thr3ads.net - Secure testing team - [Secure-testing-team] Bug#631446: asterisk: AST-2011-008 (CVE-2011-2529) - remote unauthenticated (null character) [Jun 2011]

If this information is useful, please help other people find it:
Share via:

Tzafrir Cohen

2011-Jun-23 22:41 UTC

[Secure-testing-team] Bug#631446: asterisk: AST-2011-008 (CVE-2011-2529) - remote unauthenticated (null character)

Package: asterisk
Version: 1:1.8.4.2-1
Severity: grave
Tags: security upstream patch
Justification: user security hole

If a remote user sends a SIP packet containing a null, Asterisk assumes
available data extends past the null to the end of the packet when the
buffer is actually truncated when copied.  This causes SIP header
parsing to modify data past the end of the buffer altering unrelated
memory structures.  This vulnerability does not affect TCP/TLS
connections.

Issue applies to the versions in Squeeze and Wheezy/Sid, but not to
Asterisk version 1.4 in Lenny.

For more information, see 
http://downloads.asterisk.org/pub/security/AST-2011-008.html
(for patches as well)

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, ''testing''), (1,
''experimental'')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.39-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=he_IL.UTF-8, LC_CTYPE=he_IL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages asterisk depends on:
ii  adduser             3.112+nmu2           add and remove users and groups
ii  asterisk-config     1:1.8.4.2-1          Configuration files for Asterisk
ii  asterisk-modules    1:1.8.4.2-1          loadable modules for the Asterisk 
ii  asterisk-sounds-mai 1:1.6.2.9-2+squeeze1 Core Sound files for Asterisk (Eng
ii  libc6               2.13-4               Embedded GNU C Library: Shared lib
ii  libcap2             1:2.21-1             support for getting/setting POSIX.
ii  libgcc1             1:4.6.0-10           GCC support library
ii  libncurses5         5.9-1                shared libraries for terminal hand
ii  libssl1.0.0         1.0.0d-2             SSL shared libraries
ii  libstdc++6          4.6.0-10             The GNU Standard C++ Library v3
ii  libxml2             2.7.8.dfsg-3         GNOME XML library

Versions of packages asterisk recommends:
ii  asterisk-moh-opsound-gsm     2.03-1      asterisk extra sound files - Engli
ii  asterisk-voicemail           1:1.8.4.2-1 simple voicemail support for the A
ii  sox                          14.3.2-1    Swiss army knife of sound processi

Versions of packages asterisk suggests:
pn  asterisk-dahdi               <none>      (no description available)
ii  asterisk-dev                 1:1.8.4.2-1 Development files for Asterisk
ii  asterisk-doc                 1:1.8.4.2-1 Source code documentation for Aste
pn  asterisk-ooh323              <none>      (no description available)

-- no debconf information

Secure testing team - Jun 2011 - Bug#631446: asterisk: AST-2011-008 (CVE-2011-2529) - remote unauthenticated (null character)

[Secure-testing-team] Bug#631446: asterisk: AST-2011-008 (CVE-2011-2529) - remote unauthenticated (null character)