[asterisk-users] AST-2011-001: Stack buffer overflow in SIP channel driver
Jeff LaCoursiere
jeff at sunfone.com
Tue Jan 18 10:53:38 CST 2011
On Tue, 18 Jan 2011, Asterisk Security Team wrote:
> Asterisk Project Security Advisory - AST-2011-001
>
> Product Asterisk
> Summary Stack buffer overflow in SIP channel driver
> Nature of Advisory Exploitable Stack Buffer Overflow
> Susceptibility Remote Authenticated Sessions
> Severity Moderate
> Exploits Known No
> Reported On January 11, 2011
> Reported By Matthew Nicholson
> Posted On January 18, 2011
> Last Updated On January 18, 2011
> Advisory Contact Matthew Nicholson <mnicholson at digium.com>
> CVE Name
>
> Description When forming an outgoing SIP request while in pedantic mode, a
> stack buffer can be made to overflow if supplied with
> carefully crafted caller ID information. This vulnerability
> also affects the URIENCODE dialplan function and in some
> versions of asterisk, the AGI dialplan application as well.
> The ast_uri_encode function does not properly respect the size
> of its output buffer and can write past the end of it when
> encoding URIs.
>
Am I correct in assuming this is only exploitable by registered endpoints?
Thanks,
j
More information about the asterisk-users
mailing list