[asterisk-security] AST-2012-007: Remote crash vulnerability in IAX2 channel driver.
Martin Hairer
Martin.Hairer at medel.com
Tue May 29 23:09:13 CDT 2012
hi. this massege sounds very similar with our iax2 problem
Sent from my iPhone
On 30 May 2012, at 00:57, "Asterisk Security Team" <security at asterisk.org> wrote:
> Asterisk Project Security Advisory - AST-2012-007
>
> Product Asterisk
> Summary Remote crash vulnerability in IAX2 channel driver.
> Nature of Advisory Remote crash
> Susceptibility Established calls
> Severity Moderate
> Exploits Known No
> Reported On March 21, 2012
> Reported By mgrobecker
> Posted On May 29, 2012
> Last Updated On May 29, 2012
> Advisory Contact Richard Mudgett < rmudgett AT digium DOT com >
> CVE Name CVE-2012-2947
>
> Description A remotely exploitable crash vulnerability exists in the
> IAX2 channel driver if an established call is placed on
> hold without a suggested music class. For this to occur,
> the following must take place:
>
> 1. The setting mohinterpret=passthrough must be set on the
> end placing the call on hold.
>
> 2. A call must be established.
>
> 3. The call is placed on hold without a suggested
> music-on-hold class name.
>
> When these conditions are true, Asterisk will attempt to
> use an invalid pointer to a music-on-hold class name. Use
> of the invalid pointer will either cause a crash or the
> music-on-hold class name will be garbage.
>
> Resolution Asterisk now sets the extra data parameter to null if the
> received control frame does not have any extra data.
>
> Affected Versions
> Product Release Series
> Certified Asterisk 1.8.11-cert All versions
> Asterisk Open Source 1.8.x All versions
> Asterisk Open Source 10.x All versions
>
> Corrected In
> Product Release
> Certified Asterisk 1.8.11-cert2
> Asterisk Open Source 1.8.12.1, 10.4.1
>
> Patches
> SVN URL Revision
> http://downloads.asterisk.org/pub/security/AST-2012-007-1.8.11-cert.diff v1.8.11-cert
> http://downloads.asterisk.org/pub/security/AST-2012-007-1.8.diff v1.8
> http://downloads.asterisk.org/pub/security/AST-2012-007-10.diff v10
>
> Links https://issues.asterisk.org/jira/browse/ASTERISK-19597
>
> Asterisk Project Security Advisories are posted at
> http://www.asterisk.org/security
>
> This document may be superseded by later versions; if so, the latest
> version will be posted at
> http://downloads.digium.com/pub/security/AST-2012-007.pdf and
> http://downloads.digium.com/pub/security/AST-2012-007.html
>
> Revision History
> Date Editor Revisions Made
> 05/29/2012 Richard Mudgett Initial release.
>
> Asterisk Project Security Advisory - AST-2012-007
> Copyright (c) 2012 Digium, Inc. All Rights Reserved.
> Permission is hereby granted to distribute and publish this advisory in its
> original, unaltered form.
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-security mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-security
More information about the asterisk-security
mailing list