Asterisk Security Team
2012-Jun-14 20:06 UTC
[asterisk-announce] AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability
Asterisk Project Security Advisory - AST-2012-009 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Reported On May 30, 2012 Reported By Christoph Hebeisen, TELUS Security Labs Posted On June 14, 2012 Last Updated On June 14, 2012 Advisory Contact Matt Jordan < mjordan AT digium DOT com > CVE Name CVE-2012-3553 Description AST-2012-008 previously dealt with a denial of service attack exploitable in the Skinny channel driver that occurred when certain messages are sent after a previously registered station sends an Off Hook message. Unresolved in that patch is an issue in the Asterisk 10 releases, wherein, if a Station Key Pad Button Message is processed after an Off Hook message, the channel driver will inappropriately dereference a Null pointer. Similar to AST-2012-008, a remote attacker with a valid SCCP ID can can use this vulnerability by closing a connection to the Asterisk server when a station is in the "Off Hook" call state and crash the server. Resolution The presence of a device for a line is now checked in the appropriate channel callbacks, preventing the crash. Affected Versions Product Release Series Asterisk Open Source 10.x All Versions Corrected In Product Release Asterisk Open Source 10.5.1 Patches SVN URL Revision http://downloads.asterisk.org/pub/security/AST-2012-009-10.diff v10 Links https://issues.asterisk.org/jira/browse/ASTERISK-19905 Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2012-009.pdf and http://downloads.digium.com/pub/security/AST-2012-009.html Revision History Date Editor Revisions Made 06/14/2012 Matt Jordan Initial Release Asterisk Project Security Advisory - AST-2012-009 Copyright (c) 2012 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.