[asterisk-security] AST-2009-004: Remote Crash Vulnerability in RTP stack

Asterisk Security Team security at asterisk.org
Sun Aug 2 23:30:13 CDT 2009


               Asterisk Project Security Advisory - AST-2009-004

   +------------------------------------------------------------------------+
   |       Product        | Asterisk                                        |
   |----------------------+-------------------------------------------------|
   |       Summary        | Remote Crash Vulnerability in RTP stack         |
   |----------------------+-------------------------------------------------|
   |  Nature of Advisory  | Exploitable Crash                               |
   |----------------------+-------------------------------------------------|
   |    Susceptibility    | Remote unauthenticated sessions                 |
   |----------------------+-------------------------------------------------|
   |       Severity       | Critical                                        |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | July 27, 2009                                   |
   |----------------------+-------------------------------------------------|
   |     Reported By      | Marcus Hunger <hunger AT sipgate DOT de>        |
   |----------------------+-------------------------------------------------|
   |      Posted On       | August 2, 2009                                  |
   |----------------------+-------------------------------------------------|
   |   Last Updated On    | August 2, 2009                                  |
   |----------------------+-------------------------------------------------|
   |   Advisory Contact   | Mark Michelson <mmichelson AT digium DOT com>   |
   |----------------------+-------------------------------------------------|
   |       CVE Name       |                                                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | An attacker can cause Asterisk to crash remotely by      |
   |             | sending malformed RTP text frames. While the attacker    |
   |             | can cause Asterisk to crash, he cannot execute arbitrary |
   |             | remote code with this exploit.                           |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Users should upgrade to a version listed in the           |
   |            | "Corrected In" section below.                             |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |            Product            | Release Series |                       |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.2.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.4.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.6.x      | All 1.6.1 versions    |
   |-------------------------------+----------------+-----------------------|
   |        Asterisk Addons        |     1.2.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |        Asterisk Addons        |     1.4.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |        Asterisk Addons        |     1.6.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |   Asterisk Business Edition   |     A.x.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |   Asterisk Business Edition   |     B.x.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |   Asterisk Business Edition   |     C.x.x      | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |          AsteriskNOW          |      1.5       | Unaffected            |
   |-------------------------------+----------------+-----------------------|
   |  s800i (Asterisk Appliance)   |     1.2.x      | Unaffected            |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                   Product                   |         Release          |
   |---------------------------------------------+--------------------------|
   |         Open Source Asterisk 1.6.1          |         1.6.1.2          |
   |---------------------------------------------+--------------------------|
   |---------------------------------------------+--------------------------|
   +------------------------------------------------------------------------+

  +----------------------------------------------------------------------------+
  |                                  Patches                                   |
  |----------------------------------------------------------------------------|
  |                              SVN URL                               |Version|
  |--------------------------------------------------------------------+-------|
  |http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt| 1.6.1 |
  |--------------------------------------------------------------------+-------|
  +----------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2009-004.pdf and          |
   | http://downloads.digium.com/pub/security/AST-2009-004.html             |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                            Revision History                            |
   |------------------------------------------------------------------------|
   |      Date      |     Editor      |           Revisions Made            |
   |----------------+-----------------+-------------------------------------|
   | 27 Jul, 2009   | Mark Michelson  | Initial Draft                       |
   |----------------+-----------------+-------------------------------------|
   | 31 Jul, 2009   | Mark Michelson  | Added sentence about how remote     |
   |                |                 | code cannot be executed.            |
   |----------------+-----------------+-------------------------------------|
   | August 2, 2009 | Tilghman Lesher | Public release                      |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2009-004
              Copyright (c) 2009 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.




More information about the asterisk-security mailing list