stack Overflow<br>
      Susceptibility    Remote Unauthenticated Sessions (SIP)<br>
<br>
                        Remote Authenticated Sessions (XMPP, HTTP)<br>
         Severity       Critical<br>
      Exploits Known    No<br>
       Reported On      7 November, 2012<br>
       Reported By      Walter Doekes<br>
        Posted On       2 January, 2013<br>
     Last Updated On    January 2, 2013<br>
     Advisory Contact   Mark Michelson &lt;mmichelson AT digium DOT com&gt;<br>
         CVE Name       CVE-2012-5976<br>
<br>
    Description  Asterisk has several places where messages received over<br>
                 various network transports may be copied in a single stack<br>
                 allocation. In the case of TCP, since multiple packets in a<br>
                 stream may be concatenated together, this can lead to large<br>
                 allocations that overflow the stack.<br>
<br>
                 In the case of SIP, it is possible to do this before a<br>
                 session is established. Keep in mind that SIP over UDP is<br>
                 not affected by this vulnerability.<br>
<br>
                 With HTTP and XMPP, a session must first be established<br>
                 before the vulnerability may be exploited. The XMPP<br>
                 vulnerability exists both in the res_jabber.so module in<br>
                 Asterisk 1.8, 10, and 11 as well as the res_xmpp.so module<br>
                 in Asterisk 11.<br>
<br>
    Resolution  Stack allocations when using TCP have either been eliminated<br>
                in favor of heap allocations or have had an upper bound<br>
                placed on them to ensure that the stack will not overflow.<br>
<br>
                For SIP, the allocation now has an upper limit.<br>
<br>
                For HTTP, the allocation is now a heap allocation instead of<br>
                a stack allocation.<br>
<br>
                For XMPP, the allocation has been eliminated since it was<br>
                unnecessary.<br>
<br>
                               Affected Versions<br>
            Product           Release Series<br>
     Asterisk Open Source          1.8.x        All versions<br>
     Asterisk Open Source          10.x         All versions<br>
     Asterisk Open Source          11.x         All versions<br>
      Certified Asterisk          1.8.11        SIP: unaffected<br>
<br>
                                                HTTP and XMPP: All versions<br>
     Asterisk Digiumphones   10.x-digiumphones  All versions<br>
<br>
                                  Corrected In<br>
                 Product                              Release<br>
          Asterisk Open Source               1.8.19.1, 10.11.1, 11.1.1<br>
           Certified Asterisk                      1.8.11-cert10<br>
          Asterisk Digiumphones                10.11.1-digiumphones<br>
<br>
                                    Patches<br>
                               SVN URL                              Revision<br>
   <a href="http://downloads.asterisk.org/pub/security/AST-2012-014-1.8.diff" target="_blank">http://downloads.asterisk.org/pub/security/AST-2012-014-1.8.diff</a> Asterisk<br>
                                                                    1.8<br>
   <a href="http://downloads.asterisk.org/pub/security/AST-2012-014-10.diff" target="_blank">http://downloads.asterisk.org/pub/security/AST-2012-014-10.diff</a>  Asterisk<br>
                                                                    10<br>
   <a href="http://downloads.asterisk.org/pub/security/AST-2012-014-11.diff" target="_blank">http://downloads.asterisk.org/pub/security/AST-2012-014-11.diff</a>  Asterisk<br>
                                                                    11<br>
<br>
       Links     <a href="https://issues.asterisk.org/jira/browse/ASTERISK-20658" target="_blank">https://issues.asterisk.org/jira/browse/ASTERISK-20658</a><br>
<br>
    Asterisk Project Security Advisories are posted at<br>
    <a href="http://www.asterisk.org/security" target="_blank">http://www.asterisk.org/security</a><br>
<br>
    This document may be superseded by later versions; if so, the latest<br>
    version will be posted at<br>
    <a href="http://downloads.digium.com/pub/security/AST-2012-014.pdf" target="_blank">http://downloads.digium.com/pub/security/AST-2012-014.pdf</a> and<br>
    <a href="http://downloads.digium.com/pub/security/AST-2012-014.html" target="_blank">http://downloads.digium.com/pub/security/AST-2012-014.html</a><br>
<br>
                                Revision History<br>
          Date              Editor                 Revisions Made<br>
    19 November, 2012  Mark Michelson    Initial Draft<br>
    02 January, 2013   Matt Jordan       Removed ABE from affected products<br>
<br>
               Asterisk Project Security Advisory - AST-2012-014<br>
              Copyright (c) 2012 Digium, Inc. All Rights Reserved.<br>
  Permission is hereby granted to distribute and publish this advisory in its<br>
                           original, unaltered form.<br>
<br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-dev mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
   <a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a><br>
</blockquote></div>