Asterisk Security Team
2018-Feb-21 21:57 UTC
[asterisk-announce] AST-2018-003: Crash with an invalid SDP fmtp attribute
Asterisk Project Security Advisory - AST-2018-003 Product Asterisk Summary Crash with an invalid SDP fmtp attribute Nature of Advisory Remote crash Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On January 15, 2018 Reported By Sandro Gauci Posted On February 21, 2018 Last Updated On February 19, 2018 Advisory Contact Kevin Harwell <kharwell AT diguim DOT com> CVE Name Description By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to check if fmtp value is empty (set empty if previously parsed as invalid). The severity of this vulnerability is lessened since an endpoint must be authenticated prior to reaching the crash point, or it's configured with no authentication. Resolution A stricter check is now done when pjproject retrieves the fmtp attribute. Empty values are now properly handled. Affected Versions Product Release Series Asterisk Open Source 13.x All Releases Asterisk Open Source 14.x All Releases Asterisk Open Source 15.x All Releases Certified Asterisk 13.18 All Releases Corrected In Product Release Asterisk Open Source 13.19.2, 14.7.6, 15.2.2 Certified Asterisk 13.18-cert3 Patches SVN URL Revision http://downloads.asterisk.org/pub/security/AST-2018-003-13.diff Asterisk 13 http://downloads.asterisk.org/pub/security/AST-2018-003-14.diff Asterisk 14 http://downloads.asterisk.org/pub/security/AST-2018-003-15.diff Asterisk 15 http://downloads.asterisk.org/pub/security/AST-2018-003-13.18.diff Certified Asterisk 13.18 Links https://issues.asterisk.org/jira/browse/ASTERISK-27583 Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2018-003.pdf and http://downloads.digium.com/pub/security/AST-2018-003.html Revision History Date Editor Revisions Made January 30, 2018 Kevin Harwell Initial Revision Asterisk Project Security Advisory - AST-2018-003 Copyright (c) 2018 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.
Apparently Analagous Threads
- AST-2018-002: Crash when given an invalid SDP media format description
- Asterisk 13.19.2, 14.7.6, 15.2.2 and 13.18-cert3 Now Available (Security)
- AST-2018-004: Crash when receiving SUBSCRIBE request
- AST-2018-005: Crash when large numbers of TCP connections are closed suddenly
- AST-2017-014: Crash in PJSIP resource when missing a contact header