<div dir="ltr">PSC<br><div><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Asterisk Security Team</b> <span dir="ltr"><<a href="mailto:security@asterisk.org">security@asterisk.org</a>></span><br>
Date: 2013/3/27<br>Subject: [asterisk-dev] AST-2013-001: Buffer Overflow Exploit Through SIP SDP Header<br>To: <a href="mailto:asterisk-dev@lists.digium.com">asterisk-dev@lists.digium.com</a><br><br><br> Asterisk Project Security Advisory - AST-2013-001<br>
<br>
Product Asterisk<br>
Summary Buffer Overflow Exploit Through SIP SDP Header<br>
Nature of Advisory Exploitable Stack Buffer Overflow<br>
Susceptibility Remote Unauthenticated Sessions<br>
Severity Major<br>
Exploits Known No<br>
Reported On 6 January, 2013<br>
Reported By Ulf Ha:rnhammar<br>
Posted On 27 March, 2013<br>
Last Updated On March 27, 2013<br>
Advisory Contact Jonathan Rose <jrose AT digium DOT com><br>
CVE Name CVE-2013-2685<br>
<br>
Description The format attribute resource for h264 video performs an<br>
unsafe read against a media attribute when parsing the SDP.<br>
The vulnerable parameter can be received as strings of an<br>
arbitrary length and Asterisk attempts to read them into<br>
limited buffer spaces without applying a limit to the<br>
number of characters read. If a message is formed<br>
improperly, this could lead to an attacker being able to<br>
execute arbitrary code remotely.<br>
<br>
Resolution Attempts to read string data into the buffers noted are now<br>
explicitly limited by the size of the buffers.<br>
<br>
Affected Versions<br>
Product Release Series<br>
Asterisk Open Source 11.x All Versions<br>
<br>
Corrected In<br>
Product Release<br>
Asterisk Open Source 11.2.2<br>
<br>
Patches<br>
SVN URL Revision<br>
<a href="Http://downloads.asterisk.org/pub/security/AST-2013-001-11.diff" target="_blank">Http://downloads.asterisk.org/pub/security/AST-2013-001-11.diff</a> Asterisk<br>
11<br>
<br>
Links <a href="https://issues.asterisk.org/jira/browse/ASTERISK-20901" target="_blank">https://issues.asterisk.org/jira/browse/ASTERISK-20901</a><br>
<br>
Asterisk Project Security Advisories are posted at<br>
<a href="http://www.asterisk.org/security" target="_blank">http://www.asterisk.org/security</a><br>
<br>
This document may be superseded by later versions; if so, the latest<br>
version will be posted at<br>
<a href="http://downloads.digium.com/pub/security/AST-2013-001.pdf" target="_blank">http://downloads.digium.com/pub/security/AST-2013-001.pdf</a> and<br>
<a href="http://downloads.digium.com/pub/security/AST-2013-001.html" target="_blank">http://downloads.digium.com/pub/security/AST-2013-001.html</a><br>
<br>
Revision History<br>
Date Editor Revisions Made<br>
February 11, 2013 Jonathan Rose Initial Draft<br>
March 27, 2013 Matt Jordan CVE Added<br>
<br>
Asterisk Project Security Advisory - AST-2013-001<br>
Copyright (c) 2013 Digium, Inc. All Rights Reserved.<br>
Permission is hereby granted to distribute and publish this advisory in its<br>
original, unaltered form.<br>
<br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-dev mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a><br>
</div><br><br clear="all"><br>-- <br><span style="font-family:trebuchet ms,sans-serif">Sylvio Jollenbeck<br><font size="1"><a href="http://www.hosannatecnologia.com.br/" target="_blank">www.hosannatecnologia.com.br</a></font></span><br>
<img src="http://www.hosannatecnologia.com.br/pixel.fw.png"><br>
</div></div>