[asterisk-security] AST-2017-004: Memory exhaustion on short SCCP packets
Asterisk Security Team
security at asterisk.org
Fri May 19 16:54:57 CDT 2017
Asterisk Project Security Advisory - AST-2017-004
Product Asterisk
Summary Memory exhaustion on short SCCP packets
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Critical
Exploits Known No
Reported On April 13, 2017
Reported By Sandro Gauci
Posted On
Last Updated On April 13, 2017
Advisory Contact George Joseph <gjoseph AT digium DOT com>
CVE Name
Description A remote memory exhaustion can be triggered by sending an
SCCP packet to Asterisk system with âchan_skinnyâ enabled
that is larger than the length of the SCCP header but
smaller than the packet length specified in the header. The
loop that reads the rest of the packet doesnât detect that
the call to read() returned end-of-file before the expected
number of bytes and continues infinitely. The âpartial
dataâ message logging in that tight loop causes Asterisk to
exhaust all available memory.
Resolution If support for the SCCP protocol is not required, remove or
disable the module.
If support for SCCP is required, an upgrade to Asterisk will
be necessary.
Affected Versions
Product Release Series
Asterisk Open Source 11.x Unaffected
Asterisk Open Source 13.x All versions
Asterisk Open Source 14.x All versions
Certified Asterisk 13.13 All versions
Corrected In
Product Release
Asterisk Open Source 13.15.1, 14.4.1
Certified Asterisk 13.13-cert4
Patches
SVN URL Revision
Links
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at http://downloads.digium.com/pub/security/.pdf
and http://downloads.digium.com/pub/security/.html
Revision History
Date Editor Revisions Made
13 April 2017 George Joseph Initial report created
Asterisk Project Security Advisory -
Copyright © 2017 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
More information about the asterisk-security
mailing list