Tzafrir Cohen
2012-May-30 14:36 UTC
[Secure-testing-team] Bug#675210: asterisk: AST-2012-008 (CVE-2012-2948): remote crash issue in chan_skinny
Package: asterisk Version: 1:1.8.11.1~dfsg-1 Severity: grave Tags: upstream patch security Justification: user security hole When a skinny session is unregistered, the corresponding device pointer is set to NULL in the channel private data. If the client was not in the on-hook state at the time the connection was closed, the device pointer can later be dereferenced if a message or channel event attempts to use a line''s pointer to said device. The patches prevent this from occurring by checking the line''s pointer in message handlers and channel callbacks that can fire after an unregistration attempt. Expliting this requires an established Skinny session, which implies a configured Skinny (SCCP) device. If you have no idea what this means, you don''t have one. For Wheezy and Sid, 1.8.12.2 is to be used. For Squeeze, Upstream''s patch has been adapted and is included in the pkg-voip SVN. -- System Information: Debian Release: wheezy/sid Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=he_IL.UTF-8, LC_CTYPE=he_IL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash