Asterisk Security Team
2018-Feb-21 21:57 UTC
[asterisk-announce] AST-2018-006: WebSocket frames with 0 sized payload causes DoS
Asterisk Project Security Advisory - AST-2018-006 Product Asterisk Summary WebSocket frames with 0 sized payload causes DoS Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On February 05, 2018 Reported By Sean Bright Posted On February 21, 2018 Last Updated On February 21, 2018 Advisory Contact bford AT digium DOT com CVE Name CVE-2018-7287 Description When reading a websocket, the length was not being checked. If a payload of length 0 was read, it would result in a busy loop that waited for the underlying connection to close. Resolution A patch to asterisk is available that checks for payloads of size 0 before attempting to read them. By default, Asterisk does not enable the HTTP server, which means it is not vulnerable to this problem. If the HTTP server is enabled, you can disable it if you do not need it. Otherwise, the patch provided with this security vulnerability can be applied. Either of these approaches will resolve the problem. Affected Versions Product Release Series Asterisk Open Source 15.x All versions Corrected In Product Release Asterisk Open Source 15.2.2 Patches SVN URL Revision http://downloads.asterisk.org/pub/security/AST-2018-006-15.diff Asterisk 15 Links https://issues.asterisk.org/jira/browse/ASTERISK-27658 http://downloads.asterisk.org/pub/security/AST-2018-006.html Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2018-006.pdf and http://downloads.digium.com/pub/security/AST-2018-006.html Revision History Date Editor Revisions Made February 15, 2018 Ben Ford Initial Revision February 21, 2018 Ben Ford Added CVE Name Asterisk Project Security Advisory - AST-2018-006 Copyright ?? 2018 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.
Possibly Parallel Threads
- AST-2019-006: SIP request can change address of a SIP peer.
- AST-2014-019: Remote Crash Vulnerability in WebSocket Server
- AST-2014-019: Remote Crash Vulnerability in WebSocket Server
- AST-2019-008: Re-invite with T.38 and malformed SDP causes crash.
- AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade