ID CVE-2014-2287 Type cve Reporter NVD Modified 2014-04-21T13:37:29
Description
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.
{"result": {"nessus": [{"id": "ASTERISK_AST_2014_002.NASL", "type": "nessus", "title": "Asterisk SIP File Descriptor Exhaustion with chan_sip Session-Timers DoS (AST-2014-002)", "description": "According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability. \n\nA denial of service flaw exists with the SIP INVITE request handling. It is possible for a remote attacker to use all available file descriptors using SIP INVITE requests. These file descriptors cannot be released without restarting Asterisk, which could allow an attacker to bypass intrusion detection systems. \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2014-03-14T00:00:00", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73020", "cvelist": ["CVE-2014-2287"], "lastseen": "2017-10-29T13:36:13"}, {"id": "DEBIAN_DLA-781.NASL", "type": "nessus", "title": "Debian DLA-781-2 : asterisk regression update", "description": "Brad Barnett found that the recent security update of Asterisk could cause immediate SIP termination due to an incomplete fix for CVE-2014-2287.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1:1.8.13.1~dfsg1-3+deb7u6.\n\nWe recommend that you upgrade your asterisk packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-13T00:00:00", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96459", "cvelist": ["CVE-2014-2287"], "lastseen": "2017-10-29T13:44:02"}, {"id": "MANDRIVA_MDVSA-2014-078.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : asterisk (MDVSA-2014:078)", "description": "Multiple vulnerabilities has been discovered and corrected in asterisk :\n\nSending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request (CVE-2014-2286).\n\nAn attacker can use all available file descriptors using SIP INVITE requests. Asterisk will respond with code 400, 420, or 422 for INVITEs meeting this criteria. Each INVITE meeting these conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly (CVE-2014-2287).\n\nThe updated packages has been upgraded to the 11.8.1 version which is not vulnerable to these issues.", "published": "2014-04-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73582", "cvelist": ["CVE-2014-2286", "CVE-2014-2287"], "lastseen": "2017-10-29T13:37:15"}, {"id": "FREEBSD_PKG_03159886A8A311E38F360025905A4771.NASL", "type": "nessus", "title": "FreeBSD : asterisk -- multiple vulnerabilities (03159886-a8a3-11e3-8f36-0025905a4771)", "description": "The Asterisk project reports :\n\nStack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. You could even exhaust memory if you sent an unlimited number of headers in the request.\n\nDenial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers. An attacker can use all available file descriptors using SIP INVITE requests. Asterisk will respond with code 400, 420, or 422 for INVITEs meeting this criteria. Each INVITE meeting these conditions will leak a channel and several file descriptors. The file descriptors cannot be released without restarting Asterisk which may allow intrusion detection systems to be bypassed by sending the requests slowly.\n\nRemote Crash Vulnerability in PJSIP channel driver. A remotely exploitable crash vulnerability exists in the PJSIP channel driver if the 'qualify_frequency' configuration option is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request. The response handling code wrongly assumes that a PJSIP endpoint will always be associated with an outgoing request which is incorrect.", "published": "2014-03-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72953", "cvelist": ["CVE-2014-2286", "CVE-2014-2287", "CVE-2014-2288"], "lastseen": "2017-10-29T13:43:20"}, {"id": "FEDORA_2014-3762.NASL", "type": "nessus", "title": "Fedora 20 : asterisk-11.8.1-1.fc20 (2014-3762)", "description": "The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security releases are released as versions 1.8.15-cert5, 11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.\n\nThese releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - AST-2014-001: Stack overflow in HTTP processing of Cookie headers.\n\n Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack.\n\n Another vulnerability along similar lines is any HTTP request with a ridiculous number of headers in the request could exhaust system memory.\n\n - AST-2014-002: chan_sip: Exit early on bad session timers request\n\n This change allows chan_sip to avoid creation of the channel and consumption of associated file descriptors altogether if the inbound request is going to be rejected anyway.\n\nAdditionally, the release of 12.1.1 resolves the following issue :\n\n - AST-2014-003: res_pjsip: When handling 401/407 responses don't assume a request will have an endpoint.\n\n This change removes the assumption that an outgoing request will always have an endpoint and makes the authenticate_qualify option work once again.\n\nFinally, a security advisory, AST-2014-004, was released for a vulnerability fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are encouraged to upgrade to 12.1.1 to resolve both vulnerabilities.\n\nThese issues and their resolutions are described in the security advisories.\n\nFor more information about the details of these vulnerabilities, please read security advisories AST-2014-001, AST-2014-002, AST-2014-003, and AST-2014-004, which were released at the same time as this announcement.\n\nFor a full list of changes in the current releases, please see the ChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-1.8.15-cert5 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8.26.1 http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-11.6-cert2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-11.8.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-12.1.1\n\nThe security advisories are available at :\n\n - http://downloads.asterisk.org/pub/security/AST-2014-001.\n pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 2.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 3.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 4.pdf The Asterisk Development Team has announced the release of Asterisk 11.8.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 11.8.0 resolves several issues reported by the community and would have not been possible without your participation.\nThank you!\n\nThe following are the issues resolved in this release :\n\nBugs fixed in this release :\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-03-22T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73141", "cvelist": ["CVE-2014-2286", "CVE-2014-2289", "CVE-2014-2287", "CVE-2014-2288"], "lastseen": "2017-10-29T13:35:46"}, {"id": "GENTOO_GLSA-201405-05.NASL", "type": "nessus", "title": "GLSA-201405-05 : Asterisk: Denial of Service", "description": "The remote host is affected by the vulnerability described in GLSA-201405-05 (Asterisk: Denial of Service)\n\n Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details.\n Impact :\n\n A remote attacker could possibly cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "published": "2014-05-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73861", "cvelist": ["CVE-2014-2286", "CVE-2014-2289", "CVE-2014-2287", "CVE-2014-2288"], "lastseen": "2017-10-29T13:32:46"}, {"id": "FEDORA_2014-3779.NASL", "type": "nessus", "title": "Fedora 19 : asterisk-11.8.1-1.fc19 (2014-3779)", "description": "The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security releases are released as versions 1.8.15-cert5, 11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.\n\nThese releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases\n\nThe release of these versions resolve the following issues :\n\n - AST-2014-001: Stack overflow in HTTP processing of Cookie headers.\n\n Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack.\n\n Another vulnerability along similar lines is any HTTP request with a ridiculous number of headers in the request could exhaust system memory.\n\n - AST-2014-002: chan_sip: Exit early on bad session timers request\n\n This change allows chan_sip to avoid creation of the channel and consumption of associated file descriptors altogether if the inbound request is going to be rejected anyway.\n\nAdditionally, the release of 12.1.1 resolves the following issue :\n\n - AST-2014-003: res_pjsip: When handling 401/407 responses don't assume a request will have an endpoint.\n\n This change removes the assumption that an outgoing request will always have an endpoint and makes the authenticate_qualify option work once again.\n\nFinally, a security advisory, AST-2014-004, was released for a vulnerability fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are encouraged to upgrade to 12.1.1 to resolve both vulnerabilities.\n\nThese issues and their resolutions are described in the security advisories.\n\nFor more information about the details of these vulnerabilities, please read security advisories AST-2014-001, AST-2014-002, AST-2014-003, and AST-2014-004, which were released at the same time as this announcement.\n\nFor a full list of changes in the current releases, please see the ChangeLogs :\n\nhttp://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-1.8.15-cert5 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8.26.1 http://downloads.asterisk.org/pub/telephony/certified-asterisk/release s/ChangeLog-11.6-cert2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-11.8.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-12.1.1\n\nThe security advisories are available at :\n\n - http://downloads.asterisk.org/pub/security/AST-2014-001.\n pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 2.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 3.pdf\n\n - http://downloads.asterisk.org/pub/security/AST-2014-00 4.pdf The Asterisk Development Team has announced the release of Asterisk 11.8.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk\n\nThe release of Asterisk 11.8.0 resolves several issues reported by the community and would have not been possible without your participation.\nThank you!\n\nThe following are the issues resolved in this release :\n\nBugs fixed in this release :\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-03-22T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73142", "cvelist": ["CVE-2014-2286", "CVE-2014-2289", "CVE-2014-2287", "CVE-2014-2288"], "lastseen": "2017-10-29T13:36:35"}], "seebug": [{"id": "SSV:61784", "type": "seebug", "title": "Asterisk SIP INVITE\u8bf7\u6c42\u5904\u7406\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "description": "CVE ID:CVE-2014-2287\r\n\r\nAsterisk\u662f\u4e00\u6b3e\u5b9e\u73b0\u7535\u8bdd\u7528\u6237\u4ea4\u6362\u673a\uff08PBX\uff09\u529f\u80fd\u7684\u81ea\u7531\u8f6f\u4ef6\u3001\u5f00\u6e90\u8f6f\u4ef6\u3002\r\n\r\nAsterisk\u5904\u7406\u7279\u5236\u7684SIP INVITE\u8bf7\u6c42\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u7531\u4e8e\u6ca1\u6709\u6b63\u786e\u91ca\u653e\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u6076\u610f\u8bf7\u6c42\u6d88\u8017\u5b8c\u6240\u6709\u53ef\u7528\u6587\u4ef6\u63cf\u8ff0\u7b26\uff0c\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\n0\nAsterisk Open Source 1.8.26.0\r\nAsterisk Open Source 11.8.0\r\nAsterisk Open Source 12.1.0\r\nCertified Asterisk 1.8.15-cert4\r\nCertified Asterisk 11.6-cert1\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nAsterisk\r\n-----\r\nAsterisk Open Source 1.8.26.1, 11.8.1, 12.1.1\u548cCertified Asterisk1.8.15-cert4\uff0c11.6-cert1\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.asterisk.org/", "published": "2014-03-13T00:00:00", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-61784", "cvelist": ["CVE-2014-2287"], "lastseen": "2017-11-19T17:31:02"}], "openvas": [{"id": "OPENVAS:867628", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2014-3762", "description": "Check for the Version of asterisk", "published": "2014-03-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=867628", "cvelist": ["CVE-2014-2286", "CVE-2014-2287"], "lastseen": "2017-07-25T10:48:18"}, {"id": "OPENVAS:867624", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2014-3779", "description": "Check for the Version of asterisk", "published": "2014-03-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=867624", "cvelist": ["CVE-2014-2286", "CVE-2014-2287"], "lastseen": "2017-07-25T10:48:34"}, {"id": "OPENVAS:1361412562310867624", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2014-3779", "description": "Check for the Version of asterisk", "published": "2014-03-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867624", "cvelist": ["CVE-2014-2286", "CVE-2014-2287"], "lastseen": "2018-04-09T11:12:19"}, {"id": "OPENVAS:1361412562310867628", "type": "openvas", "title": "Fedora Update for asterisk FEDORA-2014-3762", "description": "Check for the Version of asterisk", "published": "2014-03-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867628", "cvelist": ["CVE-2014-2286", "CVE-2014-2287"], "lastseen": "2018-04-09T11:11:24"}, {"id": "OPENVAS:1361412562310121180", "type": "openvas", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201405-05", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201405-05", "published": "2015-09-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121180", "cvelist": ["CVE-2014-2286", "CVE-2014-2289", "CVE-2014-2287", "CVE-2014-2288"], "lastseen": "2018-04-09T11:30:13"}], "freebsd": [{"id": "03159886-A8A3-11E3-8F36-0025905A4771", "type": "freebsd", "title": "asterisk -- multiple vulnerabilities", "description": "\nThe Asterisk project reports:\n\nStack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP\n\t request that is handled by Asterisk with a large number of Cookie\n\t headers could overflow the stack. You could even exhaust memory if you\n\t sent an unlimited number of headers in the request.\nDenial of Service Through File Descriptor Exhaustion with chan_sip\n\t Session-Timers. An attacker can use all available file descriptors\n\t using SIP INVITE requests. Asterisk will respond with code 400, 420,\n\t or 422 for INVITEs meeting this criteria.\n\t Each INVITE meeting these conditions will leak a channel and several\n\t file descriptors. The file descriptors cannot be released without\n\t restarting Asterisk which may allow intrusion detection systems to be\n\t bypassed by sending the requests slowly.\nRemote Crash Vulnerability in PJSIP channel driver. A remotely\n\t exploitable crash vulnerability exists in the PJSIP channel driver if\n\t the \"qualify_frequency\" configuration option is enabled on an AOR and\n\t the remote SIP server challenges for authentication of the resulting\n\t OPTIONS request. The response handling code wrongly assumes that a\n\t PJSIP endpoint will always be associated with an outgoing request which\n\t is incorrect.\n\n", "published": "2014-03-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/03159886-a8a3-11e3-8f36-0025905a4771.html", "cvelist": ["CVE-2014-2286", "CVE-2014-2287", "CVE-2014-2288"], "lastseen": "2016-09-26T17:24:25"}], "gentoo": [{"id": "GLSA-201405-05", "type": "gentoo", "title": "Asterisk: Denial of Service", "description": "### Background\n\nAsterisk is an open source telephony engine and toolkit.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers and Asterisk Project Security Advisories referenced below for details. \n\n### Impact\n\nA remote attacker could possibly cause a Denial of Service condition.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Asterisk 11.* users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/asterisk-11.8.1\"\n \n\nAll Asterisk 1.8.* users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/asterisk-1.8.26.1\"", "published": "2014-05-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201405-05", "cvelist": ["CVE-2014-2286", "CVE-2014-2289", "CVE-2014-2287", "CVE-2014-2288"], "lastseen": "2016-09-06T19:46:54"}]}}
