Asterisk Project Security Advisory - AST-2011-007
±-----------------------------------------------------------------------+
| Product | Asterisk |
|---------------------±-------------------------------------------------|
| Summary | Remote Crash Vulnerability in SIP channel driver |
|---------------------±-------------------------------------------------|
| Nature of Advisory | Remote attacker can crash an Asterisk server |
|---------------------±-------------------------------------------------|
| Susceptibility | Remote Authenticated Sessions |
|---------------------±-------------------------------------------------|
| Severity | Moderate |
|---------------------±-------------------------------------------------|
| Exploits Known | No |
|---------------------±-------------------------------------------------|
| Reported On | May 23, 2011 |
|---------------------±-------------------------------------------------|
| Reported By | Jonathan Rose [email protected] |
|---------------------±-------------------------------------------------|
| Posted On | June 02, 2011 |
|---------------------±-------------------------------------------------|
| Last Updated On | June 02, 2011 |
|---------------------±-------------------------------------------------|
| Advisory Contact | Jonathan Rose [email protected] |
|---------------------±-------------------------------------------------|
| CVE Name | CVE-2011-2216 |
±-----------------------------------------------------------------------+
±-----------------------------------------------------------------------+
| Description | If a remote user initiates a SIP call and the recipient |
| | picks up, the remote user can reply with a malformed |
| | Contact header that Asterisk will improperly handle and |
| | cause a crash due to a segmentation fault. |
±-----------------------------------------------------------------------+
±-----------------------------------------------------------------------+
| Resolution | Asterisk now immediately initializes buffer strings |
| | coming into the parse_uri_full function to prevent |
| | outside functions from receiving a NULL value pointer. |
| | This should increase the safety of any function that uses |
| | parse_uri or its wrapper functions which previously would |
| | attempt to work in the presence of a parse_uri failure by |
| | reading off of potentially uninitialized strings. |
±-----------------------------------------------------------------------+
±-----------------------------------------------------------------------+
Affected Versions |
---|
Product |
-------------------------------±---------------±---------------------- |
Asterisk Open Source |
±-----------------------------------------------------------------------+ |
±-----------------------------------------------------------------------+
Corrected In |
---|
Product |
------------------------------------------±---------------------------- |
Asterisk Open Source |
±-----------------------------------------------------------------------+ |
±-----------------------------------------------------------------------+
Patches |
---|
URL |
-----------------------------------------------------------------±----- |
Http://downloads.asterisk.org/pub/security/AST-2011-007-1.8.diff |
±-----------------------------------------------------------------------+ |
±-----------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2011-007.pdf and |
| http://downloads.digium.com/pub/security/AST-2011-007.html |
±-----------------------------------------------------------------------+
±-----------------------------------------------------------------------+
Revision History |
---|
Date |
-------------------±------------------------±------------------------- |
06/02/11 |
±-----------------------------------------------------------------------+ |
Asterisk Project Security Advisory - AST-2011-007
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.