Posted: Tue Aug 07, 2007 10:12 pm Post subject: [asterisk-announce] ASA-2007-019: Remote crash vulnerability
Asterisk Project Security Advisory - ASA-2007-019
+------------------------------------------------------------------------+
| Product | Asterisk |
|--------------------+---------------------------------------------------|
| Summary | Remote crash vulnerability in Skinny channel |
| | driver |
|--------------------+---------------------------------------------------|
| Nature of Advisory | Denial of Service |
|--------------------+---------------------------------------------------|
| Susceptibility | Remote Authenticated Sessions |
|--------------------+---------------------------------------------------|
| Severity | Moderate |
|--------------------+---------------------------------------------------|
| Exploits Known | No |
|--------------------+---------------------------------------------------|
| Reported On | August 7, 2007 |
|--------------------+---------------------------------------------------|
| Reported By | Wei Wang of McAfee AVERT Labs |
|--------------------+---------------------------------------------------|
| Posted On | August 7, 2007 |
|--------------------+---------------------------------------------------|
| Last Updated On | August 7, 2007 |
|--------------------+---------------------------------------------------|
| Advisory Contact | Jason Parker <jparker@digium.com> |
|--------------------+---------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | The Asterisk Skinny channel driver, chan_skinny, has a |
| | remotely exploitable crash vulnerability. A segfault can |
| | occur when Asterisk receives a |
| | "CAPABILITIES_RES_MESSAGE" packet where the capabilities |
| | count is greater than the total number of items in the |
| | capabilities_res_message array. Note that this requires |
| | an authenticated session. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Asterisk code has been modified to limit the incoming |
| | capabilities count. |
| | |
| | Users with configured Skinny devices should upgrade to |
| | the appropriate version listed in the corrected in |
| | section of this advisory. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release | |
| | Series | |
|----------------------------------+-------------+-----------------------|
| Asterisk Open Source | 1.0.x | Not affected |
|----------------------------------+-------------+-----------------------|
| Asterisk Open Source | 1.2.x | Not affected |
|----------------------------------+-------------+-----------------------|
| Asterisk Open Source | 1.4.x | All versions prior to |
| | | 1.4.10 |
|----------------------------------+-------------+-----------------------|
| Asterisk Business Edition | A.x.x | Not affected |
|----------------------------------+-------------+-----------------------|
| Asterisk Business Edition | B.x.x | Not affected |
|----------------------------------+-------------+-----------------------|
| AsteriskNOW | pre-release | All versions prior to |
| | | beta7 |
|----------------------------------+-------------+-----------------------|
| Asterisk Appliance Developer Kit | 0.x.x | All versions prior to |
| | | 0.7.0 |
|----------------------------------+-------------+-----------------------|
| s800i (Asterisk Appliance) | 1.0.x | All versions prior to |
| | | 1.0.3 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|---------------+--------------------------------------------------------|
| Asterisk Open | 1.4.10, available from |
| Source | http://downloads.digium.com/pub/telephony/asterisk |
|---------------+--------------------------------------------------------|
| AsteriskNOW | Beta7, available from http://www.asterisknow.org/. |
| | Beta5 and Beta6 users can update using the system |
| | update feature in the appliance control panel. |
|---------------+--------------------------------------------------------|
| Asterisk | 0.7.0, available from |
| Appliance | http://downloads.digium.com/pub/telephony/aadk |
| Developer Kit | |
|---------------+--------------------------------------------------------|
| s800i | 1.0.3 |
| (Asterisk | |
| Appliance) | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|--------------------+------------------------+--------------------------|
| August 7, 2007 | jparker@digium.com | Initial Release |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - ASA-2007-019
Copyright (c) 2007 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum