Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17717
HistoryAug 08, 2007 - 12:00 a.m.

[Full-disclosure] ASA-2007-019: Remote crash vulnerability in Skinny channel driver

2007-08-0800:00:00
vulners.com
10
           Asterisk Project Security Advisory - ASA-2007-019

±-----------------------------------------------------------------------+
| Product | Asterisk |
|--------------------±--------------------------------------------------|
| Summary | Remote crash vulnerability in Skinny channel |
| | driver |
|--------------------±--------------------------------------------------|
| Nature of Advisory | Denial of Service |
|--------------------±--------------------------------------------------|
| Susceptibility | Remote Authenticated Sessions |
|--------------------±--------------------------------------------------|
| Severity | Moderate |
|--------------------±--------------------------------------------------|
| Exploits Known | No |
|--------------------±--------------------------------------------------|
| Reported On | August 7, 2007 |
|--------------------±--------------------------------------------------|
| Reported By | Wei Wang of McAfee AVERT Labs |
|--------------------±--------------------------------------------------|
| Posted On | August 7, 2007 |
|--------------------±--------------------------------------------------|
| Last Updated On | August 7, 2007 |
|--------------------±--------------------------------------------------|
| Advisory Contact | Jason Parker <[email protected]> |
|--------------------±--------------------------------------------------|
| CVE Name | |
±-----------------------------------------------------------------------+

±-----------------------------------------------------------------------+
| Description | The Asterisk Skinny channel driver, chan_skinny, has a |
| | remotely exploitable crash vulnerability. A segfault can |
| | occur when Asterisk receives a |
| | "CAPABILITIES_RES_MESSAGE" packet where the capabilities |
| | count is greater than the total number of items in the |
| | capabilities_res_message array. Note that this requires |
| | an authenticated session. |
±-----------------------------------------------------------------------+

±-----------------------------------------------------------------------+
| Resolution | Asterisk code has been modified to limit the incoming |
| | capabilities count. |
| | |
| | Users with configured Skinny devices should upgrade to |
| | the appropriate version listed in the corrected in |
| | section of this advisory. |
±-----------------------------------------------------------------------+

±-----------------------------------------------------------------------+

Affected Versions
Product
----------------------------------±------------±----------------------
Asterisk Open Source
----------------------------------±------------±----------------------
Asterisk Open Source
----------------------------------±------------±----------------------
Asterisk Open Source
----------------------------------±------------±----------------------
Asterisk Business Edition
----------------------------------±------------±----------------------
Asterisk Business Edition
----------------------------------±------------±----------------------
AsteriskNOW
----------------------------------±------------±----------------------
Asterisk Appliance Developer Kit
----------------------------------±------------±----------------------
s800i (Asterisk Appliance)
±-----------------------------------------------------------------------+

±-----------------------------------------------------------------------+

Corrected In
Product
---------------±-------------------------------------------------------
Asterisk Open
Source
---------------±-------------------------------------------------------
AsteriskNOW
---------------±-------------------------------------------------------
Asterisk
Appliance
Developer Kit
---------------±-------------------------------------------------------
s800i
(Asterisk
Appliance)
±-----------------------------------------------------------------------+

±-----------------------------------------------------------------------+
| Links | |
±-----------------------------------------------------------------------+

±-----------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security. |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/asa/ASA-2007-019.pdf and |
| http://downloads.digium.com/pub/asa/ASA-2007-019.html. |
±-----------------------------------------------------------------------+

±-----------------------------------------------------------------------+

Revision History
Date
--------------------±-----------------------±-------------------------
August 7, 2007
±-----------------------------------------------------------------------+
           Asterisk Project Security Advisory - ASA-2007-019
          Copyright &#40;c&#41; 2007 Digium, Inc. All Rights Reserved.

Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/