[Full-disclosure] ASA-2007-019: Remote crash vulnerability in Skinny channel driver

2007-08-08T00:00:00
ID SECURITYVULNS:DOC:17717
Type securityvulns
Reporter Securityvulns
Modified 2007-08-08T00:00:00

Description

           Asterisk Project Security Advisory - ASA-2007-019

+------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Remote crash vulnerability in Skinny channel | | | driver | |--------------------+---------------------------------------------------| | Nature of Advisory | Denial of Service | |--------------------+---------------------------------------------------| | Susceptibility | Remote Authenticated Sessions | |--------------------+---------------------------------------------------| | Severity | Moderate | |--------------------+---------------------------------------------------| | Exploits Known | No | |--------------------+---------------------------------------------------| | Reported On | August 7, 2007 | |--------------------+---------------------------------------------------| | Reported By | Wei Wang of McAfee AVERT Labs | |--------------------+---------------------------------------------------| | Posted On | August 7, 2007 | |--------------------+---------------------------------------------------| | Last Updated On | August 7, 2007 | |--------------------+---------------------------------------------------| | Advisory Contact | Jason Parker <jparker@digium.com> | |--------------------+---------------------------------------------------| | CVE Name | | +------------------------------------------------------------------------+

+------------------------------------------------------------------------+ | Description | The Asterisk Skinny channel driver, chan_skinny, has a | | | remotely exploitable crash vulnerability. A segfault can | | | occur when Asterisk receives a | | | "CAPABILITIES_RES_MESSAGE" packet where the capabilities | | | count is greater than the total number of items in the | | | capabilities_res_message array. Note that this requires | | | an authenticated session. | +------------------------------------------------------------------------+

+------------------------------------------------------------------------+ | Resolution | Asterisk code has been modified to limit the incoming | | | capabilities count. | | | | | | Users with configured Skinny devices should upgrade to | | | the appropriate version listed in the corrected in | | | section of this advisory. | +------------------------------------------------------------------------+

+------------------------------------------------------------------------+ | Affected Versions | |------------------------------------------------------------------------| | Product | Release | | | | Series | | |----------------------------------+-------------+-----------------------| | Asterisk Open Source | 1.0.x | Not affected | |----------------------------------+-------------+-----------------------| | Asterisk Open Source | 1.2.x | Not affected | |----------------------------------+-------------+-----------------------| | Asterisk Open Source | 1.4.x | All versions prior to | | | | 1.4.10 | |----------------------------------+-------------+-----------------------| | Asterisk Business Edition | A.x.x | Not affected | |----------------------------------+-------------+-----------------------| | Asterisk Business Edition | B.x.x | Not affected | |----------------------------------+-------------+-----------------------| | AsteriskNOW | pre-release | All versions prior to | | | | beta7 | |----------------------------------+-------------+-----------------------| | Asterisk Appliance Developer Kit | 0.x.x | All versions prior to | | | | 0.7.0 | |----------------------------------+-------------+-----------------------| | s800i (Asterisk Appliance) | 1.0.x | All versions prior to | | | | 1.0.3 | +------------------------------------------------------------------------+

+------------------------------------------------------------------------+ | Corrected In | |------------------------------------------------------------------------| | Product | Release | |---------------+--------------------------------------------------------| | Asterisk Open | 1.4.10, available from | | Source | http://downloads.digium.com/pub/telephony/asterisk | |---------------+--------------------------------------------------------| | AsteriskNOW | Beta7, available from http://www.asterisknow.org/. | | | Beta5 and Beta6 users can update using the system | | | update feature in the appliance control panel. | |---------------+--------------------------------------------------------| | Asterisk | 0.7.0, available from | | Appliance | http://downloads.digium.com/pub/telephony/aadk | | Developer Kit | | |---------------+--------------------------------------------------------| | s800i | 1.0.3 | | (Asterisk | | | Appliance) | | +------------------------------------------------------------------------+

+------------------------------------------------------------------------+ | Links | | +------------------------------------------------------------------------+

+------------------------------------------------------------------------+ | Asterisk Project Security Advisories are posted at | | http://www.asterisk.org/security. | | | | This document may be superseded by later versions; if so, the latest | | version will be posted at | | http://downloads.digium.com/pub/asa/ASA-2007-019.pdf and | | http://downloads.digium.com/pub/asa/ASA-2007-019.html. | +------------------------------------------------------------------------+

+------------------------------------------------------------------------+ | Revision History | |------------------------------------------------------------------------| | Date | Editor | Revisions Made | |--------------------+------------------------+--------------------------| | August 7, 2007 | jparker@digium.com | Initial Release | +------------------------------------------------------------------------+

           Asterisk Project Security Advisory - ASA-2007-019
          Copyright &#40;c&#41; 2007 Digium, Inc. All Rights Reserved.

Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.


Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/