<div dir="ltr"><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Asterisk Security Team</b> <span dir="ltr"><<a href="mailto:security@asterisk.org">security@asterisk.org</a>></span><br>Date: 2016-02-03 23:59 GMT-02:00<br>Subject: [asterisk-dev] AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data.<br>To: <a href="mailto:asterisk-dev@lists.digium.com">asterisk-dev@lists.digium.com</a><br><br><br>Â Â Â Â Â Â Â Â Asterisk Project Security Advisory - AST-2016-003<br>
<br>
     Product    Asterisk<br>
     Summary    Remote crash vulnerability when receiving UDPTL FAX<br>
            data.<br>
  Nature of Advisory Denial of Service<br>
   Susceptibility  Remote Authenticated Sessions<br>
     Severity    Minor<br>
   Exploits Known  Yes<br>
    Reported On   December 2, 2015<br>
    Reported By   Walter Dokes, Torrey Searle<br>
    Posted On    February 3, 2016<br>
   Last Updated On  February 3, 2016<br>
   Advisory Contact  Richard Mudgett <rmudgett AT digium DOT com><br>
     CVE Name    Pending<br>
<br>
  Description If no UDPTL packets are lost there is no problem. However,<br>
         a lost packet causes Asterisk to use the available error<br>
         correcting redundancy packets. If those redundancy packets<br>
         have zero length then Asterisk uses an uninitialized buffer<br>
         pointer and length value which can cause invalid memory<br>
         accesses later when the packet is copied.<br>
<br>
  Resolution Upgrade to a released version with the fix incorporated or<br>
        apply patch.<br>
<br>
                Affected Versions<br>
             Product            Release<br>
                            Series<br>
         Asterisk Open Source         1.8.x  All versions<br>
         Asterisk Open Source         11.x  All versions<br>
         Asterisk Open Source         12.x  All versions<br>
         Asterisk Open Source         13.x  All versions<br>
          Certified Asterisk         1.8.28  All versions<br>
          Certified Asterisk          11.6  All versions<br>
          Certified Asterisk          13.1  All versions<br>
<br>
                 Corrected In<br>
     Product               Release<br>
  Asterisk Open Source          11.21.1, 13.7.1<br>
   Certified Asterisk        11.6-cert12, 13.1-cert3<br>
<br>
                   Patches<br>
                 SVN URL                Revision<br>
  <a href="http://downloads.asterisk.org/pub/security/AST-2016-003-1.8.28.diff" rel="noreferrer" target="_blank">http://downloads.asterisk.org/pub/security/AST-2016-003-1.8.28.diff</a> Certified<br>
                                    Asterisk<br>
                                    1.8.28<br>
  <a href="http://downloads.asterisk.org/pub/security/AST-2016-003-11.6.diff" rel="noreferrer" target="_blank">http://downloads.asterisk.org/pub/security/AST-2016-003-11.6.diff</a>  Certified<br>
                                    Asterisk<br>
                                    11.6<br>
  <a href="http://downloads.asterisk.org/pub/security/AST-2016-003-13.1.diff" rel="noreferrer" target="_blank">http://downloads.asterisk.org/pub/security/AST-2016-003-13.1.diff</a>  Certified<br>
                                    Asterisk<br>
                                    13.1<br>
  <a href="http://downloads.asterisk.org/pub/security/AST-2016-003-1.8.diff" rel="noreferrer" target="_blank">http://downloads.asterisk.org/pub/security/AST-2016-003-1.8.diff</a>  Asterisk<br>
                                    1.8<br>
  <a href="http://downloads.asterisk.org/pub/security/AST-2016-003-11.diff" rel="noreferrer" target="_blank">http://downloads.asterisk.org/pub/security/AST-2016-003-11.diff</a>   Asterisk<br>
                                    11<br>
  <a href="http://downloads.asterisk.org/pub/security/AST-2016-003-12.diff" rel="noreferrer" target="_blank">http://downloads.asterisk.org/pub/security/AST-2016-003-12.diff</a>   Asterisk<br>
                                    12<br>
  <a href="http://downloads.asterisk.org/pub/security/AST-2016-003-13.diff" rel="noreferrer" target="_blank">http://downloads.asterisk.org/pub/security/AST-2016-003-13.diff</a>   Asterisk<br>
                                    13<br>
<br>
  Links <a href="https://issues.asterisk.org/jira/browse/ASTERISK-25603" rel="noreferrer" target="_blank">https://issues.asterisk.org/jira/browse/ASTERISK-25603</a><br>
<br>
  Asterisk Project Security Advisories are posted at<br>
  <a href="http://www.asterisk.org/security" rel="noreferrer" target="_blank">http://www.asterisk.org/security</a><br>
<br>
  This document may be superseded by later versions; if so, the latest<br>
  version will be posted at<br>
  <a href="http://downloads.digium.com/pub/security/AST-2016-003.pdf" rel="noreferrer" target="_blank">http://downloads.digium.com/pub/security/AST-2016-003.pdf</a> and<br>
  <a href="http://downloads.digium.com/pub/security/AST-2016-003.html" rel="noreferrer" target="_blank">http://downloads.digium.com/pub/security/AST-2016-003.html</a><br>
<br>
                Revision History<br>
     Date      Editor         Revisions Made<br>
  December 7, 2015 Richard Mudgett Initial document created<br>
<br>
        Asterisk Project Security Advisory - AST-2016-003<br>
       Copyright (c) 2015 Digium, Inc. All Rights Reserved.<br>
 Permission is hereby granted to distribute and publish this advisory in its<br>
              original, unaltered form.<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" rel="noreferrer" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-dev mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
  <a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" rel="noreferrer" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a><br>
</font></span></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><span style="font-family:trebuchet ms,sans-serif">Sylvio Jollenbeck</span><div><span style="font-family:trebuchet ms,sans-serif">skype: sylvio.jollenbeck<br><font size="1"><a href="http://www.hosannatecnologia.com.br/" target="_blank">www.hosannatecnologia.com.br</a></font></span><br><img src="http://www.hosannatecnologia.com.br/pixel.fw.png"><br></div></div></div>
</div>