Asterisk Project Security Advisory - ASA-2007-019
±-----------------------------------------------------------------------+
| Product | Asterisk |
|--------------------±--------------------------------------------------|
| Summary | Remote crash vulnerability in Skinny channel |
| | driver |
|--------------------±--------------------------------------------------|
| Nature of Advisory | Denial of Service |
|--------------------±--------------------------------------------------|
| Susceptibility | Remote Authenticated Sessions |
|--------------------±--------------------------------------------------|
| Severity | Moderate |
|--------------------±--------------------------------------------------|
| Exploits Known | No |
|--------------------±--------------------------------------------------|
| Reported On | August 7, 2007 |
|--------------------±--------------------------------------------------|
| Reported By | Wei Wang of McAfee AVERT Labs |
|--------------------±--------------------------------------------------|
| Posted On | August 7, 2007 |
|--------------------±--------------------------------------------------|
| Last Updated On | August 7, 2007 |
|--------------------±--------------------------------------------------|
| Advisory Contact | Jason Parker <[email protected]> |
|--------------------±--------------------------------------------------|
| CVE Name | |
±-----------------------------------------------------------------------+
±-----------------------------------------------------------------------+
| Description | The Asterisk Skinny channel driver, chan_skinny, has a |
| | remotely exploitable crash vulnerability. A segfault can |
| | occur when Asterisk receives a |
| | "CAPABILITIES_RES_MESSAGE" packet where the capabilities |
| | count is greater than the total number of items in the |
| | capabilities_res_message array. Note that this requires |
| | an authenticated session. |
±-----------------------------------------------------------------------+
±-----------------------------------------------------------------------+
| Resolution | Asterisk code has been modified to limit the incoming |
| | capabilities count. |
| | |
| | Users with configured Skinny devices should upgrade to |
| | the appropriate version listed in the corrected in |
| | section of this advisory. |
±-----------------------------------------------------------------------+
±-----------------------------------------------------------------------+
Affected Versions |
---|
Product |
----------------------------------±------------±---------------------- |
Asterisk Open Source |
----------------------------------±------------±---------------------- |
Asterisk Open Source |
----------------------------------±------------±---------------------- |
Asterisk Open Source |
----------------------------------±------------±---------------------- |
Asterisk Business Edition |
----------------------------------±------------±---------------------- |
Asterisk Business Edition |
----------------------------------±------------±---------------------- |
AsteriskNOW |
----------------------------------±------------±---------------------- |
Asterisk Appliance Developer Kit |
----------------------------------±------------±---------------------- |
s800i (Asterisk Appliance) |
±-----------------------------------------------------------------------+ |
±-----------------------------------------------------------------------+
Corrected In |
---|
Product |
---------------±------------------------------------------------------- |
Asterisk Open |
Source |
---------------±------------------------------------------------------- |
AsteriskNOW |
---------------±------------------------------------------------------- |
Asterisk |
Appliance |
Developer Kit |
---------------±------------------------------------------------------- |
s800i |
(Asterisk |
Appliance) |
±-----------------------------------------------------------------------+ |
±-----------------------------------------------------------------------+
| Links | |
±-----------------------------------------------------------------------+
±-----------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security. |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/asa/ASA-2007-019.pdf and |
| http://downloads.digium.com/pub/asa/ASA-2007-019.html. |
±-----------------------------------------------------------------------+
±-----------------------------------------------------------------------+
Revision History |
---|
Date |
--------------------±-----------------------±------------------------- |
August 7, 2007 |
±-----------------------------------------------------------------------+ |
Asterisk Project Security Advisory - ASA-2007-019
Copyright (c) 2007 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/