[asterisk-users] AST-2011-001: Stack buffer overflow in SIP channel driver

Kevin P. Fleming kpfleming at digium.com
Tue Jan 18 11:06:15 CST 2011


On 01/18/2011 10:53 AM, Jeff LaCoursiere wrote:
>
>
>
> On Tue, 18 Jan 2011, Asterisk Security Team wrote:
>
>> Asterisk Project Security Advisory - AST-2011-001
>>
>> Product Asterisk
>> Summary Stack buffer overflow in SIP channel driver
>> Nature of Advisory Exploitable Stack Buffer Overflow
>> Susceptibility Remote Authenticated Sessions
>> Severity Moderate
>> Exploits Known No
>> Reported On January 11, 2011
>> Reported By Matthew Nicholson
>> Posted On January 18, 2011
>> Last Updated On January 18, 2011
>> Advisory Contact Matthew Nicholson <mnicholson at digium.com>
>> CVE Name
>>
>> Description When forming an outgoing SIP request while in pedantic
>> mode, a
>> stack buffer can be made to overflow if supplied with
>> carefully crafted caller ID information. This vulnerability
>> also affects the URIENCODE dialplan function and in some
>> versions of asterisk, the AGI dialplan application as well.
>> The ast_uri_encode function does not properly respect the size
>> of its output buffer and can write past the end of it when
>> encoding URIs.
>>
>
> Am I correct in assuming this is only exploitable by registered endpoints?

As the advisory says, anyone who can place an authenticated call (if 
authentication is required) can exploit it. Whether an endpoint is 
registered or not has nothing to do with whether it can place calls; 
registration is for delivery of calls to the endpoint.

-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
skype: kpfleming | jabber: kfleming at digium.com
Check us out at www.digium.com & www.asterisk.org



More information about the asterisk-users mailing list