[asterisk-security] ASA-2007-019: Remote crash vulnerability in Skinny channel driver

The Asterisk Development Team asteriskteam at digium.com
Tue Aug 7 16:45:07 CDT 2007


               Asterisk Project Security Advisory - ASA-2007-019

   +------------------------------------------------------------------------+
   |      Product       | Asterisk                                          |
   |--------------------+---------------------------------------------------|
   |      Summary       | Remote crash vulnerability in Skinny channel      |
   |                    | driver                                            |
   |--------------------+---------------------------------------------------|
   | Nature of Advisory | Denial of Service                                 |
   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Authenticated Sessions                     |
   |--------------------+---------------------------------------------------|
   |      Severity      | Moderate                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | August 7, 2007                                    |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Wei Wang of McAfee AVERT Labs                     |
   |--------------------+---------------------------------------------------|
   |     Posted On      | August 7, 2007                                    |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | August 7, 2007                                    |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Jason Parker <jparker at digium.com>                 |
   |--------------------+---------------------------------------------------|
   |      CVE Name      |                                                   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | The Asterisk Skinny channel driver, chan_skinny, has a   |
   |             | remotely exploitable crash vulnerability. A segfault can |
   |             | occur when Asterisk receives a                           |
   |             | "CAPABILITIES_RES_MESSAGE" packet where the capabilities |
   |             | count is greater than the total number of items in the   |
   |             | capabilities_res_message array. Note that this requires  |
   |             | an authenticated session.                                |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Asterisk code has been modified to limit the incoming     |
   |            | capabilities count.                                       |
   |            |                                                           |
   |            | Users with configured Skinny devices should upgrade to    |
   |            | the appropriate version listed in the corrected in        |
   |            | section of this advisory.                                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              |   Release   |                       |
   |                                  |   Series    |                       |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.0.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.2.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.4.x    | All versions prior to |
   |                                  |             | 1.4.10                |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    A.x.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    B.x.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |           AsteriskNOW            | pre-release | All versions prior to |
   |                                  |             | beta7                 |
   |----------------------------------+-------------+-----------------------|
   | Asterisk Appliance Developer Kit |    0.x.x    | All versions prior to |
   |                                  |             | 0.7.0                 |
   |----------------------------------+-------------+-----------------------|
   |    s800i (Asterisk Appliance)    |    1.0.x    | All versions prior to |
   |                                  |             | 1.0.3                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |    Product    |                        Release                         |
   |---------------+--------------------------------------------------------|
   | Asterisk Open |                 1.4.10, available from                 |
   |    Source     |   http://downloads.digium.com/pub/telephony/asterisk   |
   |---------------+--------------------------------------------------------|
   |  AsteriskNOW  |   Beta7, available from http://www.asterisknow.org/.   |
   |               |   Beta5 and Beta6 users can update using the system    |
   |               |     update feature in the appliance control panel.     |
   |---------------+--------------------------------------------------------|
   |   Asterisk    |                 0.7.0, available from                  |
   |   Appliance   |     http://downloads.digium.com/pub/telephony/aadk     |
   | Developer Kit |                                                        |
   |---------------+--------------------------------------------------------|
   |     s800i     |                         1.0.3                          |
   |   (Asterisk   |                                                        |
   |  Appliance)   |                                                        |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security.                                      |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/asa/ASA-2007-019.pdf and               |
   | http://downloads.digium.com/pub/asa/ASA-2007-019.html.                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                            Revision History                            |
   |------------------------------------------------------------------------|
   |        Date        |         Editor         |      Revisions Made      |
   |--------------------+------------------------+--------------------------|
   | August 7, 2007     | jparker at digium.com     | Initial Release          |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - ASA-2007-019
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.



More information about the asterisk-security mailing list