[asterisk-security] AST-2010-001: T.38 Remote Crash Vulnerability

Asterisk Security Team security at asterisk.org
Tue Feb 2 16:40:17 CST 2010


               Asterisk Project Security Advisory - AST-2010-001

   +------------------------------------------------------------------------+
   |       Product        | Asterisk                                        |
   |----------------------+-------------------------------------------------|
   |       Summary        | T.38 Remote Crash Vulnerability                 |
   |----------------------+-------------------------------------------------|
   |  Nature of Advisory  | Denial of Service                               |
   |----------------------+-------------------------------------------------|
   |    Susceptibility    | Remote unauthenticated sessions                 |
   |----------------------+-------------------------------------------------|
   |       Severity       | Critical                                        |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | 12/03/09                                        |
   |----------------------+-------------------------------------------------|
   |     Reported By      | issues.asterisk.org users bklang and elsto      |
   |----------------------+-------------------------------------------------|
   |      Posted On       | 02/03/10                                        |
   |----------------------+-------------------------------------------------|
   |   Last Updated On    | February 2, 2010                                |
   |----------------------+-------------------------------------------------|
   |   Advisory Contact   | David Vossel < dvossel AT digium DOT com >      |
   |----------------------+-------------------------------------------------|
   |       CVE Name       | CVE-2010-0441                                   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | An attacker attempting to negotiate T.38 over SIP can    |
   |             | remotely crash Asterisk by modifying the FaxMaxDatagram  |
   |             | field of the SDP to contain either a negative or         |
   |             | exceptionally large value. The same crash occurs when    |
   |             | the FaxMaxDatagram field is omitted from the SDP as      |
   |             | well.                                                    |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Upgrade to one of the versions of Asterisk listed in the  |
   |            | "Corrected In" section, or apply a patch specified in the |
   |            | "Patches" section.                                        |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              | Release Series |                    |
   |----------------------------------+----------------+--------------------|
   |       Asterisk Open Source       |     1.6.x      | All versions       |
   |----------------------------------+----------------+--------------------|
   |    Asterisk Business Edition     |      C.3       | All versions       |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                 Product                  |           Release           |
   |------------------------------------------+-----------------------------|
   |           Asterisk Open Source           |          1.6.0.22           |
   |------------------------------------------+-----------------------------|
   |           Asterisk Open Source           |          1.6.1.14           |
   |------------------------------------------+-----------------------------|
   |           Asterisk Open Source           |           1.6.2.2           |
   |------------------------------------------+-----------------------------|
   |                                          |           C.3.3.2           |
   +------------------------------------------------------------------------+

   +-------------------------------------------------------------------------+
   |                                 Patches                                 |
   |-------------------------------------------------------------------------|
   |                             SVN URL                              |Branch|
   |------------------------------------------------------------------+------|
   |http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff|v1.6.0|
   |------------------------------------------------------------------+------|
   |http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff|v1.6.1|
   |------------------------------------------------------------------+------|
   |http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff|v1.6.2|
   +-------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |     Links      | https://issues.asterisk.org/view.php?id=16634         |
   |                |                                                       |
   |                | https://issues.asterisk.org/view.php?id=16724         |
   |                |                                                       |
   |                | https://issues.asterisk.org/view.php?id=16517         |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/.pdf and                      |
   | http://downloads.digium.com/pub/security/.html                         |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                            Revision History                            |
   |------------------------------------------------------------------------|
   |      Date      |        Editor        |         Revisions Made         |
   |----------------+----------------------+--------------------------------|
   | 02/02/10       | David Vossel         | Initial release                |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2010-001
              Copyright (c) 2010 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.




More information about the asterisk-security mailing list