[asterisk-users] AST-2011-001: Stack buffer overflow in SIP channel driver

Marc Leurent lftsy at leurent.eu
Wed Jan 19 02:14:55 CST 2011


Good morning,
I have a simple question,
Is this problem would affect also an Asterisk 1.4.38 if   "Pedantic SIP support:   No" in the Global Signalling Settings
For what I understood, no..
Or is it a simple way to postpone upgrade until next planned upgrade.

Best Regards


Le mardi 18 janvier 2011 17:35:31, Asterisk Security Team a écrit :
>                Asterisk Project Security Advisory - AST-2011-001
> 
>          Product        Asterisk                                              
>          Summary        Stack buffer overflow in SIP channel driver           
>     Nature of Advisory  Exploitable Stack Buffer Overflow                     
>       Susceptibility    Remote Authenticated Sessions                         
>          Severity       Moderate                                              
>       Exploits Known    No                                                    
>        Reported On      January 11, 2011                                      
>        Reported By      Matthew Nicholson                                     
>         Posted On       January 18, 2011                                      
>      Last Updated On    January 18, 2011                                      
>      Advisory Contact   Matthew Nicholson <mnicholson at digium.com>             
>          CVE Name       
> 
>    Description When forming an outgoing SIP request while in pedantic mode, a 
>                stack buffer can be made to overflow if supplied with          
>                carefully crafted caller ID information. This vulnerability    
>                also affects the URIENCODE dialplan function and in some       
>                versions of asterisk, the AGI dialplan application as well.    
>                The ast_uri_encode function does not properly respect the size 
>                of its output buffer and can write past the end of it when     
>                encoding URIs.                                                 
> 
>    Resolution The size of the output buffer passed to the ast_uri_encode      
>               function is now properly respected.                             
>                                                                               
>               In asterisk versions not containing the fix for this issue,     
>               limiting strings originating from remote sources that will be   
>               URI encoded to a length of 40 characters will protect against   
>               this vulnerability.                                             
>                                                                               
>               exten => s,1,Set(CALLERID(num)=${CALLERID(num):0:40})           
>               exten => s,n,Set(CALLERID(name)=${CALLERID(name):0:40})         
>               exten => s,n,Dial(SIP/channel)                                  
>                                                                               
>               The CALLERID(num) and CALLERID(name) channel values, and any    
>               strings passed to the URIENCODE dialplan function should be     
>               limited in this manner.                                         
> 
>                                Affected Versions
>                 Product              Release Series 
>          Asterisk Open Source            1.2.x      All versions              
>          Asterisk Open Source            1.4.x      All versions              
>          Asterisk Open Source            1.6.x      All versions              
>          Asterisk Open Source            1.8.x      All versions              
>        Asterisk Business Edition         C.x.x      All versions              
>               AsteriskNOW                 1.5       All versions              
>       s800i (Asterisk Appliance)         1.2.x      All versions              
> 
>                                   Corrected In
>             Product                              Release                      
>      Asterisk Open Source       1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1,     
>                                        1.6.2.16.1, 1.8.1.2, 1.8.2.1           
>    Asterisk Business Edition                     C.3.6.2                      
> 
>                                     Patches                            
>                                    URL                                 Branch 
>    http://downloads.asterisk.org/pub/security/AST-2011-001-1.4.diff    1.4    
>    http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.1.diff  1.6.1  
>    http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff  1.6.2  
>    http://downloads.asterisk.org/pub/security/AST-2011-001-1.8.diff    1.8    
> 
>    Asterisk Project Security Advisories are posted at                         
>    http://www.asterisk.org/security                                           
>                                                                               
>    This document may be superseded by later versions; if so, the latest       
>    version will be posted at                                                  
>    http://downloads.digium.com/pub/security/AST-2011-001.pdf and              
>    http://downloads.digium.com/pub/security/AST-2011-001.html                 
> 
>                                 Revision History
>          Date                 Editor                  Revisions Made          
>    2011-01-18        Matthew Nicholson        Initial Release                 
> 
>                Asterisk Project Security Advisory - AST-2011-001
>               Copyright (c) 2011 Digium, Inc. All Rights Reserved.
>   Permission is hereby granted to distribute and publish this advisory in its
>                            original, unaltered form.
> 
> 
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
> 



More information about the asterisk-users mailing list