[asterisk-bugs] [JIRA] (ASTERISK-23489) Vulnerability in res_pjsip_pubsub: unauthenticated remote crash in during MWI unsubscribe without being subscribed

Matt Jordan (JIRA) noreply at issues.asterisk.org
Tue Jul 8 09:56:10 CDT 2014


     [ https://issues.asterisk.org/jira/browse/ASTERISK-23489?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Matt Jordan updated ASTERISK-23489:
-----------------------------------

    Target Release Version/s: 12.4.0

> Vulnerability in res_pjsip_pubsub: unauthenticated remote crash in during MWI unsubscribe without being subscribed
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-23489
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-23489
>             Project: Asterisk
>          Issue Type: Bug
>          Components: Resources/res_pjsip_pubsub
>    Affects Versions: SVN, 12.1.0
>         Environment: Asterisk trunk r410556, PJSIP trunk r4797
>            Reporter: John Bigelow
>            Assignee: Kevin Harwell
>            Severity: Critical
>              Labels: Security
>      Target Release: 12.3.1, 12.4.0
>
>         Attachments: ASTERISK-23489.patch, ASTERISK-23489v2.patch, backtrace_14905.txt, full.txt, vulnerability-demo.tar.gz
>
>
> I found that attempting to unsubscribe from MWI when not currently subscribed causes Asterisk to crash with the below output. The SUBSCRIBE is matched to endpoint based on name with no auth.
> Attachments:
> * backtrace_14905.txt: backtrace of crash
> * full.txt: Asterisk full debug log
> * vulnerability-demo.tar.gz: testsuite test that causes the crash
> {code}
> [Mar 14 11:05:17] WARNING[8603]: asterisk:126 errReceived: Asterisk 127.0.0.1 received error: asterisk: ../src/pjsip-simple/
> evsub.c:510: set_timer: Assertion `seconds > 0' failed.
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list