[asterisk-users] AST-2011-001: Stack buffer overflow in SIP channel driver
Marc Leurent
lftsy at leurent.eu
Wed Jan 19 02:14:55 CST 2011
Good morning,
I have a simple question,
Is this problem would affect also an Asterisk 1.4.38 if "Pedantic SIP support: No" in the Global Signalling Settings
For what I understood, no..
Or is it a simple way to postpone upgrade until next planned upgrade.
Best Regards
Le mardi 18 janvier 2011 17:35:31, Asterisk Security Team a écrit :
> Asterisk Project Security Advisory - AST-2011-001
>
> Product Asterisk
> Summary Stack buffer overflow in SIP channel driver
> Nature of Advisory Exploitable Stack Buffer Overflow
> Susceptibility Remote Authenticated Sessions
> Severity Moderate
> Exploits Known No
> Reported On January 11, 2011
> Reported By Matthew Nicholson
> Posted On January 18, 2011
> Last Updated On January 18, 2011
> Advisory Contact Matthew Nicholson <mnicholson at digium.com>
> CVE Name
>
> Description When forming an outgoing SIP request while in pedantic mode, a
> stack buffer can be made to overflow if supplied with
> carefully crafted caller ID information. This vulnerability
> also affects the URIENCODE dialplan function and in some
> versions of asterisk, the AGI dialplan application as well.
> The ast_uri_encode function does not properly respect the size
> of its output buffer and can write past the end of it when
> encoding URIs.
>
> Resolution The size of the output buffer passed to the ast_uri_encode
> function is now properly respected.
>
> In asterisk versions not containing the fix for this issue,
> limiting strings originating from remote sources that will be
> URI encoded to a length of 40 characters will protect against
> this vulnerability.
>
> exten => s,1,Set(CALLERID(num)=${CALLERID(num):0:40})
> exten => s,n,Set(CALLERID(name)=${CALLERID(name):0:40})
> exten => s,n,Dial(SIP/channel)
>
> The CALLERID(num) and CALLERID(name) channel values, and any
> strings passed to the URIENCODE dialplan function should be
> limited in this manner.
>
> Affected Versions
> Product Release Series
> Asterisk Open Source 1.2.x All versions
> Asterisk Open Source 1.4.x All versions
> Asterisk Open Source 1.6.x All versions
> Asterisk Open Source 1.8.x All versions
> Asterisk Business Edition C.x.x All versions
> AsteriskNOW 1.5 All versions
> s800i (Asterisk Appliance) 1.2.x All versions
>
> Corrected In
> Product Release
> Asterisk Open Source 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1,
> 1.6.2.16.1, 1.8.1.2, 1.8.2.1
> Asterisk Business Edition C.3.6.2
>
> Patches
> URL Branch
> http://downloads.asterisk.org/pub/security/AST-2011-001-1.4.diff 1.4
> http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.1.diff 1.6.1
> http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff 1.6.2
> http://downloads.asterisk.org/pub/security/AST-2011-001-1.8.diff 1.8
>
> Asterisk Project Security Advisories are posted at
> http://www.asterisk.org/security
>
> This document may be superseded by later versions; if so, the latest
> version will be posted at
> http://downloads.digium.com/pub/security/AST-2011-001.pdf and
> http://downloads.digium.com/pub/security/AST-2011-001.html
>
> Revision History
> Date Editor Revisions Made
> 2011-01-18 Matthew Nicholson Initial Release
>
> Asterisk Project Security Advisory - AST-2011-001
> Copyright (c) 2011 Digium, Inc. All Rights Reserved.
> Permission is hereby granted to distribute and publish this advisory in its
> original, unaltered form.
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list