Asterisk Security Team
2009-Mar-10 17:38 UTC
[asterisk-users] AST-2009-002: Remote Crash Vulnerability in SIP channel driver
Asterisk Project Security Advisory - AST-2009-002
+------------------------------------------------------------------------+
| Product | Asterisk |
|---------------------+--------------------------------------------------|
| Summary | Remote Crash Vulnerability in SIP channel driver |
|---------------------+--------------------------------------------------|
| Nature of Advisory | Denial of Service |
|---------------------+--------------------------------------------------|
| Susceptibility | Remote Authenticated Sessions |
|---------------------+--------------------------------------------------|
| Severity | Moderate |
|---------------------+--------------------------------------------------|
| Exploits Known | No |
|---------------------+--------------------------------------------------|
| Reported On | February 6, 2009 |
|---------------------+--------------------------------------------------|
| Reported By | bugs.digium.com user klaus3000 |
|---------------------+--------------------------------------------------|
| Posted On | March 10, 2009 |
|---------------------+--------------------------------------------------|
| Last Updated On | March 10, 2009 |
|---------------------+--------------------------------------------------|
| Advisory Contact | Joshua Colp <jcolp at digium.com>
|
|---------------------+--------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | When configured with pedantic=yes the SIP channel driver |
| | performs extra request URI checking on an INVITE |
| | received as a result of a SIP spiral. As part of this |
| | extra checking the headers from the outgoing SIP INVITE |
| | sent and the received SIP INVITE are compared. The code |
| | incorrectly assumes that the string for each header |
| | passed in will be non-NULL in all cases. This is |
| | incorrect because if no headers are present the value |
| | passed in will be NULL. |
| | |
| | The values passed into the code are now checked to be |
| | non-NULL before being compared. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Upgrade to revision 174082 of the 1.4 branch, 174085 of |
| | the 1.6.0 branch, 174086 of the 1.6.1 branch, or one of |
| | the releases noted below. |
| | |
| | The pedantic option in the SIP channel driver can also be |
| | turned off to prevent this issue from occurring. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release | |
| | Series | |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.2.x | Not affected |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.4.x | Versions 1.4.22, 1.4.23, |
| | | 1.4.23.1 |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.6.0.x | All versions prior to 1.6.0.6 |
|----------------------------+---------+---------------------------------|
| Asterisk Open Source | 1.6.1.x | All versions prior to |
| | | 1.6.1.0-rc2 |
|----------------------------+---------+---------------------------------|
| Asterisk Addons | 1.2.x | Not affected |
|----------------------------+---------+---------------------------------|
| Asterisk Addons | 1.4.x | Not affected |
|----------------------------+---------+---------------------------------|
| Asterisk Addons | 1.6.x | Not affected |
|----------------------------+---------+---------------------------------|
| Asterisk Business Edition | A.x.x | Not affected |
|----------------------------+---------+---------------------------------|
| Asterisk Business Edition | B.x.x | Not affected |
|----------------------------+---------+---------------------------------|
| Asterisk Business Edition | C.x.x | Only version C.2.3 |
|----------------------------+---------+---------------------------------|
| s800i (Asterisk Appliance) | 1.2.x | Not affected |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|-------------------------------------------+----------------------------|
| Asterisk Open Source | 1.4.23.2 |
|-------------------------------------------+----------------------------|
| Asterisk Open Source | 1.6.0.6 |
|-------------------------------------------+----------------------------|
| Asterisk Open Source | 1.6.1.0-rc2 |
|-------------------------------------------+----------------------------|
| Asterisk Business Edition | C.2.3.2 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Patches |
|------------------------------------------------------------------------|
| URL |Branch|
|-----------------------------------------------------------------+------|
|http://downloads.digium.com/pub/security/AST-2009-002-1.4.diff |1.4 |
|-----------------------------------------------------------------+------|
|http://downloads.digium.com/pub/security/AST-2009-002-1.6.0.diff |1.6.0 |
|-----------------------------------------------------------------+------|
|http://downloads.digium.com/pub/security/AST-2009-002-1.6.1.diff |1.6.1 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Links | http://bugs.digium.com/view.php?id=14417 |
| | |
| | http://bugs.digium.com/view.php?id=13547 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2009-002.pdf and |
| http://downloads.digium.com/pub/security/AST-2009-002.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|------------------+--------------------+--------------------------------|
| 2009-03-10 | Joshua Colp | Initial release |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2009-002
Copyright (c) 2009 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.